摘要
随着SoC芯片规模以及复杂度的提高,在设计时大量采用第三方IP集成,且OEM代工、分离制造和测试封装等生产方式,使得在整个芯片的制造周期都存在安全隐患,如被植入硬件木马或存在未知系统漏洞。特别是当芯片中存在运行时触发的恶意电路或在运行时遭到软硬件联合攻击,将对芯片功能以及数据安全造成严重破坏。传统的芯片检查方法难以检测运行时的攻击及故障,文中提出了一种芯片运行时安全检查架构,由策略引擎和IP包装器组成。通过配置策略引擎中的策略检查电路,在系统运行时可对芯片执行相应的安全检查并实时报告检查结果。文中搭建了基于RISC-V处理器的SoC系统,并在其中实现了安全策略检查架构,给出了时间复杂度、资源及功耗开销情况,证明设计的可行性。
With the increase in the scale and complexity of SoC chips,a large number of third-party IP are used in design integrations.Production methods such as OEM foundry,separate manufacturing,and test packaging introduce security risks during the entire chip manufacturing cycle,such as Hardware trojan or unknown system vulnerability.Especially when there is a malicious circuit triggered or a combined hardware and software attack during the chip operation,it will cause serious damage to the chip function and data security.Traditional chip inspection methods are difficult to detect attacks and faults during runtime.The article proposes a security checking architecture which is applied to chip for runtime inspection.The architecture proposed in this article consists of a policy engine and a few IP wrappers.By configuring a policy checking module in the policy engine,the system can perform the corresponding security checking on the chip while the system is running and report the results by interrupts.A SoC system based on RISC-V processor was built in this paper,and the security policy checking architecture is implemented.The time complexity,resources and power consumption are given,which proves the feasibility of the proposed work.
作者
闫华钰
陈岚
李莹
佟鑫
YAN Huayu;CHEN Lan;LI Ying;TONG Xin(Institute of Microelectronics,Chinese Academy of Sciences,Beijing 100029,China;University of Chinese Academy of Sciences,Beijing 100049,China)
出处
《电子设计工程》
2021年第3期7-12,17,共7页
Electronic Design Engineering
基金
国家重大专项资助(2018ZX03001006-002)
北京市科技专项:科技新星与领军人才资助(Z171100001117147)。
关键词
安全架构
安全策略
运行时
可配置
系统级检查
策略状态机
security architecture
security policy
runtime
configurable
system-level check
policy state machine
