Cloud native EDA tools & pre-optimized hardware platforms
This research was, in part, funded by the U.S. Government. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the U.S. Government.
Over the years, we’ve had the pleasure of collaborating with numerous defense contractors, silicon foundries and universities to develop cutting-edge chipset design, verification and IP technologies.
Recently we add to that legacy, with the announcement that the Defense Advanced Research Projects Agency (DARPA) has selected Synopsys as a Prime Contractor for the Automatic Implementation of Secure Silicon (AISS) program.
Over the next four years, we have been tasked with bringing security to the forefront of the chipset design process that has been previously hyper-focused on performance and cost objectives. Not only that, but the final “security-aware” EDA tools developed are expected to accelerate the time-to-market timeline from architecture to security-hardened product from one year to one week.
In addition to this shorter timeline, the level of design automation included in this project’s scope is unusual in the best sense of the word.
While traditional integrated circuit designs (and related IC workflow) are usually focused on delivering functional performance objectives at a reasonable cost, they don’t often start from a foundation of security.
That foundation of security begins early in the hardware development process, well below the software layer. Synopsys DesignWare® Security IP, integrated in the expected DARPA system on a chip (SoC), will provide the ‘root of trust’ tuned for the target application, enabling chip manufacturers and their OEM/ODM customers to create a strong cryptographic device identity that is permanently bound to that unique device instance.
Through the AISS program, Synopsys will be on the ground floor of creating secure silicon architecture for a huge variety of applications. The end product could allow non-expert designers to engage in silicon engineering that is automatically optimized to achieve performance goals in power, area, speed and security.
So, what are we really fighting against in the cybersecurity arena? The program focuses on side channel attacks, hardware Trojans, reverse engineering and supply chain attacks. This last class of attacks is key.
That’s because it’s desirable for military and aerospace products to be able to take advantage of the best semiconductor technology available. As the semiconductor industry becomes more globalized and complex, international horizontal specialists such as foundry providers come into the picture. This could leave the silicon vulnerable to an increased risk of attacks through compromised suppliers. So, the importance of security-first design increases.
Strategies such as logic blocking (splitting where the knowledge is and what functionality is available to the silicon) and logic obfuscation are vital in protecting the SoC.
It’s clear that our current collaboration with DARPA’s AISS program is expected to have a lasting effect in a world that is prioritizing security in the chip development and manufacturing process more than ever before.
As part of the four-year AISS program, Synopsys will collaborate with commercial and university experts, including Arm, Boeing, UltraSoC, University of Florida Institute for Cyber Security (FICS), Texas A&M University and University of California San Diego.
These partners bring with them world-class facilities, top-notch researchers, and technologies that allow our team to examine what’s really going on inside the chip and flag aberrant behaviors indicative of an impending cybersecurity attack. Additionally, they bring real-world use cases from the aerospace industry, first-hand understanding of the market’s needs, and more.
The outstanding mix of talent and expertise that is being poured into solving these problems is representative of how challenging the end goal truly is; the brainpower and pre-competitive cooperation is necessary to deliver a never-before-seen working environment in which government users can automate the building of secure silicon while meeting key performance objectives.
It’s no secret that the commercial world trails the military and aerospace world in terms of security technology adoption. While there will be technology that Synopsys develops over the course of this program that is unique to the final deliverable, there will certainly be other facets that have broad market applicability.
This program is, in part, setting the stage for what the security embedded in our future products will look like in five to 15 years.
Even today, some of the commercial companies we work with are becoming sensitive to these ideas as IoT security risks become more of a concern. We are seeing more companies starting to build into their planning processes the idea that security will be both a moving target, one in which their requirements increase constantly over time as more vulnerabilities are exploited and connectivity between IoT devices explodes.
One of the benefits of this program is that the design community will see the results of leveraging the technologies of the three participating Synopsys business units – Design, Verification, and Solutions (IP). These three groups working together can provide more complete and seamless solutions to security challenges faced by our customers than by working apart. Security in silicon, IP, and tools extends from design, manufacturing, system integration and fielded systems all the way to end of life. As the AISS program progresses, increasing amounts of automation are expected to make it easier and more efficient for designers to explore the tradeoffs between security and traditional IC design parameters of power, area and speed.
This will lead to future synergistic products that will intersect markets and go beyond applications in defense, as security becomes an ever more essential requirement in many industries, including critical infrastructure, data centers, IoT software and automotive. The ultimate result will be more chips that have reliably higher security while meeting their other functional and performance objectives.