A survey of frequently identified vulnerabilities in commercial computing semiconductors

Abstract

This paper summarizes the high level approach taken to security validation by design teams at a CPU Semiconductor manufacturer from architecture, through design, simulation and post-si testing. We review several functional areas that in our experience frequently yield vulnerabilities, describe some of the issues commonly found there, and touch on why these areas can be problematic. By highlighting these issues we hope to encourage future work in academia and industry on techniques to better find, mitigate, or prevent these problems.