Required Policies and Properties of the Security Engine of an SoC

2021 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS) Pub Date : 2021-12-01 DOI:10.1109/iSES52644.2021.00100

Sajeed Mohammad, Mridha Md Mashahedur Rahman, Farimah Farahmandi

{"title":"Required Policies and Properties of the Security Engine of an SoC","authors":"Sajeed Mohammad, Mridha Md Mashahedur Rahman, Farimah Farahmandi","doi":"10.1109/iSES52644.2021.00100","DOIUrl":null,"url":null,"abstract":"With the increasing complexity of system-on-chip (SoC) designs, security has become a vital requirement. The confidentiality and integrity of critical information, access controls as well as chip authentication at both software and hardware levels should be guaranteed for SoCs. A secure and trusted component is necessary to provide those required security and trust mechanisms in SoCs. The goal of this component is to provide support for security-critical operations and functionalities like provisioning and protection of assets, watermark generation, intellectual property (IP) unlocking, as well as providing isolation at the hardware and software levels. In this paper, we provide a comprehensive overview of the requirements and components for the design of a root-of-trust (RoT) termed as Security Engine that protects against various attacks at the manufacturing floor and during in-field operations while providing security-critical functionalities and features. In addition to that, we identify several critical protocols and security policies for RoT. Policies ensure secure operations and safe transfer of assets while maintaining confidentiality and integrity. Policies are in the form of access control, data integrity and retention, encryption, and asset management for a Security Engine. Similarly, we identify several critical functionalities and protocols of the SoC development like secure boot, self-test, provisioning protocols, security IPs, watermark generation, secure debug, etc., and give a conceivable solution for every one of them with the assistance of the proposed Security Engine while making not many presumptions. Policies and protocols can be implemented in hardware and software with minimum overhead. They can also be checked and enforced by integrating them into the firmware code of the RoT processor. Moreover, this paper will define different types of security policies like access control, data integrity and retention, encryption, and asset management policy for a Security Engine, which is the hub of security operations in an SoC.","PeriodicalId":293167,"journal":{"name":"2021 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/iSES52644.2021.00100","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

With the increasing complexity of system-on-chip (SoC) designs, security has become a vital requirement. The confidentiality and integrity of critical information, access controls as well as chip authentication at both software and hardware levels should be guaranteed for SoCs. A secure and trusted component is necessary to provide those required security and trust mechanisms in SoCs. The goal of this component is to provide support for security-critical operations and functionalities like provisioning and protection of assets, watermark generation, intellectual property (IP) unlocking, as well as providing isolation at the hardware and software levels. In this paper, we provide a comprehensive overview of the requirements and components for the design of a root-of-trust (RoT) termed as Security Engine that protects against various attacks at the manufacturing floor and during in-field operations while providing security-critical functionalities and features. In addition to that, we identify several critical protocols and security policies for RoT. Policies ensure secure operations and safe transfer of assets while maintaining confidentiality and integrity. Policies are in the form of access control, data integrity and retention, encryption, and asset management for a Security Engine. Similarly, we identify several critical functionalities and protocols of the SoC development like secure boot, self-test, provisioning protocols, security IPs, watermark generation, secure debug, etc., and give a conceivable solution for every one of them with the assistance of the proposed Security Engine while making not many presumptions. Policies and protocols can be implemented in hardware and software with minimum overhead. They can also be checked and enforced by integrating them into the firmware code of the RoT processor. Moreover, this paper will define different types of security policies like access control, data integrity and retention, encryption, and asset management policy for a Security Engine, which is the hub of security operations in an SoC.

查看原文本刊更多论文

SoC安全引擎所需的策略和属性

随着片上系统(SoC)设计的日益复杂，安全性已成为一个至关重要的要求。关键信息的保密性和完整性、访问控制以及芯片认证在软件和硬件层面都应该得到保证。要在soc中提供所需的安全和信任机制，安全且受信任的组件是必要的。该组件的目标是为安全关键操作和功能提供支持，如资产的配置和保护、水印生成、知识产权(IP)解锁，以及在硬件和软件级别提供隔离。在本文中，我们提供了被称为安全引擎的信任根(RoT)设计的需求和组件的全面概述，该安全引擎可以在生产车间和现场操作期间防止各种攻击，同时提供安全关键功能和特性。除此之外，我们还确定了RoT的几个关键协议和安全策略。策略确保安全操作和安全转移资产，同时保持机密性和完整性。策略的形式包括访问控制、数据完整性和保留、加密以及安全引擎的资产管理。同样，我们确定了SoC开发的几个关键功能和协议，如安全启动，自检，配置协议，安全ip，水印生成，安全调试等，并在建议的安全引擎的帮助下为每个人提供一个可想象的解决方案，同时没有太多的假设。策略和协议可以在硬件和软件中以最小的开销实现。还可以通过将它们集成到RoT处理器的固件代码中来检查和执行它们。此外，本文将为安全引擎定义不同类型的安全策略，如访问控制、数据完整性和保留、加密和资产管理策略，安全引擎是SoC中安全操作的中心。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS)

自引率

0.00%

发文量