{"title":"SoC安全引擎所需的策略和属性","authors":"Sajeed Mohammad, Mridha Md Mashahedur Rahman, Farimah Farahmandi","doi":"10.1109/iSES52644.2021.00100","DOIUrl":null,"url":null,"abstract":"With the increasing complexity of system-on-chip (SoC) designs, security has become a vital requirement. The confidentiality and integrity of critical information, access controls as well as chip authentication at both software and hardware levels should be guaranteed for SoCs. A secure and trusted component is necessary to provide those required security and trust mechanisms in SoCs. The goal of this component is to provide support for security-critical operations and functionalities like provisioning and protection of assets, watermark generation, intellectual property (IP) unlocking, as well as providing isolation at the hardware and software levels. In this paper, we provide a comprehensive overview of the requirements and components for the design of a root-of-trust (RoT) termed as Security Engine that protects against various attacks at the manufacturing floor and during in-field operations while providing security-critical functionalities and features. In addition to that, we identify several critical protocols and security policies for RoT. Policies ensure secure operations and safe transfer of assets while maintaining confidentiality and integrity. Policies are in the form of access control, data integrity and retention, encryption, and asset management for a Security Engine. Similarly, we identify several critical functionalities and protocols of the SoC development like secure boot, self-test, provisioning protocols, security IPs, watermark generation, secure debug, etc., and give a conceivable solution for every one of them with the assistance of the proposed Security Engine while making not many presumptions. Policies and protocols can be implemented in hardware and software with minimum overhead. They can also be checked and enforced by integrating them into the firmware code of the RoT processor. Moreover, this paper will define different types of security policies like access control, data integrity and retention, encryption, and asset management policy for a Security Engine, which is the hub of security operations in an SoC.","PeriodicalId":293167,"journal":{"name":"2021 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Required Policies and Properties of the Security Engine of an SoC\",\"authors\":\"Sajeed Mohammad, Mridha Md Mashahedur Rahman, Farimah Farahmandi\",\"doi\":\"10.1109/iSES52644.2021.00100\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the increasing complexity of system-on-chip (SoC) designs, security has become a vital requirement. The confidentiality and integrity of critical information, access controls as well as chip authentication at both software and hardware levels should be guaranteed for SoCs. A secure and trusted component is necessary to provide those required security and trust mechanisms in SoCs. The goal of this component is to provide support for security-critical operations and functionalities like provisioning and protection of assets, watermark generation, intellectual property (IP) unlocking, as well as providing isolation at the hardware and software levels. In this paper, we provide a comprehensive overview of the requirements and components for the design of a root-of-trust (RoT) termed as Security Engine that protects against various attacks at the manufacturing floor and during in-field operations while providing security-critical functionalities and features. In addition to that, we identify several critical protocols and security policies for RoT. Policies ensure secure operations and safe transfer of assets while maintaining confidentiality and integrity. Policies are in the form of access control, data integrity and retention, encryption, and asset management for a Security Engine. Similarly, we identify several critical functionalities and protocols of the SoC development like secure boot, self-test, provisioning protocols, security IPs, watermark generation, secure debug, etc., and give a conceivable solution for every one of them with the assistance of the proposed Security Engine while making not many presumptions. Policies and protocols can be implemented in hardware and software with minimum overhead. They can also be checked and enforced by integrating them into the firmware code of the RoT processor. Moreover, this paper will define different types of security policies like access control, data integrity and retention, encryption, and asset management policy for a Security Engine, which is the hub of security operations in an SoC.\",\"PeriodicalId\":293167,\"journal\":{\"name\":\"2021 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/iSES52644.2021.00100\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/iSES52644.2021.00100","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Required Policies and Properties of the Security Engine of an SoC
With the increasing complexity of system-on-chip (SoC) designs, security has become a vital requirement. The confidentiality and integrity of critical information, access controls as well as chip authentication at both software and hardware levels should be guaranteed for SoCs. A secure and trusted component is necessary to provide those required security and trust mechanisms in SoCs. The goal of this component is to provide support for security-critical operations and functionalities like provisioning and protection of assets, watermark generation, intellectual property (IP) unlocking, as well as providing isolation at the hardware and software levels. In this paper, we provide a comprehensive overview of the requirements and components for the design of a root-of-trust (RoT) termed as Security Engine that protects against various attacks at the manufacturing floor and during in-field operations while providing security-critical functionalities and features. In addition to that, we identify several critical protocols and security policies for RoT. Policies ensure secure operations and safe transfer of assets while maintaining confidentiality and integrity. Policies are in the form of access control, data integrity and retention, encryption, and asset management for a Security Engine. Similarly, we identify several critical functionalities and protocols of the SoC development like secure boot, self-test, provisioning protocols, security IPs, watermark generation, secure debug, etc., and give a conceivable solution for every one of them with the assistance of the proposed Security Engine while making not many presumptions. Policies and protocols can be implemented in hardware and software with minimum overhead. They can also be checked and enforced by integrating them into the firmware code of the RoT processor. Moreover, this paper will define different types of security policies like access control, data integrity and retention, encryption, and asset management policy for a Security Engine, which is the hub of security operations in an SoC.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
