CAD for Security Workshop

December 5, 2021


Co-located with DAC 2021

Program Chair:

Farimah Farahmandi, Florida Institute for Cybersecurity (FICS) Research,

General Chair:

Mark Tehranipoor, Florida Institute for Cybersecurity (FICS) Research.

Security vulnerabilities in hardware designs are catastrophic since it is almost impossible to patch them once they are fabricated.  Recent studies have shown many vulnerabilities in SoC hardware implementations, including side-channel leakage, information leakage, access control violations, malicious functionality, etc. These attacks can effectively bypass the security mechanisms built at the software level and put chips or systems at risk. Ensuring the security of hardware designs is challenging due to their huge complexity, aggressive time to markets, and the variety of attacks introduced against hardware designs. Since designers may not have sufficient knowledge about the security requirements due to the huge complexity of SoC designs and their attack surfaces, it is difficult to manually analyze the design implementation in different levels of abstractions to identify potential vulnerabilities. Moreover, it is very costly for a design house to keep a large number of security experts with in-depth design knowledge with diverse security implications. Therefore, the semiconductor industry and system integrators are looking for a set of metrics, reusable security solutions, and automatic computer-aided design (CAD) tools to aid analysis, identifying, root-causing, and mitigating SoC security problems.

Vulnerabilities in SoCs are due to design mistakes, lack of security understandings, design transformations, various attack surfaces, and malicious intents. Further, exiting CAD tools are used in SoC design flow can introduce additional vulnerabilities in the SoCs unintentionally. For example, some design practices/choices may make the design vulnerable to timing and power side-channel leakage. Not only will these vulnerabilities move from one level of abstraction to another, but unique vulnerabilities can also be introduced during design transformations. For example, an RTL design with power side-channel issues can suffer from access control issues when it is synthesized to gate-level, and design-for-debug infrastructure will be inserted. Therefore, it is essential to have automatic CAD solutions to be able to analyze the security of SoCs in a comprehensive manner, in all levels of abstractions, and against all existing threats (e.g., fault-injection, side-channel, and hardware Trojan attacks).  CAD tools should be able to access the security of the design in the pre-silicon stage and suggest possible countermeasures while still it is possible to modify the design and address the potential vulnerabilities.

Considering the above challenges and potential solutions, we will invite experts from industry (like Synopsys, Cadence, Google, Analog Devices, Mentor Graphics, etc.), academia, and government (like DARPA, NAVY, AFRL, etc. agencies) to shed light on the need for and the recent progress on the development of automatic security CAD solutions in all levels of abstractions (i.e., C/C++, RTL, gate-level, and layout). The workshop will include demos on the recent CAD for security tools to detect various vulnerabilities. There will be a panel consists of experts in the field to talk about the road map for CAD for security development.  The CAD4Sec workshop will contain several technical talks on the scope of metrics and CAD as the following:

  • CAD for power-side channel vulnerability assessment 
  • CAD for timing-side channel vulnerability assessment 
  • CAD for electromagnetic radiation vulnerability assessment 
  • CAD for fault-injection vulnerability evaluation
  • CAD for automatic security property generation
  • CAD for security equivalence checking between different design abstractions
  • CAD for security equivalence checking between different SoCs
  • CAD for Optical/microprobing/nanoprobing probing for assurance
  • CAD for (Anti-)Reverse engineering and physical attacks
  • CAD for FPGA Bitstream protection and vulnerabilities
  • CAD for Trojans and backdoors: Detection and prevention
  • CAD for physical assurance