A Framework for Design, Verification, and Management of SoC Access Control Systems

Abstract

System-on-chip (SoC) architectures are a heterogeneous mix of microprocessors, custom accelerators, memories, interfaces, peripherals, and other resources. These resources communicate using complex on-chip interconnect networks that attempt to quickly and efficiently arbitrate memory transactions whose behaviors can vary drastically depending on the current mode of operation and system operating state. Security- and safety-critical applications require access control policies that define how these resources interact to ensure that malicious and unsafe behaviors do not occur. <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Aker</small> is a design and verification framework for on-chip access control. The core of <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Aker</small> is the access control wrapper (ACW)–a high-performance yet efficient hardware module that dynamically arbitrates on-chip communications. <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Aker</small> distributes ACWs across the SoC and programs them to perform local access control. <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Aker</small> provides a firmware generation tool and a property-driven security verification methodology to ensure that the ACWs are properly integrated and configured. <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Aker</small> security verification confirms that the ACW behaves properly at IP level. It verifies the hardware root of trust firmware configures the ACW correctly. And it evaluates system-level security threats due to interactions between shared resources. <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Aker</small> is experimentally validated on a Xilinx UltraScale+ programmable SoC. Additionally, an <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Aker</small> access control system is integrated into the OpenPULP multicore archtiecture that uses OpenTitan hardware root-of-trust for firmware configuration.