Daniel J. Weyer

Process reliability based trojans through NBTI and HCI effects

In this paper, we introduce the notion of process reliability based trojans which reduce the reliability of integrated circuits through malicious alterations of the manufacturing process conditions. In contrast to hardware/software trojans which either alter the circuitry or functionality of the IC respectively, the process reliability trojans appear as a result of alterations in the fabrication process steps. The reduction in reliability is caused by acceleration of the wearing out mechanisms for CMOS transistors, such as Negative Bias Temperature Instability (NBTI) or Hot Carrier Injection (HCI). The minor manufacturing process changes can result in creation of infected ICs with a much shorter lifetime that are difficult to detect. Such infected ICs fail prematurely and might lead to catastrophic consequences. The paper describes possible process alterations for both NBTI and HCI mechanisms that might result in creation of process reliability trojans. The paper also explores some possible detection techniques that can help identify the hidden trojans and discusses the various scenarios when process reliability based trojans lead to severe damages.

Dynamic evaluation of hardware trust

Current research into Trojan detection suggests that exhaustive Trojan detection in a chip during limited manufacturing test time is an extremely difficult problem. Indeed, an especially nefarious form of Trojan known as the time bomb has a payload activated in a delayed manner making it extremely hard to detect. As a result, chip trust detection at manufacturing test time may not be adequate especially for critical applications. This suggests that some form of dynamic trust detection of the chip both preliminary (possibly during a preproduction phase) and during in-field use at run time is required. We explore an approach to this problem that combines multicore hardware with dynamic distributed software scheduling to determine hardware trust during in-field use at run time. Our approach involves the scheduling and execution of functionally equivalent variants (obtained by different compilations, or different algorithm variations) simultaneously on different PEs and comparing the results. The process dynamically achieves trust determination by identifying the existence of Trojans with a high level of confidence.

A supply-demand model based scalable energy management system for improved energy utilization efficiency

Harvesting energy from the environment can play an important role in reducing the dependency of an electronic system to primary energy sources (i.e. AC power or battery). For reliable and efficient energy harvesting while assuring best user experience, it is important to manage, route and match the harvested energy with the demand of various energy sources. In the most general case, multiple different energy sources can be used to provide energy to multiple different energy users. In this work, we propose a scalable rule-based energy management system for managing the acquisition, mixing, delivery and storage of energy for arbitrary collection of energy sources and users, which are characterized with different energy generation and consumption parameters. The system uses economics inspired supply-demand model for efficiently managing energy distribution between a set of energy sources and users. The energy allocation procedure tries to maximize the energy utilization efficiency of the sources while satisfying the demand of the users in order of their associated priorities, without starving an already allocated user. Simulation results for example scenarios show the effectiveness of the proposed approach for improving the energy utilization and lifetime of the energy sources.

A robust authentication methodology using physically unclonable functions in DRAM arrays

The high availability of DRAM in either embedded or stand-alone form make it a target for counterfeit attacks. In this paper, we propose a robust authentication methodology against counterfeiting. The authentication is performed by exploiting the intrinsic process variation in write reliability of DRAM cells. Extensive Monte Carlo simulations performed in HSPICE show that the proposed authentication methodology provides high uniqueness of 50.01% average inter-die Hamming distance and good robustness under temporal fluctuations in supply voltage, temperature, and ageing effect over a 10-year lifetime.

Cross-correlation of specification and RTL for soft IP analysis

Semiconductor companies often use 3rd party IPs in order to improve their design productivity. In practice, there are risks involved in using a 3rd party IP as bugs may creep in due to versioning issues, poor documentation, and mismatches between specification and RTL. As a result of this, 3rd party IP specification and RTL must be carefully evaluated. Our methodology addresses this issue, which cross-correlates specification and RTL to discover these discrepancies. The key innovative ideas in our approach are to use prior and trusted experience about designs, which include their specs and RTL code. Also, we have captured this trusted experience into two knowledge bases (KB), Spec-KB and RTL-KB. Finally, knowledge base rules are used to cross-correlate the RTL blocks to the specs. We have tested our approach by analyzing several 3rd party IPs. We have defined metrics for specification coverage and RTL identification coverage to quantify our results.

Knowledge-Guided Methodology for Third-Party Soft IP Analysis

In System-on-Chip designs, third party IP reuse is prevalent as it increases productivity and reduces time-to-market. These IPs can be classified as untrusted designs since the user has no insight into IP verification or quality control process. In practice, it is generally assumed that the IP has been functionally validated by developers and thorough verification at user end is not performed. In the current state-of-the-art, lint tools are primarily used to determine IP design quality. These tools pinpoint design issues by performing static analysis of RTL code but have a limitation that they do not perform behavioral analysis. In this paper, we present a knowledge-guided methodology, which identifies RTL behavior by finding correspondences with a knowledge base of previously analysed trusted designs. In comparison to existing techniques, our approach uses combination of static and dynamic analysis techniques to better approximate design behavior. We tested our methodology by analysing several IEEE-754 floating point soft IPs. We define identification coverage and confidence factor metric to quantify our IP analysis results.

An Adaptable Task Manager for Reconfigurable Architecture Kernels

Self-reconfigurable hardware is a new emerging technology which will enable adaptation of computing systems to changing environments.This paper deals with the design of architecture kernels for an autonomous on-board system and the development of an adaptation manager for real-time scheduling of the reconfigurable hardware fabric.Our approach employs a reconfigurable computer architecture with two key layers: the adaptation manager and the real time configuration kernel. This provides significant advantages in terms of flexibility, scalability, cost, and compatibility with embedded technology. Some preliminary results are presented.

Using codesign techniques to support analog functionality

With the growth of System on a Chip (SoC), the functionality of analog components must also be considered in the design process. This paper describes some of the design implementation partitioning issues and experiences using analog and digital techniques for embedded systems. To achieve a quick turn around for new embedded system development, a design methodology was extended for analog codesign based on the specify-explore-refine paradigm and system-level design methodology. Many system-level issues were addressed including hardware/software codesign trade-offs.

System level self-healing for parametric yield and reliability improvement under power bound

Post-silicon process compensation or “healing” of integrated circuits (ICs) has emerged as an effective approach to improve yield and reliability under parameter variations. In a System-on-Chip (SoC) comprising of multiple cores, different cores can experience different process shift due to local within-die variations. Furthermore, the cores are likely to have different sensitivities with respect to system power dissipation and system output parameters such as quality of service or throughput. Post-silicon healing has been addressed earlier at core level using various compensation approaches. In this paper, we present a system level healing algorithm for compensating SoC chips for a specific output parameter under power constraint. We formulate the healing problem as an ordinal optimization problem, where individual cores need to be assigned the right amount of healing that satisfies the target system performance and power requirement. Next, we propose an efficient solution to the problem using a priori design-time information about the relative sensitivities of the cores to system performance and power. Simulation results for example systems show that the proposed healing approach can achieve higher parametric yield and better settling time compared to conventional healing approaches.

Embedded system protection from software corruption

As Embedded Systems are being network enabled, allowing for remote updates and data sharing, software corruption has become a major concern. Security protection has mostly been overlooked. Software corruption can simplistically be considered as unauthorized instructions that are executed within the system. This can occur through behaviorally modified instruction code introduced via new software installation, updates, or application input data (such as buffer overflows). We introduce a vault architecture that prevents the insertion of software corruptions for embedded systems that allow remote access. Simulation results for the vault architecture are provided.