Farimah Farahmandi

Pre-silicon security verification and validation: a formal perspective

Reusable hardware Intellectual Property (IP) based System-on-Chip (SoC) design has emerged as a pervasive design practice in the industry today. The possibility of hardware Trojans and/or design backdoors hiding in the IP cores has raised security concerns. As existing functional testing methods fall short in detecting unspecified (often malicious) logic, formal methods have emerged as an alternative for validation of trustworthiness of IP cores. Toward this direction, we discuss two main categories of formal methods used in hardware trust evaluation: theorem proving and equivalence checking. Specifically, proof-carrying hardware (PCH) and its applications are introduced in detail, in which we demonstrate the use of theorem proving methods for providing high-level protection of IP cores. We also outline the use of symbolic algebra in equivalence checking, to ensure that the hardware implementation is equivalent to its design specification, thus leaving little space for malicious logic insertion.

Groebner basis based formal verification of large arithmetic circuits using Gaussian elimination and cone-based polynomial extraction

Verification of arithmetic circuits is essential as they form the main part of many practical designs such as signal processing and multimedia applications. In these applications, the size of the datapath could be very large so that contemporary verification methods would be almost incapable of verifying such circuits in reasonable time and memory usage. This paper addresses formal verification of large integer arithmetic circuits using symbolic computer algebra techniques. In order to efficiently verify gate level arithmetic circuits, we model the circuit and the specification with polynomial system and the verification problem is formulated as membership testing of the given specification polynomial in corresponding ideal of the circuit polynomials. The membership testing needs Groebner basis reduction. In order to overcome the intensive polynomial reduction needed in Groebner basis computation so that we can deal with verifying large arithmetic circuits, the fanout-free regions (cones) of the circuit are extracted and represented as corresponding polynomials automatically. For further improvement, we make use of Gaussian elimination concept to perform specification polynomial reduction w.r.t Groebner basis using a matrix representation of the problem. To evaluate the effectiveness of our verification technique, we have applied it to very large arithmetic circuits with different architectures. The experimental results show that the proposed verification technique is scalable enough so that large arithmetic circuits can efficiently be verified in reasonable run time and memory usage.

Automated test generation for Debugging arithmetic circuits

Optimized and custom arithmetic circuits are widely used in embedded systems such as multimedia applications, cryptography systems, signal processing and console games. Debugging of arithmetic circuits is a challenge due to increasing complexity coupled with non-standard implementations. Existing equivalence checking techniques produce a remainder to indicate the presence of a potential bug. However, bug localization remains a major bottleneck. Simulation-based validation using random or constrained-random tests are not effective and can be infeasible for complex arithmetic circuits. In this paper, we present an automated test generation and bug localization technique for debugging arithmetic circuits. This paper makes two important contributions. We propose an automated approach for generating directed tests by suitable assignments of input variables to make the reminder non-zero. The generated tests are guaranteed to activate the unknown bug. We also propose a bug detection and correction technique by utilizing the patterns of remainder terms as well as the intersection of regions activated by the generated tests. Our experimental results demonstrate that the proposed approach can be used for automated debugging of complex arithmetic circuits.

Trojan localization using symbolic algebra

Growing reliance on reusable hardware Intellectual Property (IP) blocks, severely affects the security and trustworthiness of System-on-Chips (SoCs) since untrusted third-party vendors may deliberately insert malicious components to incorporate undesired functionality. Malicious implants may also work as hidden backdoor and leak protected information. In this paper, we propose an automated approach to identify untrustworthy IPs and localize malicious functional modifications (if any). The technique is based on extracting polynomials from gate-level implementation of the untrustworthy IP and comparing them with specification polynomials. The proposed approach is applicable when the specification is available. Our approach is scalable due to manipulation of polynomials instead of BDD-based analysis used in traditional equivalence checking techniques. Experimental results using Trust-HUB benchmarks demonstrate that our approach improves both localization and test generation efficiency by several orders of magnitude compared to the state-of-the-art Trojan detection techniques.

Exploiting transaction level models for observability-aware post-silicon test generation

A major challenge in post-silicon debug is to generate efficient tests that activate requisite coverage goals on the target hardware while also producing results that are observable through a given on-chip design-for-debug (DfD) architecture. Unfortunately, such tests cannot be generated by analysis of RTL models, both because of design complexity and since the implementation can be buggy. In this paper, we propose an approach to address this problem by exploiting transaction-level models (TLM). Our approach involves mapping tests and observability requirements between TLM and RTL, enabling TLM analysis to generate post-silicon tests. We provide two case studies to demonstrate the flexibility and effectiveness of our proposed approach.

Cost-effective analysis of post-silicon functional coverage events

Post-silicon validation is a major challenge due to the combined effects of debug complexity and observability constraints. Assertions as well as a wide variety of checkers are used in pre-silicon stage to monitor certain functional scenarios. Pre-silicon checkers can be synthesized to coverage monitors in order to capture the coverage of certain events and improve the observability during post-silicon debug. Synthesizing thousands of coverage monitors can introduce unacceptable area and energy overhead. On the other hand, absence of coverage monitors would negatively impact post-silicon coverage analysis. In this paper, we propose a framework for cost-effective post-silicon coverage analysis by identifying hard-to-detect events coupled with trace-based coverage analysis. This paper makes three major contributions. We propose a method to utilize existing debug infrastructure to enable coverage analysis in the absence of synthesized coverage monitors. This analysis enables us to identify a small percentage of coverage monitors that need to be synthesized in order to provide a trade-off between observability and design overhead. To improve the observability further, we also present an observability-aware trace signal selection algorithm that gives priority to signals associated with important coverage monitors. Our experimental results demonstrate that an effective combination of coverage monitor selection and trace analysis can maintain the debugging observability with drastic reduction (up to 10 times) in the required coverage monitors.

Effective Combination of Algebraic Techniques and Decision Diagrams to Formally Verify Large Arithmetic Circuits

Arithmetic circuits require a verification process to prove that the gate level circuit is functionally equivalent to a high level specification. This paper presents an automatic equivalence checking technique to verify combinational arithmetic circuits at bit level. In order to efficiently verify gate level arithmetic circuits, we make use of computer algebra based approach so that the circuit and the specification are modeled in polynomial system and the verification problem is formulated as polynomial reduction techniques using Groebner basis of circuit polynomial corresponding ideal. To overcome costly Groebner basis computation as well as intensive polynomial reduction, we make use of a canonical decision diagram named Horner Expansion Diagram (HED), derive a suitable term order to represent and manipulate polynomials efficiently and find repetitive components based on automata. To evaluate the effectiveness of our verification technique, we have applied it to very large arithmetic circuits including multipliers. Preliminary experimental results show that the proposed verification technique is scalable enough so that large multipliers can efficiently be verified in reasonable run time and memory usage.

Observability-Aware Post-Silicon Test Generation

Simulation is the most widely used form of validation using billions of random and pseudo-random tests in the traditional design flow. A critical problem in post-silicon debug is to generate efficient tests that both activate requisite coverage goal on the target hardware as well as produce results that are observable through a given on-chip design-for-debug architecture. Unfortunately, such tests cannot be generated directly from register-transfer level (RTL) models, both due to design complexity and due to bugs in the design itself. In this chapter, we discuss a directed test generation approach which facilities the observation of expected outputs of the generated tests using the traced signals. The proposed approach uses transaction-level models (TLM) for post-silicon test generation. The basic idea is to transform an RTL assertion as well as observability constraints to create a TLM assertion with observability constraints. The TLM assertion/property would be used to enable TLM analysis to generate post-silicon tests. Finally, the TLM test would be translated to an RTL test that is debug-friendly. In this chapter, we provide case studies from a number of different design classes to demonstrate the flexibility and effectiveness of the approach.

Post-Silicon SoC Validation Challenges

Modern System-on-Chip (SoC) designs are becoming increasingly complex and powerful to meet the ever-growing computing demands form diverse application domains including the emerging Internet of Things (IoT). Given the widespread acceptance of SoCs in the electronic industry, it is critical to ensure their correctness from both functional and nonfunctional perspectives. SoC design complexity is increasing rapidly keeping pace with twofold increase in number of transistors every technology cycle. Drastic increase in design complexity has led to significant increase in SoC validation complexity. Due to increasing design complexity coupled with shrinking time-to-market constraints, it is not possible to detect all design flaws (errors) during pre-silicon validation. Post-silicon validation needs to capture these escaped functional errors as well as electrical faults including crosstalk, delay, and transient faults. Post-silicon validation is widely acknowledged as a major bottleneck in SoC design methodology—many recent studies suggest that it consumes more than 50% of an SoCs overall design effort (total cost) at 65nm technology. This problem is expected to get worse as the industry continues to move to even smaller geometries. This chapter provides a comprehensive overview of different challenges associated with SoC post-silicon validation and debug.

Utilization of Debug Infrastructure for Post-Silicon Coverage Analysis

Lack of observability combined with a huge design complexity make post-silicon validation and debug challenging. Assertions, as well as a wide variety of checkers, are used in pre-silicon stage to monitor specific functional scenarios. To improve the observability during post-silicon debug, pre-silicon assertions can be synthesized to coverage monitors and placed on silicon. However, synthesizing thousands of assertions can introduce unacceptable area and energy overhead. On the other hand, the absence of coverage monitors would negatively impact post-silicon coverage analysis to capture the coverage of specific events. This chapter proposes a framework for cost-effective post-silicon coverage analysis by identifying hard-to-detect assertions. The approach is based on utilizing existing debug infrastructure to enable coverage analysis in the absence of synthesized coverage monitors. This analysis allows us to identify a small percentage of coverage monitors that need to be synthesized to provide a trade-off between observability versus design overhead. To improve the observability further, an observability-aware trace signal selection algorithm is proposed to give priority to signals associated with important coverage monitors.