For the past decade, cybersecurity threats have moved from high in the software stack to progressively lower levels of the computational hierarchy, working their way towards the underlying hardware. Despite growing recognition of the issue, there are no common tools, methods, or solutions for chip-level security currently in wide use. This is largely driven by the economic hurdles and technical trade-offs often associated with secure chip design. Further, modern chip design methods are unforgiving – once a chip is designed, adding security after the fact or making changes to address newly discovered threats is nearly impossible.
The Automatic Implementation of Secure Silicon (AISS) program aims to ease the burden of developing secure chips. AISS seeks to create a novel, automated chip design flow that will allow security mechanisms to scale consistently with the goals of a chip design. The target design flow will provide a means of rapidly evaluating architectural alternatives that best address the required design and security metrics, as well as varying cost models to optimize the economics versus security trade-off. The target AISS system – or system on chip (SoC) – will be automatically generated, integrated, and optimized, and will consist of two partitions – an application specific processor partition and a security partition implementing the on-chip security features. By bringing greater automation to the chip design process, the burden of security inclusion can be profoundly decreased.
While the threat landscape is ever evolving and expansive, AISS seeks to address four specific attack surfaces that are most relevant to digital ASICs and SoCs. These include side channel attacks, reverse engineering attacks, supply chain attacks, and malicious hardware attacks. As strategies for resisting threats vary widely in cost, complexity, and invasiveness, AISS will help designers assess which defense mechanisms are most appropriate based on the potential attack surface and the likelihood of a compromise.
In addition to incorporating scalable defense mechanisms, AISS seeks to ensure that the IP blocks that make up a chip remain secure throughout the design process and are not compromised as they move through the ecosystem. As such, the program aims to move forward provenance and integrity validation techniques for preexisting design components by advancing current methods or inventing novel technical approaches.
You are now leaving the DARPA.mil website that is under the control and
management of DARPA. The appearance of hyperlinks does not constitute
endorsement by DARPA of non-U.S. Government sites or the information,
products, or services contained therein. Although DARPA may or may not
use these sites as additional distribution channels for Department of
Defense information, it does not exercise editorial control over all of
the information that you may find at these locations. Such links are
provided consistent with the stated purpose of this website.
After reading this message, click to continue