"Testing Chips For Security"
As supply chains and manufacturing processes become more diverse, it becomes much more difficult to validate the security of complex chips. Furthermore, justifying the time and expense to do so can be difficult, and there is little agreement on the ideal metrics and processes involved. Security validation for complex chips is especially important as chip architectures evolve from a single chip developed by one vendor to a collection of chips in a package developed by multiple vendors. Identifying security risks early in the design flow can save time, effort, and money later. In theory, this should be the same as any other test or debugging procedure, but in regards to testing, there are different track records for hardware quality, reliability, and security. Clarifying exactly what you are testing for is one of the biggest security-related challenges. Although a chip may have been manufactured to exact specifications, its security must be evaluated through the eyes of a skilled and determined attacker, rather than through predictable metrics. The intelligence of an adversary must be considered, according to Mark Tehranipoor, chair of the University of Florida's Department of Electrical and Computer Engineering (ECE). A defect can be modeled, but modeling intent is extremely difficult. That is where security testing becomes difficult. Regardless of how many best practices are implemented during the design phase, the real world will present security challenges that are difficult to anticipate. Tehranipoor and Adam Cron, distinguished architect at Synopsys, are two of the authors of "Quantifiable Assurance: From IPs to Platforms," a recent paper examining these issues. The paper includes over 20 different metrics for various aspects of security, demonstrating the difficulty of the task. Cron believes that measuring security is still in its early stages. In terms of security, all companies are just getting started in terms of measurement. This article continues to discuss the challenges and approaches of chip security testing.
Semiconductor Engineering reports "Testing Chips For Security"