The Aerospace & Defense industry depends on the reliability and security of their mission-critical systems. Because of that, many of the hardware designs that finally make their way into a final system either as an ASIC or a programmed FPGA are required to go through strict security review. Unfortunately, current hardware security verification techniques are extremely archaic and typically consist of manual review of the RTL. This approach is inadequate because it consumes an exorbitant amount of time, and falls prey to the accuracy of the reviewer.
Tortuga Logic's products automate this necessary security review and save Aerospace & Defense companies significant amounts of time/money, all while increasing the security of their final systems. Here are examples of important security requirements a final system needs that are difficult to test with current techniques.
Information Assurance (IA) is the process of ensuring that data or information that should be kept confidential or secret remains so. The notion of Red/Black separation is often used to describe the importance of separating “Red” (secret, confidential, or classified) from “Black” (public or unclassified) and ensuring that proper functional isolation has been created between Red and Black domains.
Unfortunately, reviewing hardware designs for information assurance is an extremely difficult and time-consuming task that often requires manual review of schematics, RTL, and gate level netlists to ensure that isolation properties have been properly enforced. Moreover, government requirements and review bodies are constantly seeking improvements to help reduce the level of effort for information assurance review without compromising quality or confidence in the review. For large-scale SoCs, manual review becomes completely intractable, and many struggle with the ability to perform acceptable amounts of information assurance review.
Issues related to trust in the semiconductor supply chain span across every stage of the design, development, and manufacturing process. Issues related to 3rd party intellectual property cores, untrusted foundries, overseas assembly, and potential rogue employees make trust verification for a modern semiconductor design an extremely challenging and daunting task. However, using security verification during the design and development stages, trust can be established in 3rd party cores that are being used and prevent any harm introduced by a potential rogue employee. By employing advanced security verification techniques, critical security properties of the design can be easily validated to ensure that if any rogue third party core or designer inserted something malicious into the design, it would not violate system security and still operate securely based on the security threat model.
Incorrectly tackling these security requirements during the design lifecycle can lead to disastrous issues further on down the line.