NEW whitepaper - "Verifying Security at the Hardware/Software Boundary"

Comment

NEW whitepaper - "Verifying Security at the Hardware/Software Boundary"

We have a new whitepaper that describes:

• That Hardware Security review is a time-consuming and unreliable process

• How the inclusion of boot code can exacerbate the complexity of Hardware Security review

• The landscape of known Hardware Security threats

• How Unison, Tortuga Logic's new Hardware Security simulation platform, can drastically decrease the time it takes to perform security review at the hardware/software boundary

Click here to download!

Comment

Security Vulnerability Found in Haswell Line of Intel Processors

Comment

Security Vulnerability Found in Haswell Line of Intel Processors

"It also highlights the need for CPU designers to be aware of security as part of the design of new processors."

Researchers have discovered a flaw in a fairly new line of Intel processors that can allow the bypass of a key security mechanism built into the majority of operating systems. 

Read more here - http://arstechnica.com/security/2016/10/flaw-in-intel-chips-could-make-malware-attacks-more-potent/

Comment

The Headaches of being a SoC Security Architect

Comment

The Headaches of being a SoC Security Architect

A modern System-on-Chip (SoC) has a wide array of very strict and difficult-to-verify security properties. Issues related to locking critical configuration or key registers, proper implementation of interconnect access control rules, and general configuration during system boot are issues that pain just about every SoC Security Architect. They spend hours reviewing documentation from the verification teams and discussing these issues with separate product security teams. The end result is a process which results in enormous amount of time spent with very inadequate results.

Click here to read the rest of the article.

Comment

You probably have a lot of dead hens in your hardware design

1 Comment

You probably have a lot of dead hens in your hardware design

Meeting timing, keeping under power budget, delivering on time -- all aspects of hardware design are pretty easy if you just relax the constraint of being "correct"! Hardware designers of course know this and are quick to find creative and easy fixes to their problems but are of course held in check by teams of diligent testing and verification engineers providing their evaluation of correctness. Add a cycle of delay here, handle this special case there, power gate this, change the specification of that -- the success of hardware teams relies on the honest back and forth between these competing interests.  Unfortunately, as I touched on in my last blog entry, security is not covered by the traditional specifications and is completely unexamined by traditional test and verification procedures.

Read more here.

1 Comment

Functional Verification Will Not Save You From This Silicon Security Vulnerability

Comment

Functional Verification Will Not Save You From This Silicon Security Vulnerability

More often than not, systems are deployed every day with numerous bugs, both known and unknown. The problem in silicon security is twofold: 1) The behaviors that excite the latent vulnerabilities in designs are decidedly unnatural.  2) Most security systems are fragile. Dropping even a subset of the bits from a single key or flipping a few bits of internal state can be enough to completely subvert years of careful policy design, cryptographic cleverness, and architecture security support. 

Click here to read the rest of the article.

Comment

You Must Verify HW/SW Interactions to Avoid Security Vulnerabilities

Comment

You Must Verify HW/SW Interactions to Avoid Security Vulnerabilities

Imagine waking up tomorrow morning only to discover that your employer's brand is all over the news for the wrong reasons. Qualcomm employees experienced that last week. Over 900 million Android devices containing a Qualcomm processor were shown to have four known security vulnerabilities, and these alarming security issues are not going to be easy to eliminate according to the press. Not exactly the news a semiconductor executive wants to read with their morning cup of coffee.

Click here to read the rest of the article.

Comment

Securing the Internet of Things Starts with Silicon

Comment

Securing the Internet of Things Starts with Silicon

In just a few short years, connected devices of the Internet of Things (IoT) have gone from concepts to reality and as a result there are now major concerns regarding their initial development.

“As every player with a stake in IoT is well aware, security is paramount for the safe and reliable operation of IoT connected devices. It is, in fact, the foundational enabler of IoT.”1 This statement is supported by the work of researchers at the 2016 BlackHat conference where they demonstrated how to hack into smart lightbulbs, medical devices, and many other connected devices.

Click here to read the remainder of this post.

photo courtesy: shutterstock

Comment

Securing FPGAs

Comment

Securing FPGAs

Ask an FPGA design engineer about securing their designs and a typical reply is likely “Oh – we don’t have to worry about that, our FPGA vendor takes care of silicon security”. This perspective is partially true in that FPGA vendors provide security functionality to protect a user’s bitstream and the design data that uniquely programs an FPGA against copying, cloning, and reverse engineering. Some FPGA vendors are now also offering more advanced security features....

Click here to read the remainder of this post.

Comment

Here’s What You Need to Know about Design-for-Security

Comment

Here’s What You Need to Know about Design-for-Security

Security vulnerabilities in silicon designs represent huge potential financial losses, not to mention the severe detrimental damage to a company’s brand name. SoC designers currently attempt to test for security vulnerabilities very late in the design cycle, which produces very little discovery and resolution. Tortuga Logic provides a design-for-security (DFS) process that integrates easily into an RTL process and allows for security verification during the entire SoC design process, from architecture development to tapeout.

Click here to read the remainder of this post.

Comment

Software Security is Necessary but Not Sufficient

Comment

Software Security is Necessary but Not Sufficient

As the silicon designs inside the connected devices of the Internet of Things transition from specifications to tapeouts, electronics companies have come to the stark realization that software security is simply not adequate. Securing silicon is now a required, not optional, part of RTL design processes....

Click here to read the remainder of this post.

Comment