Automatic Implementation of Secure Silicon (AISS)

Builds on the vision of the Automatic Implementation of Secure Silicon (AISS) initiative, aiming to streamline the development of secure chips through automation-driven security integration. By embedding security mechanisms directly into the chip design process, we seek to balance performance, cost, and protection without compromising design efficiency.


AI Generated Image : credits to Grok2

Automated Secure Chip Design

We are developing methodologies to enable an automated chip design flow where security scales seamlessly with the functional and economic goals of a system-on-chip (SoC). Our approach provides:

  • Rapid architectural evaluation to assess security and performance trade-offs.
  • Automated generation and optimization of SoCs, ensuring built-in security.
  • Partitioned security architecture, with a dedicated security subsystem complementing the main processing logic.
  • By integrating security at the design stage, we significantly reduce the burden on chip designers while enhancing protection against evolving threats.

Addressing Key Attack Surfaces

Given the ever-expanding threat landscape, our work focuses on four critical attack vectors that are most relevant to modern digital ASICs and SoCs:

  • Side-channel attacks – Preventing information leakage through power, timing, and electromagnetic emissions.
  • Reverse engineering attacks – Protecting design IP against unauthorized analysis and cloning.
  • Supply chain attacks – Securing chips against tampering and malicious modifications during fabrication and distribution.
  • Malicious hardware attacks – Detecting and mitigating hidden backdoors or hardware Trojans.
  • To effectively counter these threats, we are developing scalable, cost-aware defense mechanisms that allow designers to select security solutions based on risk assessment and attack likelihood.

Ensuring Trust Throughout the Design Lifecycle

Beyond integrating security features, our work also focuses on protecting the integrity and provenance of design components throughout the entire chip development process. This includes advancing verification and validation techniques to ensure IP blocks remain secure from conception to manufacturing.

Through automation, security-aware design practices, and novel validation approaches, we aim to reshape the future of trustworthy and resilient hardware.

Tasks

  • Cryptographic Cores: Creation of foundational Security IP.
  • Threat Heuristics Library: Develop a library of techniques to detect suspect circuits in RTL.
  • Configurable Security IP: Develop parameterized security IP cores that allow a designer to configure PASS features of cores to meet security and PASS objectives.
  • Threat Detection Tool: Develop threat detection tools using static, dynamic as well as formal analysis to detect and report security vulnerabilities in RTL and gate-level IPs.
  • Multiple Threat Scoring: Analyze and score the effectiveness of IP security against multiple attack threats utilizing various threat detection algorithms.
  • Configurable Security IP: Develop generators for security IP cores that enable optimization to meet security and PASS objectives.
  • System Integration: Final stage of the project where all the components are integrated into one system implementation (security engine).

Team

This is a multi-university and multi-industrial partnered project. The tasks of the project were divided among several research groups in the University of Florida, the University of Arkansas, and Synopsys Inc. Internal validation (Red teaming) for the developed components was performed by the University of Maryland. In this section, I am elaborating on the teams that I was a part of collaborating on this project.

University of Florida - Embedded Systems Lab

I was fortunate enough to lead a team of graduate and undergraduate team of researchers with the help of my PhD advisor Dr. Prabhat Mishra. We were able to successfully deliver the trust validation tools and the security IP components required for this project.

Graduate ResearchersUndergraduate Researchers
Aruna Jayasena (Me)Laura Chang
Emma AndrewsLydia Chung
Sahan SanjayaRichard Bachmann
Daniel VolyaEmmett Kogan

Our group’s main tasks were in the areas of threat heuristics and security IP. The Threat Heuristics task developed tools to check five specific vulnerabilities (malicious implants, FSM vulnerability, information leakage, clock/reset vulnerability, and data flow vulnerability) in RTL designs. The Security IP task involves the design and mitigation of both hardware and software cryptographic IPs.

Synopsys Inc - DesignWare Group

For the final stage of the project, which is the system integration part (security engine) I was able to join Synopsys. During this time I had the privilege to work with experts in this domain Arto Kankaanpaa, Mike Borza and the rest of the tRoot team.

This project was funded by DARPA. The views expressed on the site are those of the members of this project and do not necessarily represent those of DARPA. Find more about this project from Sponor webpage