Automatic Implementation of Secure Silicon (AISS)
This work built on the Automatic Implementation of Secure Silicon (AISS) vision. The goal was to simplify secure chip development by automating how security is integrated. By embedding security features directly into the chip design process, the objective was to balance performance, cost, and protection without slowing down design workflows.
AI Generated Image : credits to Grok2
Automated Secure Chip Design
We developed methodologies to enable an automated chip design flow where security scaled seamlessly with the functional and economic goals of a system-on-chip (SoC). Our approach provided:
- Rapid architectural evaluation to assess security and performance trade-offs.
- Automated generation and optimization of SoCs with built-in security.
- A partitioned security architecture, featuring a dedicated security subsystem complementing the main processing logic.
By integrating security at the design stage, we significantly reduced the burden on chip designers while enhancing protection against evolving threats.
Addressing Key Attack Surfaces
Given the ever-expanding threat landscape, our work focused on four critical attack vectors most relevant to modern digital ASICs and SoCs:
- Side-channel attacks – Preventing information leakage through power, timing, and electromagnetic emissions.
- Reverse engineering attacks – Protecting design IP against unauthorized analysis and cloning.
- Supply chain attacks – Securing chips against tampering and malicious modifications during fabrication and distribution.
- Malicious hardware attacks – Detecting and mitigating hidden backdoors or hardware Trojans.
To counter these threats effectively, we developed scalable, cost-aware defense mechanisms that allowed designers to select security solutions based on risk assessment and attack likelihood.
Ensuring Trust Throughout the Design Lifecycle
Beyond integrating security features, our work also focused on protecting the integrity and provenance of design components throughout the entire chip development process. This included advancing verification and validation techniques to ensure IP blocks remained secure from conception to manufacturing.
Through automation, security-aware design practices, and novel validation approaches, we aimed to reshape the future of trustworthy and resilient hardware.
Tasks
- Cryptographic Cores: Created foundational security IP.
- Threat Heuristics Library: Developed a library of techniques to detect suspect circuits in RTL.
- Configurable Security IP: Designed parameterized security IP cores that allowed designers to configure PASS features to meet security and performance objectives.
- Threat Detection Tool: Built tools using static, dynamic, and formal analysis to detect and report security vulnerabilities in RTL and gate-level IPs.
- Multiple Threat Scoring: Analyzed and scored the effectiveness of IP security against multiple attack threats using various detection algorithms.
- Configurable Security IP Generators: Developed generators for security IP cores optimized for security and PASS objectives.
- System Integration: Integrated all components into a unified system implementation (security engine).
Team
This was a multi-university and multi-industry collaborative project. Tasks were distributed among research groups at the University of Florida, the University of Arkansas, and Synopsys Inc. Internal validation (red teaming) of developed components was performed by the University of Maryland. Below are the teams I collaborated with directly.
University of Florida - Embedded Systems Lab
I had the opportunity to lead a team of graduate and undergraduate researchers under the guidance of my PhD advisor Dr. Prabhat Mishra. We successfully delivered the trust validation tools and security IP components required for the project.
| Graduate Researchers | Undergraduate Researchers |
|---|---|
| Aruna Jayasena (Me) | Laura Chang |
| Emma Andrews | Lydia Chung |
| Sahan Sanjaya | Richard Bachmann |
| Daniel Volya | Emmett Kogan |
Our group’s primary contributions were in threat heuristics and security IP. The Threat Heuristics effort produced tools to detect five specific vulnerabilities in RTL designs: malicious implants, FSM vulnerabilities, information leakage, clock/reset vulnerabilities, and data flow vulnerabilities. The Security IP effort focused on designing and mitigating both hardware and software cryptographic IPs.
Synopsys Inc - DesignWare Group
During the final stage of the project (system integration), I joined Synopsys. There, I worked with experts including Arto Kankaanpaa, Mike Borza, and the tRoot team. Together, we contributed to integrating the system into a complete security engine.
Sponsor
This project was funded by DARPA. The views expressed on the site are those of the members of this project and do not necessarily represent those of DARPA. Find more about this project from Sponor webpage