Go to DBLP homepageDiSPEL: A Framework for SoC Security Policy Synthesis and Distributed Enforcement
Abstract: Modern System-on-Chip (SoC) designs that rely on bus architectures are susceptible to a range of hardware and software threats, necessitating the implementation of diverse security measures. The protection of valuable assets against unauthorized access requires the integration of various security policies. The complex interactions among multiple Intellectual Property (IP) blocks within an SoC pose significant challenges for stakeholders such as SoC designers, system validators, and security experts, who must discern relevant policies, implement them, and ensure compliance. The manual expertise needed for upgrading policies and adapting IPs to meet varying security requirements significantly impacts both design costs and time-to-market. This paper introduces DiSPEL, a flexible and efficient framework designed to automatically synthesize and enforce security policies expressed in a simple grammar format for any bus-based SoC design. DiSPEL adopts a distributed deployment strategy to maintain the integrity of trusted bus operations, even when dealing with untrusted IPs. DiSPEL achieves policy enforcement by (i) incorporating a dedicated centralized module to address bus-level security specifications and (ii) generating the necessary logic and appending it to the IP-level bus wrapper to meet IP-specific requirements. The proposed framework supports generic security policy types, accommodating both synthesizable and non-synthesizable constructs. Experimental results validate the efficacy and correctness of DiSPEL in enforcing security requirements, demonstrating its practicality with minimal overhead in terms of area, delay, and power consumption. These results are based on experiments conducted using open-source standard SoC benchmarks.
Loading