Automatic saboteur placement for emulation-based multi-bit fault injection

During recent years the dependability and security requirements of system-on-chip (SoC) designs have increased tremendously. Both, dependability and security, domains are concerned with operational faults of a random or intentional nature. In former case random faults e.g. caused by radiation or degradation effects could lead to execution errors with possible dramatic results. The security domain is more concerned with intentional faults injected by an adversary during a physical attack to drive the system into an unintended state. The resistance of such a design against faults can be emulated during early design phases using fault injection methods. For these methods the design-under-test is augmented with additional circuitry to emulate faults at predestined locations. One method uses saboteurs, elements that are transparent during normal operation and faulty if activated, are placed into the target system. If this placement process includes a high number of saboteurs, the hardware description manipulation could be a challenge for the design engineer. Therefore this paper presents an automatic placement methodology for fault injection evaluations using saboteur techniques. The automatized process allows for the efficient placement of large amounts of saboteurs. This enables the designer to evaluate a high number of different dependability and fault attack scenarios during early design phases using FPGA-based functional emulation. Selected case studies show how this approach can be applied to a common general purpose architecture in an efficient way.