Security constraints in integrated circuits

The so called "secure systems" require usually defining and analyzing security at various levels. The first and obvious one is to provide the necessary functions dedicated or supporting the security concepts to be used. This would cover specific system functions like a processor for cryptography or a generator for random number... This can be verified at high level (according to given criteria) and is good enough if this system is physically protected (like a computer in an access controlled room). For portable devices (like smartcard for example) or device physically accessible (like your PC or TV set top box at home), you need also to protect the implementation of the system against information leakage or modification. This requires extra security dedicated functions (like memory or bus encryption). They are high level functions specific to a given device. These functions and all others then need to be implemented in a robust way (no leakage, no sensitivity to perturbation). This can be pretty complex and must be verified and certified. On top of that all this integrated circuit needs to be tested properly with no weakness added by the test mechanisms. Secure testing and testing the security are quite challenging tasks, new solutions are now emerging.