Belling the CAD: Toward Security-Centric Electronic System Design

In order to keep pace with the growing complexity of integrated circuits (ICs), IC and system designers are increasingly using electronic system level (ESL) design tools. ESL tool sales were around $460 million in 2011. The value of the ICs designed using these tools is at least an order of magnitude more. Concurrently, advanced IC reverse engineering techniques are being developed and used by attackers. In response, several anti-reverse engineering techniques have been proposed for integration into the IC design flow. An important class of defenses hardens the controllers that orchestrate the functionality of designs generated by ESL tools. We demonstrate an attack to recover the controller in any ESL-generated design even if the controller has been hardened using state-of-the-art controller hardening techniques. The attack analyzes the unhardened parts of the controller (i.e., the controller output logic and datapath) and reconciles this information with the architectural, controller, and timing constraints implicit in and underlying all ESL design methodologies. We then propose a countermeasure that inserts decoy connections into an ESL tool-generated design to thwart reverse engineering. We introduce a security metric to quantify the effectiveness of the developed attacks and defenses. We demonstrate the attack and defenses on designs generated by state-of-the-art ESL tools.