Mitigating Security Risks When Designing with 3rd-Party Silicon IP

Posted by 
in Blogs
14 May 2019

There is probably not one embedded system that is not built without open source software, 3rd party silicon IP or manufactured far from the design and distribution centers that make and sell these systems. Those who want to secure the design and delivery chain have no standard to use to address this. This has left develop teams to struggle with means to mitigate and address security risks when third party IP and associated components are integrated into today’s modern embedded systems.

There are many conferences devoted to security related issues and we have all read about Meltdown and Spectre, I suspect. There are some security risks which may not have gotten extensive global attention like A2 which is an analog attack exploiting an almost hidden capacitor. The Electronic Design Automation industry has even had exploits documented in conference papers that show how encrypted design and verification IP can be made visible, for which the standards team is now hard at work to address.

And for embedded systems we have accepted a certain level of risk when it comes to integrating third-party IP into our SoC devices. Modern SoC designs gain productivity leverage when they can be designed with silicon IP that comes from multiple sources, from sources that have expertise in those particular blocks. Who do you use and trust for your memory controllers, protocol interface handlers and the like? In order to build the best SoC, we seek out the highest quality silicon IP to be part of our SoC’s.

read the full blog post here