Secure and flexible trace-based debugging of systems-on-chip

Jerry Backer, David Hely, Ramesh Karri

Research output: Contribution to journalArticle

Abstract

This work tackles the conflict between enforcing security of a system-on-chip (SoC) and providing observability during trace-based debugging. On one hand, security objectives require that assets remain confidential at different stages of the SoC life cycle. On the other hand, the trace-based debug infrastructure exposes values of internal signals that can leak the assets to untrusted third parties. We propose a secure trace-based debug infrastructure to resolve this conflict. The secure infrastructure tags each asset to identify its owner (to whom it can be exposed during debug) and nonintrusively enforces the confidentiality of the assets during runtime debug. We implement a prototype of the enhanced infrastructure on an FPGA to validate its functional correctness. ASIC estimations show that our approach incurs practical area and power costs.

Original languageEnglish (US)
Article number31
JournalACM Transactions on Design Automation of Electronic Systems
Volume22
Issue number2
DOIs
StatePublished - Dec 1 2016

Fingerprint

Observability
Application specific integrated circuits
Field programmable gate arrays (FPGA)
Life cycle
Costs
System-on-chip

Keywords

  • Debug traces
  • Secure debug
  • Security and privacy → embedded systems security
  • System-on-chip

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering

Cite this

Secure and flexible trace-based debugging of systems-on-chip. / Backer, Jerry; Hely, David; Karri, Ramesh.

In: ACM Transactions on Design Automation of Electronic Systems, Vol. 22, No. 2, 31, 01.12.2016.

Research output: Contribution to journalArticle

@article{d14da65d3f87430a9cba2e64b88f3f4b,
title = "Secure and flexible trace-based debugging of systems-on-chip",
abstract = "This work tackles the conflict between enforcing security of a system-on-chip (SoC) and providing observability during trace-based debugging. On one hand, security objectives require that assets remain confidential at different stages of the SoC life cycle. On the other hand, the trace-based debug infrastructure exposes values of internal signals that can leak the assets to untrusted third parties. We propose a secure trace-based debug infrastructure to resolve this conflict. The secure infrastructure tags each asset to identify its owner (to whom it can be exposed during debug) and nonintrusively enforces the confidentiality of the assets during runtime debug. We implement a prototype of the enhanced infrastructure on an FPGA to validate its functional correctness. ASIC estimations show that our approach incurs practical area and power costs.",
keywords = "Debug traces, Secure debug, Security and privacy → embedded systems security, System-on-chip",
author = "Jerry Backer and David Hely and Ramesh Karri",
year = "2016",
month = "12",
day = "1",
doi = "10.1145/2994601",
language = "English (US)",
volume = "22",
journal = "ACM Transactions on Design Automation of Electronic Systems",
issn = "1084-4309",
publisher = "Association for Computing Machinery (ACM)",
number = "2",

}

TY - JOUR

T1 - Secure and flexible trace-based debugging of systems-on-chip

AU - Backer, Jerry

AU - Hely, David

AU - Karri, Ramesh

PY - 2016/12/1

Y1 - 2016/12/1

N2 - This work tackles the conflict between enforcing security of a system-on-chip (SoC) and providing observability during trace-based debugging. On one hand, security objectives require that assets remain confidential at different stages of the SoC life cycle. On the other hand, the trace-based debug infrastructure exposes values of internal signals that can leak the assets to untrusted third parties. We propose a secure trace-based debug infrastructure to resolve this conflict. The secure infrastructure tags each asset to identify its owner (to whom it can be exposed during debug) and nonintrusively enforces the confidentiality of the assets during runtime debug. We implement a prototype of the enhanced infrastructure on an FPGA to validate its functional correctness. ASIC estimations show that our approach incurs practical area and power costs.

AB - This work tackles the conflict between enforcing security of a system-on-chip (SoC) and providing observability during trace-based debugging. On one hand, security objectives require that assets remain confidential at different stages of the SoC life cycle. On the other hand, the trace-based debug infrastructure exposes values of internal signals that can leak the assets to untrusted third parties. We propose a secure trace-based debug infrastructure to resolve this conflict. The secure infrastructure tags each asset to identify its owner (to whom it can be exposed during debug) and nonintrusively enforces the confidentiality of the assets during runtime debug. We implement a prototype of the enhanced infrastructure on an FPGA to validate its functional correctness. ASIC estimations show that our approach incurs practical area and power costs.

KW - Debug traces

KW - Secure debug

KW - Security and privacy → embedded systems security

KW - System-on-chip

UR - http://www.scopus.com/inward/record.url?scp=85008498549&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85008498549&partnerID=8YFLogxK

U2 - 10.1145/2994601

DO - 10.1145/2994601

M3 - Article

VL - 22

JO - ACM Transactions on Design Automation of Electronic Systems

JF - ACM Transactions on Design Automation of Electronic Systems

SN - 1084-4309

IS - 2

M1 - 31

ER -