ACM Journal on Emerging Technologies in Computing Systems
Special issue on CAD for Security: Pre-silicon Security Sign-off Solutions Through Design Cycle
Farimah Farahmandi, University of Florida, email@example.com
Ankur Sirvastava, University of Maryland, firstname.lastname@example.org
Giorgio Di Natali, TIMA Laboratory, University of Grenoble, email@example.com
Mark Tehranipoor, University of Florida, firstname.lastname@example.org
Security vulnerabilities in hardware designs are of major concerns since it is almost impossible to patch them once they are fabricated and deployed in the field. Recent studies have shown many vulnerabilities in SoC implementations, including side-channel leakage, information leakage, access control violations, malicious change, etc. These attacks can effectively bypass the security mechanisms built at the software level and put chips or systems at major risk. Ensuring the security of modern SoC designs is challenging due to their complexity, aggressive time-to-market demands, and the variety of attacks introduced against hardware designs. Given the wide usage of SoCs in mission-critical applications, it is critical to ensure their security before deployment. However, most of the existing solutions lack automation and rely on manual approaches and design reviews that are not efficient nor scalable. The semiconductor industry and system integrators are looking for a set of metrics, reusable security solutions, and automatic computer-aided design (CAD) tools to aid analysis, identifying, root-causing, and mitigating SoC security problems.
Vulnerabilities in SoCs are due to design mistakes, lack of security understanding by designers, design transformations, increased attack surfaces, and malicious intents. Further, exiting CAD tools are used in SoC design flow can introduce additional vulnerabilities in the SoCs unintentionally. For example, some design practices/choices may make the design vulnerable to timing and power side-channel leakage. Not only will these vulnerabilities move from one level of abstraction to another, but unique vulnerabilities can also be introduced during design transformations. For example, an RTL design with power side-channel issues can suffer from access control issues when it is synthesized to gate-level, and design-for debug infrastructure will be inserted. Therefore, it is essential to have automatic CAD solutions to be able to analyze the security of SoCs in a comprehensive manner, in all levels of abstractions, and against all existing threats (e.g., fault-injection, side-channel, and hardware Trojan
attacks). CAD tools should be able to access the security of the design in the pre-silicon stage and suggest possible countermeasures while still it is possible to modify the design and address the potential vulnerabilities. Finally, addressing a security vulnerability at the later stages of the design and fabrication process would cost 10X more than the previous stage, hence it is of utmost importance to address the vulnerabilities at the higher levels of abstractions to provide higher flexibility and lower the total cost of mitigation.
Considering the above challenges and potential solutions, the scope of this Special Issue of ACM JETC calls for automatic CAD solutions for security sign-off in all levels of abstractions (i.e., C/C++, RTL, gate-level, and layout) which include the following but not limited to:
• Power-side channel vulnerability assessment and countermeasures
• Timing-side channel vulnerability assessment and countermeasures
• Electromagnetic radiation vulnerability assessment and countermeasures
• Fault-injection vulnerability evaluation and countermeasures
• Automatic security property generation
• Security equivalence checking between different design abstractions
• Security equivalence checking between different SoCs
• Optical/microprobing/nanoprobing vulnerability assessment and countermeasures
• (Anti-)Reverse engineering and physical attacks
• FPGA Bitstream protection and vulnerabilities
• Trojans and backdoors: Detection and prevention
• Information leakage assessment and countermeasures
• Physical data extraction and countermeasures
• Finite statement machine hardening
• Automated physical assurance solutions
All original manuscripts or revisions to the ACM JETC must be submitted online at https://mc.manuscriptcentral.com/jetc. The author guidelines for ACM JETC can be found at https://dl.acm.org/journal/jetc/author-guidelines. To make sure that your article will be considered for this special issue, you need to select the submission type as “SI: CAD for Hardware Security”. Authors must also mention the same in their submission cover letter.
Submitted articles must not have been previously published or currently submitted for publication elsewhere. For previously published conference papers, it is required that submissions to the special issue have at least 30% new content. Submissions that do not meet this requirement will be summarily rejected.
• Submissions deadline: November 1, 2021
• First-round review decisions: January 2022
• Deadline for revision submissions: February 2022
• Notification of final decisions: April 2022
• Tentative publication: 2022