The Cat and Mouse in Split Manufacturing

Wang, Yujie; Chen, Pu; Hu, Jiang; Li, Guofeng; Rajendran, Jeyavijayan

doi:10.1109/tvlsi.2017.2787754

Cited by 45 publications

(96 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since physical layouts are designed holistically, at least when using regular and security-unaware CAD tools, various hints on the BEOL can remain within the FEOL. Wang et al [35] proposed a so-called proximity attack, where they formulated various FEOL-level hints within a network-flow attack model. 2 For selected designs, they succeeded to infer the majority of missing BEOL wires.…”

Section: A Split Manufacturingmentioning

confidence: 99%

“…For the scenario of malicious fab employees, we evaluate our scheme against the powerful open-source proximity attacks [33], [35] and [34], [36] in Sec. VI-D. We conduct experiments for layouts being split after M3 and M4, respectively, which helps us to evaluate the significance of the split layer for our scheme.…”

Section: A Setupmentioning

confidence: 99%

“…VI-D. We conduct experiments for layouts being split after M3 and M4, respectively, which helps us to evaluate the significance of the split layer for our scheme. For [33], [35], we leverage the commonly applied metrics of correct connection rate (CCR), i.e., the ratio of correctly inferred BEOL connections over total BEOL connections, and Hamming distance (HD) and output error rate (OER) [41]; the latter both quantify the functional correctness of the inferred netlist. HD and OER are computed using Synopsys VCS using 100,000 patterns.…”

Section: A Setupmentioning

confidence: 99%

“…Besides, recall that the metrics used in this section have been introduced in Sec VI-A. We execute the seminal network-flow attack [33], [35] on different layouts for major camouflaging scales and for two split layers, M3 and M4, on selected ISCAS-85 benchmarks (Table XIII). 9 As indicated, we observe that our scheme is effective in mitigating this attack.…”

Section: Security Evaluation: Fab Adversaries Proximity Attacksmentioning

confidence: 99%

See 3 more Smart Citations

Obfuscating the Interconnects: Low-Cost and Resilient Full-Chip Layout Camouflaging

Patnaik¹,

Ashraf²,

Knechtel³

et al. 2020

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

Layout camouflaging can protect the intellectual property of modern circuits. Most prior art, however, incurs excessive layout overheads and necessitates customization of active-device manufacturing processes, i.e., the front-end-of-line (FEOL). As a result, camouflaging has typically been applied selectively, which can ultimately undermine its resilience. Here, we propose a low-cost and generic scheme-full-chip camouflaging can be finally realized without reservations. Our scheme is based on obfuscating the interconnects, i.e., the back-end-ofline (BEOL), through design-time handling for real and dummy wires and vias. To that end, we implement custom, BEOL-centric obfuscation cells, and develop a CAD flow using industrial tools. Our scheme can be applied to any design and technology node without FEOL-level modifications. Considering its BEOL-centric nature, we advocate applying our scheme in conjunction with split manufacturing, to furthermore protect against untrusted fabs. We evaluate our scheme for various designs at the physical, DRC-clean layout level. Our scheme incurs a significantly lower cost than most of the prior art. Notably, for fully camouflaged layouts, we observe average power, performance, and area overheads of 24.96%, 19.06%, and 32.55%, respectively. We conduct a thorough security study addressing the threats (attacks) related to untrustworthy FEOL fabs (proximity attacks) and malicious end-users (SAT-based attacks). An empirical key finding is that only large-scale camouflaging schemes like ours are practically secure against powerful SAT-based attacks. Another key finding is that our scheme hinders both placement-and routing-centric proximity attacks; correct connections are reduced by 7.47X, and complexity is increased by 24.15X, respectively, for such attacks.

show abstract

Section: A Split Manufacturingmentioning

confidence: 99%

Section: A Setupmentioning

confidence: 99%

Section: A Setupmentioning

confidence: 99%

Section: Security Evaluation: Fab Adversaries Proximity Attacksmentioning

confidence: 99%

See 2 more Smart Citations

Obfuscating the Interconnects: Low-Cost and Resilient Full-Chip Layout Camouflaging

Patnaik¹,

Ashraf²,

Knechtel³

et al. 2020

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

show abstract

“…In contrast, we assume that the physical hardware is trusted; hardware trojans [217] are thus out of scope. As hardware trojans are a fertile area of research in the hardware security community [34,68,94,115,189,229,231,252], this assumption is reasonable when considering samples of software instead of circuit design or layout.…”

Section: Threat Modelmentioning

confidence: 99%

Transparent System Introspection in Support of Analyzing Stealthy Malware

Leach

View full text Add to dashboard Cite

The proliferation of malware has increased dramatically and seriously degraded the privacy of users and the integrity of hosts. Millions of unique malware samples appear every year, which has driven the development of a vast array of analysis tools. Malware analysis is often performed with the assistance of virtualization or emulation for rapid deployment.Malware samples are run in an instrumented virtual machine or analysis tool, and existing introspection techniques help an analyst determine its behavior. Unfortunately, a growing body of malware samples has begun employing anti-debugging, anti-virtualization, and antiemulation techniques to escape or otherwise subvert these analysis mechanisms.These anti-analysis techniques often require measuring differences between the analysis environment and the native environment (e.g., executing more slowly in a debugger). We call these measurable differences artifacts. Malware samples that use artifacts to exhibit stealthy behavior have increased the effort required to analyze and understand each stealthy sample. Additionally, traditional automated techniques fail against such samples because they produce measurable artifacts. We desire a transparent approach that produces no artifacts, thereby admitting the analysis of stealthy malware. We refer to this challenge as the debugging transparency problem. Solving this problem is thus concerned with reducing artifacts or permitting reliable analysis in the presence of artifacts.We present a system consisting of two approaches to address the debugging transparency problem and then demonstrate how these components can apply to currently available computer systems. We present two techniques capable of transparently acquiring snapshots of memory and disk activity that can be used to analyze stealthy malware. First, we discuss a novel use of a custom Field-Programmable Gate Array that provides snapshots of memory and disk activity with no measurable timing artifacts. Second, we present a novel use of System Management Mode on x86 platforms that produces no functional artifacts at the expense of producing timing artifacts. Finally, we present an approach to evaluating the i tradeoff space that exists between analysis transparency and the fidelity of introspection data provided by such an analysis system. Together, these approaches form a cohesive solution to the debugging transparency problem that admits analyzing stealthy malware.ii DedicationThe graduate school experience has been a long endurance test. There are several people to whom I owe a tremendous amount of gratitude.

show abstract

CIST: A Threat Modelling Approach for Hardware Supply Chain Security

Halak

2021

Hardware Supply Chain Security

View full text Add to dashboard Cite

The Cat and Mouse in Split Manufacturing

Cited by 45 publications

References 22 publications

Obfuscating the Interconnects: Low-Cost and Resilient Full-Chip Layout Camouflaging

Obfuscating the Interconnects: Low-Cost and Resilient Full-Chip Layout Camouflaging

Transparent System Introspection in Support of Analyzing Stealthy Malware

CIST: A Threat Modelling Approach for Hardware Supply Chain Security

Contact Info

Product

Resources

About