DARPA launches Automatic Implementation of Secure Silicon program
For the past decade, cybersecurity threats have moved from high in the software stack to progressively lower levels of the computational hierarchy, working their way towards the underlying hardware. The rise of the Internet of Things (IoT) has driven the creation of a rapidly growing number of accessible devices and a multitude of complex chip designs needed to enable them. With this rapid growth comes increased opportunity for economic and nation-state adversaries alike to shift their attention to chips that enable complex capabilities across commercial and defense applications. The consequences of a hardware cyberattack are significant as a compromise could potentially impact not millions, but billions of devices.
Despite growing recognition of the issue, there are no common tools, methods, or solutions for chip-level security currently in wide use.
“Today, it can take six to nine months to design a modern chip, and twice as long if you want to make that same design secure,” said Serge Leef, a program manager in DARPA’s Microsystems Technology Office (MTO). “While large merchant semiconductor companies are investing in in-house personnel to manually incorporate security into their high-volume silicon, mid-size chip companies, system houses, and start-ups with small design teams who create lower volume chips lack the resources and economic drivers to support the necessary investment in scalable security mechanisms, leaving a majority of today’s chips largely unprotected.”
To ease the burden of developing secure chips, DARPA developed the Automatic Implementation of Secure Silicon (AISS) program. AISS aims to automate the process of incorporating scalable defense mechanisms into chip designs, while allowing designers to explore economics versus security trade-offs and maximize design productivity. The objective of the program is to develop a design tool and IP ecosystem – which includes tool vendors, chip developers, IP licensers, and the open source community – that will allow security to be inexpensively incorporated into chip designs with minimal effort and expertise, ultimately making scalable on-chip security pervasive.
Leef continued, “The security, design, and economic objectives of a chip can vary based on its intended application. As an example, a chip design with extreme security requirements may have to accept certain tradeoffs. Achieving the required security level may cause the chip to become larger, consume more power, or deliver slower performance. Depending on the application, some or all of these tradeoffs may be acceptable, but with today’s manual processes it’s hard to determine where tradeoffs can be made.”
AISS seeks to create a novel, automated chip design flow that will allow the security mechanisms to scale consistently with the goals of the design. The design flow will provide a means of rapidly evaluating architectural alternatives that best address the required design and security metrics, as well as varying cost models to optimize the economics versus security tradeoff. The target AISS system – or system on chip (SoC) – will be automatically generated, integrated, and optimized to meet the objectives of the application and security intent. These systems will consist of two partitions – an application specific processor partition and a security partition implementing the on-chip security features. This approach is novel in that most systems today do not include a security partition due to its design complexity and cost of integration. By bringing greater automation to the chip design process, the burden of security inclusion can be profoundly decreased.
DARPA will hold a Proposers Day on April 10, 2019 at the DARPA Conference Center, located at 675 North Randolph Street, Arlington, Virginia 22203, to provide more information about AISS and answer questions from potential proposers. For details about the event, including registration requirements, please visit: https://www.fbo.gov/index?s=opportunity&mode=form&id=6770487d820ee13f33af67b0980a7d73&tab=core&_cview=0