Today, continuously keeping developers up to date to the latest, secure-by-design best practices is an important element for product security. However, can common security mistakes be prevented without hardware designers first being trained to become top-notch security experts?
Electronic design automation (EDA) solutions are software programs that assist designers to develop electronic systems and semiconductor chips. What new capabilities should today's EDA solutions offer for security assurance, in addition to the traditional focus of functional correctness? Here are seven characteristics that I believe a highly effective security-aware design automation solution should offer.
Guide Users to Make Design Tradeoffs by Taking Both Functionality and Security Into Consideration
To achieve that, a smart EDA solution needs to offer different mechanisms to characterize security robustness of a design based on its security objectives. However, reporting measurement data while assuming users know what to do with them is not enough. Measured data should be translated to insightful, easy-to-understand metrics, and those metrics should lead to actionable, prescriptive guidance that users can follow to improve their designs. At the same time, the security metrics should be presented alongside functional metrics like performance, power consumption, and die size to guide users making important design tradeoff decisions.
Educate Users on Security Best Practices When Design Decisions Are Being Made
While classroom learning is one way to acquire such knowledge, seizing on-the-job moments to raise user awareness can help reinforce adoption of important secure-by-design practices. The next generation of EDA solutions should play the role of a virtual security consultant assisting users to build a secure product every step of the way. The challenge is how the EDA solution can understand the context to offer recommendations that are timely, accurate, and prescriptive, but not overly intrusive.
Detect Security Issues in Real Time When Code Is Being Written
How can we develop a smarter solution that would alert users as they are about to introduce security vulnerabilities into their designs? One of the biggest challenges with today's solutions is their inability to understand designers' intents. Design languages such as SystemVerilog don't offer the means for designers to convey if a signal, register, or interface should be considered trusted. Without a good understanding of the security requirements, tools often run blind during evaluation. This leads to a high number of false positives and false negatives.
Beyond Just Finding Problems, Provide Reliable Mitigation Options to Address Them
So far, there has been little research focused on automatic generation of fixes even for functional issues, not to mention security vulnerabilities. This research area could use more help from the academic community and, in particular, machine learning experts. Taking it a step further, there are often multiple ways to address a security concern, but each may impact the design's performance, power consumption, and size differently. A security-aware solution would offer options not just optimized for security but also meeting circuit timing constraints, power budget, and die-size requirements based on users' preferences.
Seamlessly Integrate Best-In-Class Protections
Take memory corruption errors in the software security domain as an example. Research has made great strides in the past decade offering hardware-based mitigations that protect software workloads running on top. These systemic mitigations significantly increase the barrier of attacks and minimize negative impacts of software exploitations, making practical attacks much harder to succeed. While software developers may continue to miss validating untrusted input data before use, many of these mistakes are no longer exploitable when hardware-based protections such as Control-Flow Enforcement Technology (CET) are enabled. The hardware industry needs similar research investment to help designers, like fault-resilient standard cell libraries, self-healing circuits, and constant-time/power crypto primitives. A security-aware EDA solution can then integrate these best-in-class mitigations and synthesize resilient circuits seamlessly without direct user interventions.
Recommend the Most Efficient Test Strategy for a Given Coverage Guarantee
Not all security properties can be verified just by analyzing the design statically. Hardware simulation and emulation techniques are often applied to evaluate run-time behaviors essential in identifying weaknesses involving race conditions, interactions with firmware, security flows, and more. In addition, formal verification techniques are often employed when the verification space is simply too large for testing to brute force.
Today, the burden to identify what verification methodology to use, what tests to run, and what parameters to use falls on the shoulders of the development team. It's an open challenge even for seasoned verification experts to verify all security properties without wasting valuable test cycles on redundant test cases.
Learn Continuously From Users
No system is perfect, even for a smart EDA solution. To improve its accuracy and quality over time, it needs to learn continuously from the users. However, users are not always right. Also, conflicting feedback could be provided by different users, as each has unique preferences and priorities. Continued advancement in AI research would enable an EDA solution to learn selectively from crowdsourcing feedback.
While securing hardware technologies may seem to be an art best reserved for the most skillful, we must double down on research investment to accelerate innovations in automation so that the industry can scale. That way, designers can benefit from next-generation, security-aware EDA solutions to create secure products with confidence.