We all know (I hope) that security is important so we’re willing to invest time and money in this area but there are a couple of problems. First there’s no point in making your design secure if it’s not competitive and making it competitive is hard enough, so the great majority of resource and investment is going to go into that objective. Security might get one person or a small team, working with the hardware root of trust and providing guidance and review for the rest of the design team. Which the latter will address and prioritize as best they can among the thousand other things they have to do.
Then there’s that nagging question – how much work do I have put into security verification to know my design is truly secure? Does this mean lots of new simulation and formal testbenches have to be built, and what should they be stimulating and checking? Even more important, a lot of emerging hardware hacks leverage a combination of software and hardware (Spectre for example). How are you going to check these? Formal is out, and for simulation how would you even stimulate, much less check for these classes of problem? Even if you could answer these questions for specific threats (each probably a research project in its own right) is it feasible to cover a realistic set of potential threats?
That’s a lot of questions without easy answers in traditional design verification. You want to do a thorough job, but you don’t want to have to create masses of new and highly complex testbenches. Fortunately there’s a good answer. Tortuga have been developing technology around this area for multiple years and are now partnered with Synopsys and Cadence and licensed by Xilinx. They have a very interesting approach to both build confidence that you are comprehensively covering a range of threats and to reuse existing verification testbenches in their analysis. That’s exactly what you need, and I have to believe that this stuff works, based on their industry references.
Check out their upcoming webinar on applying these techniques to your hardware root of trust.
In this webinar, we will discuss common hardware security concerns in many market verticals including IoT, Datacenter, and Aerospace/Defense that are often centered around a Hardware Root of Trust. We then discuss common hardware security verification techniques, as well as their benefits and drawbacks. Next, we will present the best-in-class techniques and methodologies for understanding the system security ramifications of a mixed hardware/software system. Lastly, we will present an example security analysis on a real-world hardware/software system using the discussed techniques.
All attendees will receive a copy of the white paper, “Detect and Prevent Security Vulnerabilities in your Hardware Root of Trust.”
The presenter will be Jason Oberg, co-founders and Chief Executive Officer of Tortuga Logic. Jason oversees technology and strategic positioning of the company. He is the founding technologist and has brought years of intellectual property into the company. His work has been cited over 700 times and he holds 6 issued and pending patents. Dr. Oberg has a B.S. degree in Computer Engineering from the University of California, Santa Barbara and M.S. and Ph.D. degrees in Computer Science from the University of California, San Diego.
About Tortuga Logic
Founded in 2014, Tortuga Logic is a cybersecurity company that provides industry-leading solutions to address security vulnerabilities overlooked in today’s systems. Tortuga Logic’s innovative hardware security verification platforms, Radix™ enable system-on-chip (SoC) design and security teams to detect and prevent system-wide exploits that are otherwise undetectable using current methods of security review. To learn more, visit www.tortugalogic.com.