By Ed Sperling and Brian Bailey, Semiconductor Engineering
As more technology makes its way into safety-critical markets—and as more of those devices are connected to the Internet—security issues are beginning to merge with safety issues.
“With safety, we are looking at single-fault effects, and for that we know what full coverage means,” said Ashish Darbari, director of product management for OneSpin Solutions. “We can analyze that every fault is detected using a number of mechanisms. But for security, attacks are not equivalent to single faults. How can we measure the effectiveness of the protections for security? If we could model and specify what the interactions need to be, what must happen, what must not happen, intentional versus unintentional, then you can come up with a good set of checks that could be specified. Security is more systematic analysis, but it will always be difficult to get a handle on completeness.”
In many cases, markets define what security means. “Security means different things to different people,” said Darbari. “To one person it is about illegal access to an unprivileged user to a CPU or part of memory. Firmware plays a big role here, as well, and a lot of bad firmware can cause these issues to manifest and allow access to the hardware. What is the security vulnerability model?”
Darbari: You are getting your assumption, you are getting constraints, and you are getting coverage points and you are getting your checkers. These three aspects and the ability to exercise them in formal or run them in a testbench environment on an emulator target or even in an FPGA are great. When we talk about formal’s usage we say it could be done from the block level to the IP level, to the system level or you could leave them running in an emulation target. I have to ask where is the formal?
June is National Safety Month and a great time to look at the tremendous advances in automotive technology, much of it related to ensuring the safety of the car’s driver and passengers. Anyone buying a smart vehicle today will get options to assist them with parking, lane management, and braking.
The challenge is knowing which parts of the hardware to concentrate on. “This could include redundant register files, added ECC protection in memory, redundant CPU core so that you can go lock-step,” says Ashish Darbari, director of product management for OneSpin Solutions. “While you may add a lock-step CPU, you may not need to duplicate all of the register files. There is a lot of design architecture knowledge that is applied. The challenge is measuring if it does the job.”
Verification specialist OneSpin has posted the landing page for its activities at the 2017 Design Automation Conference (DAC 2017) in Austin, Texas, later this month (June 18-22). The company is participating in a range of events as well as exhibiting at Booth #1547 in the Austin Convention Center.
OneSpin revealed new formal applications focused on random fault verification for safety critical analysis in automotive and other mission-critical applications. The Fault Injection App provides controlled injection of faults and assertion mapping to associated fault scenarios, as well as visibility into corrupted design behavior.