“Introduction to IEEE 3164 Standard for Security Annotation for Electronic Design Integration (SAE-DI) based on Accellera SAE-DI and a New Approach to Identifying Security Assets Within an IP”

Thursday, April 11 at 1:00pm
LAR 234
Add to Calendar

Abstract

The importance of security in electronic systems many of us rely on has become obvious to semiconductor design and manufacturing companies, but most hardware security assurance practices in industry are still performed manually using proprietary methods. This approach is very expensive, time consuming, and error prone due to the ever-increasing complexity of systems. To address the issue, the Accellera IP Security Assurance (IPSA) Working Group [1] was formed in 2018 by a team of security and EDA experts to work on developing a general and portable IP security specification standard to describe the IP security concerns (threat model) and to guide EDA vendors on how to produce security assurance collateral and use it for the automation of security verification. The specification was approved as an Accellera standard for Security Annotation for Electronic Design Integration (SA-EDI) in 2021. We will give an overview of this standard by going over the related collateral, methodology, a case study of the application of the standard and the roadmap of the standard.

In 2023, the IEEE P3164 WG was formed to create an IEEE standard based on Accellera SA-EDI with wider participation from industry, academia, government, etc. The rest of this talk demonstrates how to identify assets in intellectual property (IP) in accordance with Accellera’s Security Annotation for Electronic Design Integration (SA-EDI) standard. This guidance is planned to be documented in the IEEE P3164 Asset Identification whitepaper.

The SA-EDI standard relies heavily on the accurate identification of assets within an IP. Any errors, either false positives or negatives, can render the SA-EDI collateral ineffective or non-applicable. Therefore, it’s essential not only to identify assets but also to classify them correctly. However, this is not as straightforward as one may think. Contextual information of the IP’s integration, such as security requirements, use-cases, surrounding IPs, etc. are often needed in order to properly identify assets. These are typically defined by the integrated circuit (IC) owner and well after the IP has been developed, which is when the SA-EDI collateral needs to be produced. To address these challenges, the whitepaper introduces a methodical and practical approach that can be applied by IP owners with limited experience in security practices. The methodology is vetted using four example IPs, ranging from simple to complex, to highlight how an IP developer can use to produce accurate SA-EDI collateral for the IC owner to properly consume and apply.

Biography

Dr. Sohrab Aftabjahani is a senior staff security researcher and product security expert with the Data Center Group at Intel Corporation. Formerly, he was with the Intel Artificial Intelligence Product Group and served as the security validation lead for multiple generations of one of the Deep Learning Acceleration products for 2 years. Earlier, he was with Intel Security Center of Excellence (now part of the Intel Product Assurance and Security) for 5 years.

Since 2010, he has been with the Intel Corporation in Oregon contributing to its state-of-art R&D in various senior research and engineering roles including Hardware Security, Design for Test, digital design and validation. Moreover, he brought to Intel 9 years of hardware and software engineering experience with TRW, Computer Science Corporation, Telecommunications Research Center, and several electronic system design companies.

He is a senior IEEE/ACM member and the chair of the IEEE Computer Society Chapter in Oregon. Since 2014, he has been on the technical advisory board of the Semiconductor Research Corporation Global Research Collaboration Trustworthy and Secure Semiconductors and Systems. He has had an active role in organizing security conferences/workshops and participating in them as an invited a speaker, a panelist, a judge, and a session chair. He holds one patent and authored 31 peer-reviewed papers, white papers, technical reports, and book chapters. He received his PhD in Electrical and Computer Engineering from the Georgia Institute of Technology. His research interests include hardware security, CAD for Security, and AI Security.