IP Security Assurance

What Is The IP Security Threat Level In Your SoC?

Semiconductor IPs have an “attack surface” that indicates how they can be compromised in real world scenarios. Some portions of these attack surfaces are well known, others are discovered during analysis, testing, or out in the field.

The average SoC in today’s design environment has more than 100 different IPs. In many cases, the actual count is much higher because IPs are embedded in other IPs due to reuse or flattening of the IP hierarchy. Additionally, these IPs come from many different sources including both external vendors and internal IP development teams that are often globally distributed.

As the SoCs are assembled over the course of several months, or even years, these IPs go through various mutations, feature changes, bug fixes, and revisions, all of which have to be incorporated into the chip. In the high pressure, compressed timelines of today’s projects, not every change can be thoroughly verified or exercised. Often seemingly innocuous changes are ignored or left to be “tested later.”

The final SoC is a patchwork of IPs with various origins, quality levels, and sometimes poorly understood attack surfaces. So how do you keep track of everything needed to assure security of the design?

Percipient to the Rescue

Percipient is the definitive, single source of truth for all of the IP content in every chip in the enterprise.  It is a design traceability platform that allows all design information to be connected throughout an enterprise from provenance to delivery of the final design.  

Percipient allows designers, SoC assemblers, and security experts to determine exactly which version of which IP was used in each design. It also provides a channel of information through integrations to bug tracking systems like Jira where a vulnerability found in one context – say a lab test or out in the field – can be annotated on the exact versions of impacted IPs and fixed in later versions.

Each team in the design process can now transparently see the security impact of using all of these specific IPs in their design as the threats are uncovered, and then take the necessary steps to assure the threats are addressed.

Security vulnerabilities, found in the various contexts of the IPs that constitute the system, can be rolled up at the SoC level into a well understood ‘threat level’ for the SoC that changes dynamically as new threats are detected and existing threats are addressed. SoC owners can also preview how this threat level will be impacted when they incorporate newer versions IPs into their SoC.

With Percipient, you now have a way to find and track security threats in your designs so that you can take appropriate steps to eliminate them.