Protection against hardware trojan attacks: Towards a comprehensive solution

The issue of trust is an emerging problem in integrated circuit (IC) security. A solution which can reliably protect against Trojan attacks of all forms and sizes is extremely difficult to achieve. On the other hand, an integrative solution which combines the complementary benefits of design, test, and monitoring solutions can provide the highest level of trust. A security monitor (SM) is a programmable transaction engine configured to implement finite state machines (FSMs) that check the behavior of signals of interest. Signal probe networks (SPNs) are configured to select a subset of the monitored signals and transport them to SMs. All the configurations are stored in a nonvolatile (flash) memory inside the configuration and control processor (CCPRO). The SMs perform two types of checks, a set of user-specified security violations, such as an attempt to access a restricted address space or entering test/debug modes during normal operation; and checks consisting of the general correctness properties of the system behavior, usually expressed as assertions.