
“Bare Metal Security” adds hardware system tripwire to SoCs
UltraSoC’s core technology is IP (intellectual property); designers of complex, multi-core SoCs can add silicon embedded instrumentation to their designs so that when the system is being verified and debugged, any anomalous behaviour can be trapped, tracked, analysed and documented.
CEO Rupert Baines describes how, for a typeical overhead (in silicon area/gatecount) of 1 – 2%, the company’s IP can add a “virtual, native-speed logic analyser” – and oscilloscope functions – that can expose the root causes of system failures and performance shortfalls, when a complex chip is in bring-up and debug. The company provides tools that monitor, for example the traffic on inter-block buses, and allow the user to define the parameters of what is expected, and what is ‘normal’ = and to flag any excursion of the system outside those parameters. The technology finds, inn particular, inter-block and hardware/software interaction issues that are beyond the reach of the tool sets associated with any specific core.
Now, UltraSoC is extending that capability to make an in-service definition of what constitutes normal or legal behaviour. If the system departs from that, or operates outside the “box” so-defined, an alert can be generated that can (for example) set the system into a safe mode, or shutdown, or whatever the designer requires. The event that trips the monitor could be internal (a crash, or failure of either hardware or software: or an intrusion, such as hacking. UltraSoC’s IP is operating at hardware level, and can spot either case equally well; Baines says, “Never say ‘never’: but it would be very, very hard to hack.” He sees the offering as of great interest to anyone building a safety-critical system, for example ECUs for automotive uses, “It is not a replacement for existing security features, but is complementary.”
The company is therefore extending its on-chip analytics to deliver value-add functionality for SoCs; Baines adds, “It is not really a separate product line or offering; it is a different use-case of the technology we are already delivering. Existing UltraSoC users – in effect – already have it [the capability], and we think it will make [the approach] interesting to a much wider potential user base.”
Bare Metal Security capabilities can deliver security functionality required in a broad range of embedded products, from Internet of Things (IoT) appliances to enterprise systems, the company continues. Bare Metal Security features are implemented as hardware running below the operating system, so are non-intrusive and remain robust even if the system’s conventional security measures are compromised. This adds an entirely new level of protection to the SoC (system-on-chip).
“UltraSoC has proven success in accelerating SoC development,” adds Baines, “…our Bare Metal Security tools complement traditional security mechanisms, adding protection against both malicious attacks and against inadvertent malfunctions. Better still, the same gates provide all of the established benefits of developing with UltraSoC; a vendor-independent infrastructure that allows faster, more cost-efficient debug and performance optimization capabilities that are beyond the reach of conventional technologies.”
Bare Metal Security functionality uses the UltraSoC monitors to watch for unexpected behaviours such as suspicious memory accesses or processor activity, at hardware speed and non-intrusively, with minimal silicon overhead. Because it is an orthogonal on-chip hardware infrastructure independent of the main system functionality and software, there is no negative impact on system performance and it is very difficult for an attacker to subvert or tamper with. Although it functions below and outside of the operating system, the technology also provides a means of communicating with software on the device as part of a holistic security system, if this is necessary. Bare-Metal Security features also provide visibility of the whole system, making it extremely difficult to camouflage or hide an attack.
UltraSoC’s announcement is initially in terms of IP for chip design teams to include. The same IP could be added by a maker of a microprocessor or microcontroller, or other ASSP, and offered as a product variant with added security potential. Baines hints that discussions with one or more semiconductor manufacturers might be under way, but would not be drawn on whether, or when, any such option might appear in a semi vendor’s catalogue.
The company has secured third-party comment; “People increasingly appreciate the urgency of addressing security,” said Caroline Gabriel, Research Director at Rethink Research. “However, robust security cannot be bolted-on as an afterthought: it must be designed-in from the beginning. UltraSoc’s Bare Metal Security provides an attractive addition to the options available for a system developer. By providing an independent mechanism for raising an alarm or putting the system into a safe mode, this delivers an additional layer of security, especially useful as we move to the IoT age, where ‘everything’ is connected.”
Haydn Povey, CEO of Secure.Thingz, commented: “We’re seeing increasing interest in building security into SoCs at the hardware level. In fact, a number of recent announcements have promised just that. UltraSoC’s technology goes further: an independent on-chip security infrastructure, as a complement to other access-control mechanisms. Because it is versatile and scalable it has applications from IoT, through to enterprise applications, making it an attractive option for many SoC design teams.”
UltraSoC; www.ultrasoc.com
