This book is about System-on-Chip (SoC) security policies. Modern SoC designs
contain a myriad sensitive information or “assets,” which must be protected from
unauthorized, malicious access. Security policies are rules and constraints that
enable this protection. Unfortunately, security policies themselves are significantly
complex, difficult to implement, and often error-prone. Furthermore, in current
practice they are architected, designed, implemented, and deployed in an ad hoc
manner, depending primarily on deep human insight. As we go to an ecosystem
with billions to trillions of connected computing devices—each with its own unique
security requirement—it is getting unrealistic to sustain this trend and still ensure
effective security.
This book explores an alternative, i.e., an architectural framework for systematic
design and implementation of SoC security policies. The approach entails definition
of a specific, dedicated hardware block (often referred to as an “intellectual
property” or “IP”) that serves as the security brain of the SoC design. This
security brain has the system-level security requirements programmed into it and
can communicate with other IPs in the SoC design to enforce the programmed
policy. This book dives into various facets of this architecture, including questions
on power, performance, verification, and infield policy upgrades.