This is an archived version of CCC's website. Please visit the new ccc website for the latest information.

Convergence of Software Assurance Methodologies and Trustworthy Semiconductor Design and Manufacture

Overview:

Ensuring that a computer chip or other semiconductor-based component does exactly what it the customer wants it to do, and nothing else, is becoming more challenging. Feature sizes continue to shrink and are measured in nanometers, circuits are more complex, and design and manufacture involves a supply chain typically comprising many businesses worldwide. Threats range from improper performance or early failure to allowing access to those with malicious intent.

Semiconductor design and manufacture depends on a "pipeline of tools," with each tool outputting something that is closer to describing what is actually produced and sold. One form of supply-chain attack involves corrupting one or more stages of this tools pipeline, so that the output of the pipeline exhibits undesirable functionality.

The programming languages community has, over the last two decades, addressed closely related problems with solutions such as "proof carrying code" and "certifying compilation" that derive from formal methods. Work in "compiler correctness" also is relevant. By analogy, semiconductor supply-chain attack might be frustrated if both the artifact and an analysis are transmitted between successive pipeline stages, with the analysis being updated by each stage. The updates would establish that properties checked by analysis in prior pipeline stages are preserved in the current pipeline stage. That is, each pipeline stage performs a kind of refinement, and checks that the refinement does not invalidate properties that previous stages validated. At the final stage, an accompanying analysis would rationalize the role of each element in the output of the pipeline.

This workshop is organized and sponsored by the Semiconductor Research Corporation (SRC), National Science Foundation (NSF), and Computing Community Consortium (CCC), will bring together academic and industry experts from both the programming language and semiconductor design/manufacture communities to share and discuss challenges to securing the semiconductor manufacturing process and strategies, based in part on experience in the programming language community, for addressing them.

Participation in the one-and-a-half day workshop is limited and by invitation only. The output will be a report outlining the problems and areas of research that have the potential to lead to solutions.

Agenda:

Day 1, January 15

7:30 am – 8:30 am

Continental breakfast

8:30 am -9:00 am

Welcome and Overview of the Workshop
Keith Marzullo, NSF, Director of Computer and Network Systems Division
Workshop Sponsors (Jeremy Epstein, NSF & Celia Merzbacher, SRC)

9:00 am -10:30 am

Plenary Session 1: Overview of Semiconductor Design and Manufacture (with an eye toward the future)
Moderator – Ron Perez, AMD

Semiconductor Manufacture Tools & Processes and Potential Vulnerabilities (15 mins)— K. Kemp, Freescale

Semiconductor Design Tools & Processes and Potential Vulnerabilities (15 mins)—S. Trimberger, Xilinx

Top-to-bottom integrative design & verification (15 mins)—C. Seger, Intel

Incorporation of designs from multiple sources (15 mins)—R. Aitken, ARM

Panel Discussion (30 mins)

10:30 am -11:00 am

Break

11:00 am -12:30 pm

Plenary Session 2: Overview of Software Assurance Methodologies Moderator – Fred Schneider, Cornell

Thinking about attacks / minimizing trusted base (20 mins)—A. Appel, Princeton

CompCert as a software tool chain (20 minutes)—D. Pichardie, INRIA/Harvard

Specifying the HW/SW interface (20 minutes)—P. Sewell, Cambridge

Panel Discussion (30 mins)

12:30 pm -1:30 pm

Lunch
Reality of hardware vulnerability—F. Kiamlev and F. Cayci, U. Delaware

1:30 pm -5:00 pm

Breakout sessions
(facilitated discussion on specified questions) Facilitators: Jeremy Epstein (NSF), Fred Schneider (Cornell) and Yervant Zorian (Synopsys)

5:00 pm -6:00 pm

Preliminary Breakout reports (5 min each; bring forward one or two issues/ideas for consideration by all)

6:00 pm

Reception

Day 2, January 16

7:30 am - 8:30 am

Continental breakfast

8:30 am -8:35 am

Welcome:  Suzanne Iacono, Deputy Assistant Director, Directorate for Computer & Information Science & Engineer, NSF

Opening remarks: Overview of Day 2 (Merzbacher/Epstein)

8:35 am -9:00 am

Plenary session 3: Further food for thought
Moderator – Ruby Lee, Princeton

Counterfeit chips: What are the threats? (20 mins + 5 mins Q&A)—M. Tehranipoor,  U. Conn.

9:00 am -9:30 am

Why information flow is different from—and harder than—verifying other kinds of properties (20 mins + 5 mins Q&A)—S. Zdancewic, U. Penn.

9:30 am - 12:00 pm

Continue Breakout Groups to finalize output (with 15 min break)

12:00 pm -1:30 pm

Breakout Group reports & discussion—Working lunch

1:30 pm -2:00 pm

Wrap-up

2:00 pm

Adjourn