Commercial Electronic Design Best Practices To Support … · 2020. 11. 1. · Liberate ™ Characterization ... AMS Errant behavior 2+2 = 5 Malicious modifications Insecure components

© 2020 Cadence Design Systems, Inc. Cadence confidential. Internal use only.1

Secure SiliconCommercial Electronic Design Best Practices To Support

MOSIACS JCTD

Steven Carlson, James Chew, Charlie Schadewitz

Cadence Design Systems, November 2020

www.cadence.com

https://www.cadence.com/go/national-security

http://www.cadence.com/

https://www.cadence.com/go/national-security


Bottom Line Up Front

• “Shift-left: software integration, bring-up, and verificationo Emulate before you fabricate to show functional interoperabilityo Integrate before you fabricate for electrical/power integrity and thermalo Attack before you fabricate to stress security policy early

Do It right the First Time


Microelectronics: heart of the matter

DoD Modernization Areas: • Artificial Intelligence / Machine Learning (AI/ML)• Autonomy • Cyber • Directed Energy • Fully Networked C3 (FNC3) • Hypersonics • Microelectronics • Quantum • Space

Additional joint interest areas include: • Autonomous Close Air Support Capabilities • Emerging Disruptive Technologies and Capabilities • Enhanced Soldier Close Combat Lethality • Integrated Command and Control Solutions • Intelligent Electronic Warfare • Operationalizing the Stratosphere • Rapid Decision Making Tools and Systems • Reducing the Sensor-to-Shooter Timeline • Sensors for Time Sensitive Targeting • Sustained Logistics in a Contested Environment

Fighter CapabilityDomain-Specific Reference Platforms

HeartbeatOf Modern

Systems

Microelectronics

AI/ML

Autonomy

Cyber

FNC3

Hypersonics

Space

Autonomous Close Air Support Capabilities

Intelligent Electronic Warfare

Enhanced Soldier Close Combat Lethality

Sensors for Time Sensitive Targeting

Rapid Decision Making Tools and Systems

Reducing the Sensor-to-Shooter Timeline

Integrated Command and Control Solutions

Sustained Logistics in a Contested Environment

Operationalizing the Stratosphere


• Symptomso Rifle scopeo Atmospheric monitoring systemo Fighter helmet

o Fighter EW system

Microelectronics & DoD: Something’s wrong

Huge SWaP/PPA disadvantage

Antiquated technology, architecture, SWaP

1990’s design & verification approaches

1990’s design & verification approaches

Defense Industrial Base is the perfect evolution of the DoD’s

laws, rules and regulations


Commercial Best Practice: Integrate Before You FabricateComprehensive verification, implementation & analysis solutions

AnalogMixed Signal

HW/SW Verification“Is it functionally correct?”Hardware/Software, Power,

Architecture, Safety, Security

Chip Implementation“Optimized, Advanced Node

Implementation”Performance, Power, Cost

PackagingPCB Integration

“Silicon into packages and parts into Printed Circuit Boards”

System Analysis“Does it work when put together?”Electromagnetic, Thermal, Low Power

IP Selection“Reuse the right building blocks”

Processors, Interfaces, Analog

Apps

Engines

Formal Simulation Emulation Prototyping

Smart Verification Management

X86 ServerArm Server Custom Processor FPGACompute X86 Server

Arm ServerConcept

Des

ign

Impl

emen

tatio

n

Innovus™Implementation System

Stratus™High Level Synthesis

Genus™RTL Synthesis

Conformal®LEC, ECO, LP

ModusDFT

Joules™RTL Power

Pegasus™DRC, LVS, DFM

Tempus™Signoff STA

Quantus™Signoff Extraction

Voltus™Signoff Power

Tempus™Signoff STA

Quantus™Signoff Extraction

Sign

off

Des

ign

Cre

atio

n

Liberate™Characterization Portfolio

Verified hardware description

GDSII for masks to fab

Board & Package

IP & Subsystems

Implementation

Systems

Verification


Dynamic Duo: Emulation & Prototyping

Palladium Z1 Emulation• Optimized HW/SW debug

• SoC acceleration, HW/SW

• Power & Performance Analysis

• Advanced Use Models

• Up to 12 Racks or 6.9B gates

Protium X1 Prototyping• Automated Bring-Up

• Scalable performance

• SW development

• HW/SW regressions

• Up to 4.8B FPGA Gates (Q1’20)

Compile

DUT

RTL

SamePhysical Interfaces

The Dynamic Duo of the Electronics Industry DoD Currently Has Five Palladium Emulation Systems Available for Use

AFRL @ DAC 2019: https://bit.ly/3dUOAZm


Example Digital Twin Setup

Compile

Design

Load Design

Connect to existing hardware

Load software

Compile

C/C++

Performance data analysis/analytics

Function – Performance Power – Reliability – Safety

Security - Rad-hardness

Apply ActualData

Note: Example conceptual, does not representing actual design


Example: Inside NVIDIA’s Emulation Lab

Software-Based Hardware Tests

=

ChipProduction

SiliconBringup

Post SiliconFab

ArchitectureExploration

andSpec

DefinitionPhase

Place andRoute,

Tapeout

SoC Development

Functional Bug Rate

Frontend Design and Functional Verification

SystemOn

Chip

https://blogs.nvidia.com/blog/2011/05/16/sneak-peak-inside-nvidia-emulation-lab/

https://blogs.nvidia.com/blog/2011/05/16/sneak-peak-inside-nvidia-emulation-lab/


Northrop Grumman Collaboration With Cadence Palladium Z1


Hardware Vulnerabilities are Widespread, Dangerous, and Costly

Why?

1. Increasing chip complexity

2. Hardware attack ROI is high; breaks large investments in cybersecurity

3. Shift to hardware based security architectures prone to vulnerabilities

MITRE records a 5X increase in hardware vulnerabilities in the last 2 years

# of

Har

dwar

e V

ulne

rabi

litie

s


EDA technologies address broad array of security challenges

Hardware logicProgrammable system

Processors SRAM

AI/ML

Display

EHSM

Network

DSPUSB

UARTGPIO

User

logi

c

AMS

Errant behavior2+2 = 5

Malicious modifications

Insecure components

Data leaksCounterfeits/ clones

Side channels

Malware

Bugs

System-on-chip security attack surfaces

Physical analysis

Functional verification

SW dev/debug

FormalEquivalence

FormalProof

Design IP

Processor/ IP

Security design

servicesProvenance

tracking

Datapath security appSeq equivalenceGeneral assertion proofFault selection/injection

Equivalence checkPower mgt verif

Multi enginePlanning, mgtPortable stimulus genHW/SW verif/debugSafety/Fault injection

Auto qualifiedAdv nodeStandards interfacesConverters/mixed-signalBIST/BISA automation

Security function implAdv node expert teamCleared personnel

PowerThermal Reliability/agingEMIR

HW verif links to SW envsAccurate HW/SW interactionBlended abstraction w/ real devices

EncryptionAuthenticationHROT compatibleSecure RTOS compatibleAuto qualified safety

Interfaces to PLMsVplan/tracking/mgt

Supply Chain Trust Assurance


Shift-left: best practice with big payoffs

Early functional integration, interoperability debug, mitigation

Early physical integration , integrity, thermal, EMI, …


Shift-Left: enables security susceptibility analysis

• “Shift-left” enables pre-silicon attack.

• Coming mandate to attack before you fabricate:o Emulate before you fabricate – get the system function

(HW, HW/SW) correct before any physical fabrication

o Integrate before you fabricate – co-optimize the chip/package/board/interconnect/enclosure

o Attack before you fabricate – explore and stress vulnerability surfaces

• Mandates ensure early attack analysis is possible

• Capabilities can be retrofitted into systems facing DMS issues or are due for upgrades and technology insertions.

• Shift-left movement has opened an opportunity to significantly improve the first-pass success in meeting system security specifications


Performance testing

Palladium - DPA

Power Analysis

Joules/Voltus

Thermal Analysis

Celsius Thermal model extraction

Transient thermal simulationDie DimensionsPackage Design (.sip file)Board (.brd file) ß optional

Power over time per tileTiling file

Transient temperature maps

LIB/LEFSDCRTL/DEFUPF/CPFSPEF (optional)

Activity Data (PHY)

Android SW stackAntutu SW

Virtual HW/SW Bring-up

Palladium/Protium

Mission-specific workloads

Toggle Activity ProfileAnTuTu CPU score

Detailed Power reportsFrequency sweeps

Known good design

DesignExecution env

What if Sensor placement

Reliability/Aging Analysis

Legato/Voltus-Fi

Temp/pwr over time per tileTiling file

1

3

2

4

5

6

Conceptual analysis waterfall diagram


Red TeamBlue Team

Attack While You Design:Verification platform independent pre-silicon attack generation; post silicon digital-twin analysisSupport Blue/Red team’s work (performance/denial of service, power, timing, EMI, reliability functional attack automation andanalysis)

Blue team passes design image to Red

team in Protium image

Perspec System Verifier

Attacks at HW/SW interface

Palladium® Z1

RTL

Protium S1® Protium S1®

Perspec System Verifier

Red team passes successful attack tests

to Blue team

Design/attack HW/SW tests

UPF

Cadence Proprietary ©


• Shift-left software integration, bring-up, and verificationo Emulate before you fabricate to show functional interoperabilityo Integrate before you fabricate for electrical/power integrity and thermalo Attack before you fabricate to stress security policy early

• Using Commercial Electronics Design Best Practices yields a system digital twin o Use to ensure cyber security

Summary Recommendations

Do It right the First Time

© 2020 Cadence Design Systems, Inc. All rights reserved worldwide. Cadence, the Cadence logo, and the other Cadence marks found at www.cadence.com/go/trademarks are trademarks or registered trademarks of Cadence Design Systems, Inc. Accellera and SystemC are trademarks of Accellera Systems Initiative Inc. All Arm products are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All MIPI

specifications are registered trademarks or service marks owned by MIPI Alliance. All PCI-SIG specifications are registered trademarks or trademarks of PCI-SIG. All other trademarks are the property of their respective owners.

http://www.cadence.com/go/trademarks

Documents

Commercial Electronic Design Best Practices To Support … · 2020. 11. 1. · Liberate ™ Characterization ... AMS Errant behavior 2+2 = 5 Malicious modifications Insecure components