AKER: A Design and Verification Framework for Safe andSecure SoC Access Control

TL;DR

This paper introduces AKER, a comprehensive framework for designing and verifying secure, reliable access control systems in heterogeneous SoCs, ensuring correct functionality and security at multiple levels.

Contribution

AKER provides a novel, integrated approach combining hardware modules, property-driven security verification, and practical evaluation for secure SoC access control.

Findings

Successfully verified access control correctness at IP, firmware, and system levels.

Achieved secure and efficient access control implementation on Xilinx UltraScale+ SoC.

Demonstrated security and performance benefits in a multicore SoC with integrated root-of-trust.

Abstract

Modern systems on a chip (SoCs) utilize heterogeneous architectures where multiple IP cores have concurrent access to on-chip shared resources. In security-critical applications, IP cores have different privilege levels for accessing shared resources, which must be regulated by an access control system. AKER is a design and verification framework for SoC access control. AKER builds upon the Access Control Wrapper (ACW) -- a high performance and easy-to-integrate hardware module that dynamically manages access to shared resources. To build an SoC access control system, AKER distributes the ACWs throughout the SoC, wrapping controller IP cores, and configuring the ACWs to perform local access control. To ensure the access control system is functioning correctly and securely, AKER provides a property-driven security verification using MITRE common weakness enumerations. AKER verifies the SoC access control at the IP level to ensure the absence of bugs in the functionalities of the ACW module, at the firmware level to confirm the secure operation of the ACW when integrated with a hardware root-of-trust (HRoT), and at the system level to evaluate security threats due to the interactions among shared resources. The performance, resource usage, and security of access control systems implemented through AKER is experimentally evaluated on a Xilinx UltraScale+ programmable SoC, it is integrated with the OpenTitan hardware root-of-trust, and it is used to design an access control system for the OpenPULP multicore architecture.