Security Enclave Architecture for Heterogeneous Security Primitives for Supply-Chain Attacks

TL;DR

This paper introduces CITADEL, a modular security framework for SoCs that simplifies designing robust, customizable security architectures to defend against supply-chain threats with minimal resource overhead.

Contribution

CITADEL provides a configurable, plug-and-play security subsystem for SoCs, enabling tailored defense mechanisms against diverse threats, demonstrated through real-world case studies.

Findings

CITADEL effectively defends against supply-chain threats.

Minimal impact on silicon area and power consumption.

Flexible architecture adaptable to various security needs.

Abstract

Designing secure architectures for system-on-chip (SoC) platforms is a highly intricate and time-intensive task, often requiring months of development and meticulous verification. Even minor architectural oversights can lead to critical vulnerabilities that undermine the security of the entire chip. In response to this challenge, we introduce CITADEL, a modular security framework aimed at streamlining the creation of robust security architectures for SoCs. CITADEL offers a configurable, plug-and-play subsystem composed of custom intellectual property (IP) blocks, enabling the construction of diverse security mechanisms tailored to specific threats. As a concrete demonstration, we instantiate CITADEL to defend against supply-chain threats, illustrating how the framework adapts to one of the most pressing concerns in hardware security. This paper explores the range of obstacles encountered when building a unified security architecture capable of addressing multiple attack vectors and presents CITADEL's strategies for overcoming them. Through several real-world case studies, we showcase the practical implementation of CITADEL and present a thorough evaluation of its impact on silicon area and power consumption across various ASIC technologies. Results indicate that CITADEL introduces only minimal resource overhead, making it a practical solution for enhancing SoC security.