Online Prevention Of Security Violations In Reconfigurable Scan Networks

Modern systems-on-chip (SoC) designs are requiring more and more infrastructure for validation, debug, volume test as well as in-field maintenance and repair. Reconfigurable scan networks (RSNs), as allowed by IEEE 1687 (IJTAG) standard, provide flexible access to the infrastructure with low access latency. However, they can also pose a security threat to the system, by leaking information about the system state.In this paper, we present a protection method that monitors access and checks for violations of security properties online. The method prevents unauthorized access to sensitive and secure instruments. In addition, the system integrator can specify more complex security requirements, including giving multiple users different access privileges. Simultaneous accesses to multiple instruments, that would expose sensitive data to an untrusted core (e.g. from 3rd party vendors) or instrument, can be prohibited. The method does not require any change to the RSN architecture and is easily integrable with IP core designs. The area overhead with respect to the size of the RSN is below 6% and scales well with larger networks.