A Framework for Design, Verification, and Management of SoC Access Control Systems

System-on-chip (SoC) architectures are a heterogeneous mix of microprocessors, custom accelerators, memories, interfaces, peripherals, and other resources. These resources communicate using complex on-chip interconnect networks that attempt to quickly and efficiently arbitrate memory transactions whose behaviors can vary drastically depending on the current mode of operation and system operating state. Security- and safety-critical applications require access control policies that define how these resources interact to ensure that malicious and unsafe behaviors do not occur. Aker is a design and verification framework for on-chip access control. The core of Aker is the access control wrapper (ACW)-a high-performance yet efficient hardware module that dynamically arbitrates on-chip communications. Aker distributes ACWs across the SoC and programs them to perform local access control. Aker provides a firmware generation tool and a property-driven security verification methodology to ensure that the ACWs are properly integrated and configured. Aker security verification confirms that the ACW behaves properly at IP level. It verifies the hardware root of trust firmware configures the ACW correctly. And it evaluates system-level security threats due to interactions between shared resources. Aker is experimentally validated on a Xilinx UltraScale+ programmable SoC. Additionally, an Aker access control system is integrated into the OpenPULP multicore archtiecture that uses OpenTitan hardware root-of-trust for firmware configuration.