Automated Generation, Verification, and Ranking of Secure SoC Access Control Policies

Modern System-on-chip (SoC) architectures are a heterogeneous mix of microprocessors, custom accelerators, memories, interfaces, peripherals, and other resources. These resources communicate using complex on-chip interconnect networks that attempt to quickly and efficiently arbitrate memory transactions whose behaviors can vary drastically depending on the current mode of operation and system operating state. Security- and safety-critical applications require access control policies that define how these resources interact to ensure that malicious and unsafe behaviors do not occur. The process of defining and then verifying the security of these access control policies relies heavily on manual effort. This paper describes an automated methodology to generate, verify, and rank secure SoC access control policies. Our methodology targets access control policies for AKER access control systems.