August 26th, 2019 – By: Sven Beyer and Sergio Marchese, OneSpin Solutions
SystemVerilog assertions can nicely capture many hardware requirements.
However, more is needed for security verification.Safety- and security-critical systems, such as connected autonomous vehicles, require high-integrity integrated circuits (ICs). Functional correctness and safety are necessary to establish IC integrity, but not sufficient. Security is another critical pillar of IC integrity. Systems and products using ICs with security vulnerabilities ultimately undermine the safety and privacy of people. However, hardware security is still in its infancy. A recent survey, focusing on the security of the automotive supply chain, found that only 47% of companies assess security vulnerabilities during the early stages of the product release process, namely requirements and design phase, and development and testing phase (see Fig. 1). As stated in the survey report, “this process is contrary to the guidance of SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle, which advocates for a risk-based, process-driven approach to cybersecurity throughout the entire product development life cycle.”