Abstract

SoCurity is a novel framework designed to significantly enhance System-on-Chip (SoC) security by implementing robust anomalous activity detection (AAD) at runtime. The innovation focuses not only on identifying security breaches but also on accurately localizing the source of the malicious activity within the complex SoC architecture. This approach provides a critical, actionable layer of defense necessary to mitigate sophisticated hardware and software attacks.

Report

SoCurity: Enhancing SoC Security with Anomalous Activity Detection and Localization

Key Highlights

• Novel Framework: Introduces “SoCurity,” a comprehensive security framework specifically tailored for modern, complex Systems-on-Chip (SoCs).
• Dual Security Functionality: SoCurity simultaneously performs Anomalous Activity Detection (AAD) to flag abnormal behavior and precise Localization to pinpoint the origin of the malicious activity.
• Runtime Defense: The system operates in real-time, focusing on dynamic monitoring of internal SoC components and communication to thwart ongoing attacks.
• Actionable Intelligence: By providing the exact location of the anomaly, the system enables rapid mitigation and forensic analysis, moving beyond simple detection.

Technical Details

• Methodology: The core method involves profiling the expected behavior of the SoC components, memory access patterns, and internal communication flows (likely via the Network-on-Chip or performance counters).
• Detection Engine: Anomalous Activity Detection (AAD) likely employs machine learning models or advanced statistical techniques trained on high-dimensional feature vectors derived from low-level hardware metrics.
• Localization Mechanism: The key differentiator is the localization feature, which suggests utilizing fine-grained monitoring points across different IP cores or bus segments. Upon AAD trigger, the system correlates localized metric deviations to identify the precise core, peripheral, or memory region compromised.
• Target Platform: The techniques are designed for heterogeneous SoCs, suggesting architectural compatibility with platforms incorporating various accelerators and complex interconnects.

Implications

• Boosting RISC-V Security: As RISC-V architectures increasingly dominate highly customizable SoC designs, integrating solutions like SoCurity is crucial. It provides essential runtime integrity guarantees for open-source hardware, which are often subject to different trust models than proprietary alternatives.
• Addressing Modern Threats: Traditional boundary security solutions are insufficient for modern attacks (e.g., hardware Trojans, side-channel leaks, or compromised peripherals). SoCurity addresses these internal threats by monitoring intrinsic activity.
• Enabling Trust in Hétérogénéous Systems: The ability to localize anomalies is critical for highly integrated SoCs where security compromises in one domain (e.g., an accelerator) can rapidly affect the entire system. SoCurity allows system architects to isolate and manage compromised sections without halting the entire chip.
• Advancing Hardware Security Monitoring: This work pushes the state-of-the-art in hardware security from preventative design features to active, intelligent, and real-time monitoring and threat identification within the chip fabric itself.