The Research Of Architecture Design And Implementation Of Security SoC

Secure chip as an important component of information system that is wildly used in significant domain such as military affairs and finance etc. So the research on the architecture and its running policy of secure chip is very important to insure the security of information system. Firstly, a security architecture design model is proposed based on the chip design specification that receive by the common criteria. Then design and implementation chip's hardware logic and working flow of trusted software that realize the secure policy of design target. The model is validated by the theorem proving method. Finally, a high performance secure SoC chip ETISCSoC is design, implemented, simulated and verified.The main jobs and research results are listed as follows: 1. According to the TOE development model and the guidance flow of the security requirements and function specification, by analyzing existed security chip architecture and the security chip's application environments, the security requirements and function specification of ETISCSoC are proposed. And then the security architecture design model of ETISCSoC and its HW/SW partitioning are gained by the SoC design flow and specification.2. The design and implementation of hardware architecture is completed. A memory protection unit is design and integrated. By extending two memory control RAM and corresponding control logic, it realizes the exterior memory dynamic division, isolation and access control based on security secure attributes. A cryptographic service model integrating several IP cores with one dual port RAM is proposed. It save much memory resource and reduce the times of transit data. It also increases the cryptographic service efficiency and operation parallelism. A security protect unit is design and implemented to defend established physical attacks.3. Chip's asset is divided into different levels and the security states and its translation flow are design. The security mechanism is realized by using hardware and software co-design method. In order to insure the chip is security in each step such as manufacture, transportation, code download and update, running, the exchange of command and data etc.4. A formal model of security architecture is established, and using theorem proving method verified that the model satisfied the chip's design target.