As designs grow in complexity and size, the landscape for potential hackers to infiltrate a chip at any point in either the design or verification flow increases commensurately. Long considered to be a “safe” aspect of the design process, verification now must be a focus of chip developers from a security perspective.

This also means the concept of trust has never been higher, and the trust and assurance flow never more critical. Organizations such as MITRE, which created and maintain the Common Weakness Enumeration (CWE), play an important role in highlighting vulnerabilities so that companies across the industry can stay informed and respond accordingly.

“We work with a number of customers, especially related to military type activities, that are very concerned about the possibility of a nefarious agent of some kind potentially infiltrating either the design or the verification, or both, and either inserting something, intentionally not finding something, or somehow placing something in there,” explained David Landoll, product manager for formal and static products at Siemens EDA. “There are hiring practices and other kinds of things you have to have in place to make sure you trust your people, but the problem is that today’s technology is getting to be so large, so complicated, that it becomes financially intractable to try to make these designs from scratch. That means you have to pull in third-party designs, third-party IP, and that invites other people who are outside of the purview or the control. How do you then scrub those designs? How can you try to make sure those things are free of Trojans? How can you make sure these designs are free of nefarious intent?”