Home
OPINION

System-Level Security Issues

Black boxes are a benefit to design schedules, but does anyone worry about what’s inside?

popularity

The more things that are put onto a single SoC, the greater the possibility that the entire system can be hacked. Centralization is good from the standpoint of speed, cost and power, but it’s not always good from the standpoint of security.

This may sound contrary to the experience of corporate IT departments, but there’s a reason behind this. In the case of data centers, the advent of the PC created a nightmare for CIOs and data center managers. Rather than controlling data centrally, with PCs and later smart phones, it was meted out to all users on a corporate network. That resulted in everything from outright data theft to rampant data leakage—bits and pieces sent out in e-mail or used in documents that were distributed outside the company.

Rather than clamp down on new devices and the progress and innovation they brought with them, IT departments put in place strict policies, procedures and methodologies for tracking data theft. And as a variety of devices became a part of everyday corporate life, security experts within corporations began tracking usage patterns for data to spot any irregularities and employing whatever tools they could find.

This created huge opportunities for security companies, of course. Gartner last month estimated the security software market at $17.7 billion worldwide. And Cisco just announced that it would pay $2.7 billion for cybersecurity firm Sourcefire, even though Cisco has a reputation for being of the most security-minded companies in the technology world.

SoC vendors are just beginning to look at this issue. While there is always talk of a back-door security breach, particularly with counterfeit chips, the reality is that the best and quickest way into a system has been through the corporate network and the software, not the hardware. And with many of the components spread out across a PCB and IP blocks internally developed by companies, that hasn’t been a problem.

As more components are sourced from third parties the possibility of an open door to data increases. It may not even be intentional. The rush to get IP out the door has put the focus on functionality, and more recently on energy efficiency, but it’s rare that IP developers think about security. That’s both a problem and an opportunity—although who will actually benefit from that opportunity is unknown so far.

Still, the point is that security needs to be considered by IP makers, and it needs to come together at the SoC level just as it does at the end user device or system level. It also needs to happen proactively, because any well-publicized breach will affect the entire SoC ecosystem. As more functionality is added into an SoC, the makers of those SoCs and the companies that contribute to them need to address real system-level issues. Security is one of the most prominent, and the clock already has started ticking on this one.