UltraSoC adds security checks to bus monitoring IP

UltraSoC has designed a bus monitor designed to hook into its debug and system monitoring on-chip network that will react to problems it detects in addition to simply reporting on suspicious transactions.

The Bus Sentinel is designed to watch transactions on an SoC’s internal bus and can be configured to block transfers if it detects a problem. The sentinel uses programmable filters, counters, and timers to try to determine whether transactions are legitimate or whether they breach certain rules. An example would be an attempt to access memory-control registers once a reboot has completed or a peer on the bus that is not an authorized cryptocontroller trying to access a part of memory allocated to encryption-key storage.

The sentinel can be programmed to react in a number of ways that may not involve blocking a transaction. It may modify the transaction with a flag, create a bus transaction of its own, or send an alert over the debug-communication fabric for use by on- or off-chip threat mitigation systems. The core can be augmented with local memory to record data for use by filters, to store statistical data, or keep a rolling record of transactions.

UltraSoC chief strategy officer Aileen Ryan said a potential use-case for the local storage is in “black box” systems being explored by automotive-system designers. These would hold the states leading up to a software or hardware failure. “The automotive industry is very keen to investigate the root cause of any issue that propagates through the system: which IP, which cycle in the operation went wrong. Building up that forensics log is something that the larger ecosystem is interested in.”