|Acquisition Program: |
| ||The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), which controls the export and import of defense-related material and services. Offerors must disclose any proposed use of foreign nationals, their country of origin, and what tasks each would accomplish in the statement of work in accordance with section 3.5.b.(7) of the solicitation.|| Objective: ||Develop methods and designs for allowing for the determination that no unintended functionality has been added to a hardware device in the time between when the design is provided to the foundry and when the finished device is provided to the user.
|| Description: ||In the modern process of integrated circuit (IC) development, the actual design and fabrication of an IC typically is distributed between a number of different companies and/ or individuals. This is the “modus operandi” of what are called “fabless” design houses: the designs are performed by this company, but the layout, mask fabrication, and actual IC fabrication are contracted out to other companies. Almost by necessity, this same approach is taken for application specific integrated circuit (ASIC) development: the “customer,” the entity with the most in-depth knowledge of the required functionality of the device, will do the high-level design of the device, perhaps working at the schematic capture or hardware design language (HDL) level of the design. They may do some preliminary layout of the device, as well. The customer will also perform the required simulation and verification to assure that the device will perform as expected when it is actually fabricated. At this point, the design is typically handed off to an actual IC foundry for manufacture of the masks and then the manufacture of the ICs, themselves.
After the manufacture of the ICs by the foundry, samples of the chips are returned to the original customer for hardware verification. However, verification typically covers only the desired operations of the chip; that is, the chip is shown to perform those functions for which it was designed. It is not usually the case that the chip is shown to perform no other action than those for which it was designed.
This situation requires a degree of trust between the design house and the foundry, the design house trusting that no additional undocumented functionality has been added to its original design. It is for this reason that the government has set up the “Trusted Foundry” program. However, going this route rather than taking advantage of competitive foundries can significantly impact the cost of a design program.
It is desired that methodologies be developed that allow the design house to verify not only that a device received from the foundry provides those functions for which it was specifically designed, but that it performs no other functions. Participation in this SBIR is limited to US citizens.
|| ||PHASE I: In the first phase, the offerer will propose and verify hardware verification methodologies for insuring both positive (the device does what it is supposed to do) and negative (the device does nothing other than what it is supposed to do) compliance to a design specification. This compliance verification will occur at least at the transaction level. The offerer will provide a final report to the government.
|| ||PHASE II: Taking a design of reasonable complexity, the offerer will demonstrate that any added or deleted functionality is revealed in the final hardware validation. If applicable, this will be verified using an actual FPGA implementation. The offerer will show how this methodology will scale to larger applications and, more specifically, to ASIC designs. The offerer will provide a 2 day on site seminar covering the methodology. A final report will be provided to the government.
|| ||PHASE III-DUAL APPLICATIONS: The offerer will continue to develop this verification methodology for incorporation into commercial hardware design suites. This can be through integrating the selected system configuration/verification of trusted fabrication applied to all integrated circuit commercial companies, especially in electronics.
|| References: ||
 Adee, Sally, “The Hunt for the Kill Switch,” IEEE Spectrum, http://www.spectrum.ieee.org/semiconductors/design/the-hunt-for-the-kill-switch/0
 Pope, S., “Trusted Integrated Circuit Strategy,” IEEE Transactions on Components and Packaging Technologies, vol. 31, iss. 1, March 2008, pgs. 230-234.
 Irvine, C.E., Levitt, K., “Trusted Hardware: Can It Be Trusted?” Design Automation Conference, 2007, DAC ’07, 44th ACM/IEEE, 4-8 June 2007, pgs. 1-4
 Verbauwhede, I. , Schaumont, P, “Design Methods for Security and Trust,” Design, Automation & Test in Europe Conference and Exhibition, 2007, DATE ’07, 16-20 April 2007, pgs. 1-6.
 Khasidashvili, Z., et al, “Post-reboot Equivalence and Compositional Verification of Hardware,” Formal Methods in Computer Aided Design, 2006, FMCAD ’06, Nov. 2006, pgs. 11-18.
 Clarke, E., Kroening, D., “Hardware Verification using ANSI-C programs as a reference,” Design Automation Conference, 2003, Proceedings of the ASP-DAC 2003, Asia and South Pacific, 21-24 January 2003, pgs 208-311.
 Biere, A., et al, “Symbolic model checking using SAT instead of BDDs,” Design Automation Conference, 1999, Proceedings, 36th, 21-25 June 1999, pgs. 317-320.
|Keywords: ||Integrated Circuit, Manufacturing, Fabrication, IP, Verification, Hardware Design, MDL, ASIC|