Search for: All records

Increasingly complex Intellectual Property (IP) design, coupled with shorter Time-To-Market (TTM), breeds flaws at various levels of the Integrated Circuit (IC) production. With access to IPs at all stages of production, design defects can easily be found and corrected, i.e., knowledge of the Register Transfer Level (RTL) code allows for the option of easy defect detection. However, third-party IPs are typically delivered as hard IPs or gate-level netlists, which complicates the defect detection process. The inaccessibility of source RTL code and the lack of RTL recovery tools make the task of finding high-level security flaws in logic intractable. Upon this request, in this paper, we present an RTL recovery tool suite named RERTL that leverages advanced graph algorithms including Lengauer-Tarjan's dominator tree and Euler tour tree technique to assist in netlist analysis. Supported by RERTL, logical states and their interactions are recovered from the initial design in the format of gate-level netlists. After the recovery of state interaction, RERTL further converts the full design into human-readable RTL. A series of netlist case studies were examined using RERTL covering benign logic structures, designs with accidental defects, and designs with deliberate backdoors. The experimental results show that all of our designs at various complexities were recoverable within seconds. 

Assuring the quality and the trustworthiness of third party resources has been a hard problem to tackle. Researchers have shown that analyzing Integrated Circuits (IC), without the aid of golden models, is challenging. In this paper we discuss a toolset, NETA, designed to aid IP users in assuring the confidentiality, integrity, and accessibility of their IC or third party IP core. The discussed toolset gives access to a slew of gate-level analysis tools, many of which are heuristic-based, for the purposes of extracting high-level circuit design information. NETA majorly comprises the following tools: RELIC, REBUS, REPCA, REFSM, and REPATH. The first step involved in netlist analysis falls to signal classification. RELIC uses a heuristic based fan-in structure matcher to determine the uniqueness of each signal in the netlist. REBUS finds word groups by leveraging the data bus in the netlist in conjunction with RELIC's signal comparison through heuristic verification of input structures. REPCA on the other hand tries to improve upon the standard bruteforce RELIC comparison by leveraging the data analysis technique of PCA and a sparse RELIC analysis on all signals. Given a netlist and a set of registers, REFSM reconstructs the logic which represents the behavior of a particular register set over the course of the operation of a given netlist. REFSM has been shown useful for examining register interaction at a higher level. REPATH, similar to REFSM, finds a series of input patterns which forces a logical FSM initialize with some reset state into a state specified by the user. Finally, REFSM 2 is introduced to utilizes linear time precomputation to improve the original REFSM.