Semiconductor Hardware Security: Infection and Licensed innovation Assurance Rules.

Uploaded on:
Semiconductor Hardware Security: Infection and Licensed innovation Assurance Rules Anant Raman anant.raman Harvey Wohlwend harvey.wohlwend
Slide 1

Semiconductor Equipment Security: Virus and Intellectual Property Protection Guidelines Anant Raman anant.raman Harvey Wohlwend harvey.wohlwend Advanced Materials Research Center, AMRC, International SEMATECH Manufacturing Initiative, and ISMI are servicemarks of SEMATECH, Inc. SEMATECH, the SEMATECH logo, Advanced Technology Development Facility, ATDF, and the ATDF logo are enrolled servicemarks of SEMATECH, Inc. All different servicemarks and trademarks are the property of their individual proprietors.

Slide 2

Vendor Systems Automation Apps Direct to Tool Removable Media Office PC Remote Diagnostics Utility PC Two Key Elements of Security System Integrity because of: Network reconciliation of gear is obliged Highly coordinated system prone to get digital assaults Cyber assaults are developing Intellectual Property (IP) because of: Business mix of different parts – procedure, yield, hardware building, modern building, field administration, hardware plan, production line robotization, and so on. Joint Development – OEMs and IC Makers working in “compensatory” situations Sources of Vulnerability

Slide 3

Shrinking Time to Vulnerabilities Vulnerability reported; Patch in advancement Bulleting and patch accessible; No adventure Exploit code out in the open Worm on the planet Days in the middle of patch and endeavor “… there is no more fix window ," composed Johannes Ullrich, Chief Research Officer at the SANS Internet Storm Center. "Defense inside and out is your just opportunity to survive the early arrival of malware." 331 180 151 25 Zero Day Attack: Vulnerability abused before it was accounted for to whatever is left of the security group 0 Blaster ZoToB Welchia/Nachi Nimda SQL Slammer

Slide 4

Virus Protection Guidelines ISMI and Member Company Working Group audited the issues and prerequisites and set up rules to address semiconductor hardware security for IC Makers and Equipment suppliers Established rules at manufacturing plant system and gear level Describe capacities to effectively coordinate hardware into an IC Maker’s intranet, including: Guidelines in view of standard abilities Configuration rules for the IT faculty for segments, for example, system hardware, PCs, working frameworks, and items Security outline rules for hardware application planners and fashioners

Slide 5

IC Maker Guidelines Use firewalls in the IC Maker industrial facility system to control access Provide intermediaries for interchanges in the middle of gear and production line Proxies give infection insurance abilities Institute business process for neighborhood hardware clients Backup and recuperation methods Scanning of removable media (memory sticks, floppies, CDs, and so forth.) Security necessities for cell phones (portable workstations, PDA, Tablets, and so forth.) Infrastructure for hostile to infection assurance

Slide 6

Equipment Supplier Guidance Institute business process Backup and recuperation techniques Procedures and preparing for field administration specialists Hardened PC arrangements Strong watchword, non-clear secret word, and so on. No open system shares Avoid introducing or empowering superfluous projects and administrations on hardware (e.g., telnet, ICMP, FTP) Support applications running with least benefits Wherever material, gear runs freely of one another from system viewpoint Support logging and review of security related setup changes Record all security related mistakes

Slide 7

Equipment Supplier Guidance (cont’d) For new hardware, give working frameworks and hostile to infection capacities that are in the right now upheld period of their life cycle Security programming redesign support for gear is discretionary and gave as a support of intrigued IC Makers The administration subtle elements incorporate capability and backing for working framework, applications, and against infection abilities The IC Maker and the gear supplier should concur upon the recurrence of security overhauls Network security layer 3 gadget for gear (discretionary) Allow just controlled access to/from gear Additional parcel separating and firewall innovation for gear Wireless: Not Allowed Equipment inward remote systems/LAN substitutions Wireless systems between hardware Wireless: Allowed Factory parts (e.g., ID perusers) and hardware

Slide 8

2007 Virus Protection Guidelines Update Best Known Methods Network Security Create hardware security model Create mapping of security to hardware bunches, … Port Security New gear establishment Move gear to a known area, … Virus Management Support system division (connections to arrange BKMs) Shut down unneeded system ports at the device, … Patch Management Identify fixing applicants Create programming update arrangement, …

Slide 9

Virus Protection Vis-à-vis System Integrity 2007 upgrade incorporates IC Maker Best Known Methods for digital security, shows more prominent IC Maker cooperative energy and sharing Documentation demonstrates that IC Makers have altogether developed in taking care of digital assaults on gear Most IC Makers are utilizing two or more techniques to handle digital security for gear Factory with 100s of apparatuses Vulnerability Paths System Integrity Field administration tablets Removable media HSMS empowered Process device Remote diagnostics Automation applications Direct to device Time to proceed onward to different difficulties Utility PC Office PC

Slide 10

Equipment Security Roadmap 2004 2007 Onwards 2007 ITRS Update We are at an intonation point

Slide 11

Ongoing Equipment Security Needs R&D is a key component of business and working methodology in semiconductor industry IC Maker spotlight on the procedure and deciding items OEM concentrate on the hardware for the procedure Collaboration is a uber pattern Moving to another innovation hub, shared expense model Results in all the more sharing of information, e.g., plan information, formula information, test information, gear information, wafer portrayal, pollution information, yield information, process duration, and so forth. Operational difficulties Environmental : System Integrity because of digital assaults Manufacturing : IP sharing because of deformities, yield, throughput and unwavering quality issues Financial : IP sharing because of joint advancement Challenge: How can IC Makers and OEMs make a harmony between ensuring their ventures and sharing IP for operations?

Slide 12

IP Protection Requirements for part organizations have been gathered and together investigated Key perceptions from prerequisites: IP assurance right now authorized by business process, for example, NDAs with sparse innovation bolster Only a couple items should be ensured (constrained profundity scope) Role-based security required for particular IP-loaded articles Don’t concentrate on apparatus operations (restricted broadness scope) Some ranges are more pertinent than others Some time allotments are more appropriate than others There are numerous Use Cases – Tool Down/Repair, ICM–ICM Collaboration, ICM to foundry, ICM Nth & N+1th Gen partition Approach: To make a multi-faceted security structure utilizing e-Diagnostics security construction modeling Tiered building design gives rich arrangement of extensive security capacities Status: Revision 0 rules made Equipment IP Protection IP insurance rules depend on business necessities

Slide 13

Equipment IP Protection Strategy Key Concept : IP insurance should be a piece of hardware programming and not just a business procedure Identify key programming security advances, for example, part based security Leverage existing programming security structural engineering in gear region (e-Diagnostics genealogy) Identify Use Cases for distinctive plans of action, e.g., IC Maker-IC Maker joint efforts IC Maker-Supplier coordinated efforts IC Maker (N+1)th & Nth procedure era taking care of IC Maker-Foundry joint efforts Tool end-of-life Identify utilitarian zones and times where IP assurance is not applicable Pilot IP assurance rules by means of OEM usage Educate and strengthen industry requirements for IP security and current dangers Supplier suggestions : Incremental change needed to the hardware controls programming to add part based security to a little arrangement of documents and indexes User/Group access to IP taking into account “Need to Know” Sharing/Control of IP is robotized through programming (instead of manual) and can be dynamic relying on business conditions Automatic programming based client bookkeeping and reviewing Ability to kill security when not required, but rather in controlled way Technology is accessible today to take care of gear IP issues!

Slide 14

Vendor Systems Automation Apps Direct to Tool Removable Media Office PC Remote Diagnostics Utility PC 2007 Equipment Security Summary Objective: Strengthen the Equipment Virus Protection Guidelines because of complex system availability prerequisites Drive the need to ensure IP inside of hardware amongst IC Makers and make industry-level rules Benefits: Protects partner money related interests in the innovation Enables manufacturing plant wide institutionalized IP insurance and digital security Strengthen the implementation of NDA through innovation Provides clear working techniques for IP assurance and digital security for circumstances, for example, investigating, joint outline, innovation exchange, sub-contracting, and so on. Requirement for Equipment IP Protection Need for Cyber Security  ISMI Guidelines Provided!  Current Project Focus

Slide 15

Summary e-Manufacturing and Collaboration period brings requirement for improved security Interface A principles characterize gear level security Interface C characterizes moving information safely from the production line to supporting associations ISMI Virus Protection Guidelines distributed Gives direction to hardware suppliers on desires and prerequisites Provides IC Maker Best Known Methods ISMI IP Protection Guidelines being created Development of security system is key to the arrangement space Use Case advancement discriminating to general achievemen

View more...