Overview of the security system of chip design environment

There have been many documents discussing the development of information security, so I will not go into details here.

Whether the development of information security is divided into three or four stages, the classification standards are always inseparable from the innovation of information technology, the change of media transmission media, the rapid development of the Internet, the digital transformation, the requirements of laws and regulations, etc. The author prefers the classification method published by Jack Zhai on 51cto [4], which explains the development trend of security assurance concepts from the perspective of enterprises.

Figure 1.1 The changing trend of security assurance concepts along with the development of security

Let's expand on this with the chip industry:

The chip design industry is very typical and traditional, and usually the information system and R&D environment are built in the company's own data center.

Initially, the R&D environment was mainly protected by traditional methods of physical protection and network layer isolation, and the personnel management system was mainly based on rough administrative management. Later, with the development of virtualization and network technology, the security measures and security operations of the R&D environment began to be considered from the perspective of business processes and the entire enterprise IT environment. Firewalls and VDI isolation were added on the basis of physical protection and network layer isolation. Data protection has also evolved from permission management of single files and directories to more extensive access control. The management system has also evolved from rough administrative management to the comprehensive establishment of system service monitoring and auditing processes, and regular training of users to improve safety awareness. At the same time, corresponding security measures are taken from the perspective of business processes and data flows to prevent data leakage, and the security protection system has begun to become three-dimensional.

Figure 1.2 Three-dimensional safety zone isolation

With the rise of cloud computing technology, the computing environment of the chip industry is also moving to the cloud. Although the domestic chip industry is still in the wait-and-see and start-up stage, we believe that "chip design moving to the cloud" is the general trend. For a detailed explanation, please pay attention to our series of special articles on "chip design moving to the cloud" . (Click to view)

For future cloud computing platforms, the chip design environment will become an integrated platform with services as the core. Security assurance is no longer a "building block" integration between components, but has evolved into a more complex cross-integrated system.

IT infrastructure and chip design are directly connected in a loosely coupled structure. Security protection based on the "business assurance " model is no longer appropriate and must be transformed into "service-oriented" security protection. Therefore, the security of the chip design environment must not only consider marginal security and the security of each component, but must also be seamlessly integrated with the security protection of IaaS and PasS cloud vendors to jointly maintain the security of the chip design environment.

Information security refers to "cyber security" in a broad sense, and "data security" in a narrow sense. Security products and services in cyber security and data security are becoming increasingly abundant and mature in their respective fields. Among them, data security is the security element that the chip industry pays the most attention to and values. The default IT planning mode of enterprises is to establish or host data centers, and lock the R&D environment in a private network through boundary isolation such as firewalls, while the flow of data will be audited and monitored through professional transmission tools.

Through research and practice in recent years, we have found that although each industry has its own focus due to its business characteristics, cyberspace security and data security must complement each other and be coordinated and balanced.

Let’s first look at two industry-related security incidents in recent years.

In August 2018, three 12-inch wafer fab production lines of TSMC, a well-known semiconductor chip manufacturing company, were invaded by the worm-like ransomware WannaCry, causing the wafer fab equipment to shut down. It is said that the accident caused TSMC to lose up to NT$1.15 billion[1].

This is a security incident caused by inadequate cyber security measures. The reason why hackers succeeded is that the Windows 7 operating system did not manage system patches in a timely manner, resulting in a security vulnerability.

Let's take a look at another security incident that had a significant impact on the chip industry in 2020, which was Intel's 20G internal data leak. It was reported that this was the most serious data leak in Intel's history. The leaked files involved codes, development and debugging tools, various circuit diagrams, documents, and intellectual property related to the internal design of various chipsets, including files marked as "confidential" and "restricted confidential", as far back as CPU technical details, product manuals and guides released in 2016. If you are interested, you can refer to [2][3].

It is hard to imagine that such a serious security incident would happen to a high-tech company like TSMC or Intel. After all, the investment of such a large international semiconductor company in security hardware and software should not be sloppy, and the investment cost should not be low. According to media reports: Intel believes that the incident was caused by the data being leaked after being downloaded by authorized persons, not by the company being hacked . So this is a typical "human-caused" security incident. Therefore, even if there is more investment in security products and solutions, if the improvement of security awareness is ignored and loopholes appear in the management process, it will also cause significant losses due to human factors. Therefore, people, technology and processes must be closely integrated and highly controlled.

Intel's security incident shows that security must be based on the combination of people, technology (tools and products), and processes.

Figure 3.1 Three elements of security architecture - people, technology and process

As shown in the figure below, a comprehensive and detailed security solution consists of five main steps: demand collection and analysis, technical framework design, technical solution determination, planning of integrated management platform, and comprehensive implementation. Its strategic planning must comply with security regulations and standards, withstand security audit assessments, and be seamlessly scalable and suitable for the needs of different business scales and scenarios.

So what are the most important factors to consider in these steps? Based on industry and project experience, we describe the key points of mainstream recommendations and best security practices in the figure below, and focus on several factors of interest to the chip industry.

Figure 3.2 Security solution implementation path

• Management's requirements for risk control

The classic risk formula in Figure 3.3 shows that risk is composed of threats, vulnerabilities, and assets. The k-granularity of security measures depends on the enterprise's risk control requirements, that is, the control granularity of the three core security elements of threats, system vulnerabilities, and security assets.

Figure 3.3 Classic risk formula

Companies like the chip industry, which attach great importance to IP and data security, are worried that data leaks will have a significant impact on their corporate reputation, market development and revenue. In principle, they should adopt more fine-grained protection measures.

• Business requirements and features

Undoubtedly, the security architecture system is inseparable from the business needs and characteristics of the enterprise. For example, for applications on the Internet, the corresponding security needs must consider purchasing HTTPS certificates, WAF, anti-DDoS attacks, anti-intrusion detection, development language framework security, and prevention of development language vulnerabilities; while the chip design environment also requires security technologies such as anti-intrusion attacks, but https certificates and prevention of development language vulnerabilities do not need to be involved too much. The chip design environment is generally built on a private network (whether offline or in the cloud), and engineers enter a more secure project environment through VDI virtual desktops for development and design. Therefore, protecting data, preventing leakage and loss, monitoring data flows, and keeping logs and audits have become their key considerations .

• Cost considerations

The investment and cost are generally proportional to the security level. If the security risk in the enterprise security assessment is high, the investment required for the adopted security architecture will be higher, and vice versa. But does an architecture built with money mean it is highly secure? The answer is obviously not.

A high-investment architecture will increase the complexity of implementation and maintenance costs, and it is impossible to guarantee zero risk 100%; on the contrary, a low-investment architecture is not necessarily unsafe. If the architecture is perfect, the process is detailed and comprehensive, and every employee has a high level of security awareness, a highly secure environment can be built. Security products do bring high security from the technical and tool levels, but it also depends on the improvement of the company's own awareness and continuous system optimization.

3.2 Design of technical framework

The design of the technical framework should focus on trusted area division, boundary control, and layered protection of application environments with different security levels, so as to ensure high availability, confidentiality, and integrity of data, and weave a comprehensive "sparse but not leaky" security network.

• Trusted zones, perimeter controls, and layered protection

The design principles of the technical framework refer to the requirements of standard specifications, security audit content and security industry best practices. Regardless of whether the enterprise IT environment is simple or complex, data classification and definition of different levels of trusted security areas are required; policies, tools and technologies are used to implement and enhance boundary control at the boundaries of each trusted area; at the same time, security control measures must be deployed at each level within the IT environment. The more complex and larger the IT environment, the finer the granularity; conversely, the granularity becomes coarser to reduce unnecessary investment and maintenance costs and simplify management. Of course, the security technology framework must also be periodically evaluated and updated as the business expands or changes.

The technical framework emphasizes the necessity of establishing a trusted security zone, because this makes it easy to identify the user's access identity and deny entry to unknown users.

Figure 3.4 Trust level categories based on physical domains

(Copyright © 2004 Deloitte Development LLC)

• High data availability, confidentiality and integrity protection

High availability, confidentiality, and integrity form the famous CIA triangle in the field of information security. CIA is also the three basic attributes of the national information security level protection system for information system security levels [5].

High availability refers to the high availability of networks, hosts, applications, and data. In layman's terms, it requires redundant design and disaster recovery management, which must be considered from both the system and security architecture.

Confidentiality, on the other hand, is about protecting data, ensuring that data can only be accessed by authorized users and cannot be leaked to unauthorized persons. Confidentiality must be combined with access control policies to set access permissions for files, applications, and databases. If the enterprise wants a high level of protection, it needs to further use encryption methods (software, hardware, logical encryption, etc.) to protect data in multiple ways to prevent loss and leakage.

The integrity of data is generally reflected in verification, such as how to take certain technical measures during the transmission process to prevent data from being added, tampered with or deleted by illegal users.

• Data security classification

The company's data assets need to be classified and sorted, such as public, internal use only, private, proprietary, confidential, top secret, sensitive and restricted categories ; data with scientific classification labels can be linked according to the value of the information and cost-effectiveness. For example, sensitive data in highly trusted domains needs to be stored on encrypted networks, while untrusted domains do not store sensitive data and therefore do not need to implement encryption solutions, so that investment is concentrated on the assets that are most worth protecting without causing unnecessary waste.

Another function of data classification is to better define roles, and to perform security control on data access according to different roles (such as network administrator, security administrator, system administrator, project development engineer, project owner, etc.), so as to effectively grant and monitor users' permissions to read, modify, delete, etc. Best security practices, such as Microsoft Cloud and Amazon Cloud, use access rights based on the "principle of least privilege", that is, newly created users have no permissions by default.

3.3 Unified management process platform integration

A good security technology framework needs to be supported by a complete process management system, which can greatly improve security efficiency; just as a person can "walk briskly" only if he has a good skeleton. A complete management process platform and a good management system will root the concept of security in the security awareness and daily behavior of personnel, thus achieving a closed-loop security management of "pre-prevention, in-process control and post-event supervision and governance".

The design of the security management platform includes:

• System Management

Through authorized system management, system resources are configured, controlled and trusted, including user identity, trusted reference library, system resource configuration, system loading and startup, fault handling, monitoring alarm, backup and recovery, etc. The intelligent management platform can realize automatic deployment and operation and maintenance, avoid the error rate of manual operation, and thus greatly improve management efficiency.

• Security Management
  

The security management level mainly refers to classifying and labeling visitors and accessed resources according to CIA guidelines, performing access control and authorization on visitors, configuring trusted security policies, and ensuring the integrity of related data.

• Audit Management

Audit management is to complete the entry of system and access environment resources on the platform, and to centrally manage the security monitoring and alarm of various devices and network security logs. According to the security audit strategy, various types of security information are classified, managed and queried, and a unified audit report is produced. The audit function of a good management platform can perform correlation analysis of various security alarms and log information, so as to proactively discover important security events or discover hidden attack patterns, and issue early warnings for similar security risks that exist globally.

In the previous chapter, we explained the main elements of the security architecture system. So how do we tailor it into a design architecture and solution suitable for the chip industry? People in the industry generally raise security issues around the following points.

• What does “information security” specifically mean for the industry?

• How can we achieve comprehensive security protection?

• How to control security risks and ensure that data and IP are not leaked?

• If we purchase all the security products and solutions on the market, will our company’s R&D environment be highly secure?

To this end, we have launched the following security system framework suitable for the chip design environment. This framework is designed by combining the characteristics of the chip industry, the security issues that users are most concerned about, and the key elements of the security framework introduced in the previous chapter. Starting from protecting the most sensitive data in the chip industry, it is built around the principle of "one platform, three layers of isolation, and five layers of control " , comprehensively considering the protection of resources and data at all levels in the R&D environment, and configuring an integrated security management platform.

This framework not only flexibly adapts to the R&D environment of chip companies of different sizes, but also complies with national security regulations and national level protection requirements, and can be flexibly expanded to public clouds or hybrid clouds to provide strict protection for the company's IP and data.

4.1 A platform

A platform is a security management platform that highly integrates security policies, processes, audits, etc. As described in 3.3, it includes system management, security (process, policy) management and audit management.

The security management platform suitable for R&D environment fully integrates all relevant system resources of the chip R&D environment. Authorized administrators can uniformly manage and configure system resources, and even realize automated operation and maintenance management.

Assets and data that have been classified and classified by security are managed by the platform to ensure the consistency of classification strategies throughout the entire life cycle of chip data and IP usage, storage, and processing. R&D personnel or machines that need to access and use resources and IP must be judged as trusted, and controlled, supervised, and audited through authorized access and trusted mechanisms; the platform also implements real-time monitoring and alarms, and displays high-risk hazards through the dashboard; the platform is also an audit center, which centrally collects, analyzes, and promptly takes corresponding security measures for system and application access logs in the R&D environment.

4.2 Three-layer Isolation

As we have introduced in Section 3.2 Technical Framework, one of the key factors of the technical framework is to establish different security areas according to the trust level. We have isolated the R&D environment in a three-layer architecture, as shown in the following figure.

Figure 4.1 Three-tier architecture

OA: office environment, low-level security area;

VDI: virtual desktop, medium security zone;

HPC: R&D design environment, high-level security zone;

Researchers engaged in chip design can move from a low-security OA office environment network to a high-security R&D environment through a medium-security virtual desktop. Security risks (intrusion attacks, virus infections, etc.) are greatly reduced after these three levels of filtering.

The three different levels of security boundary isolation, OA, VDI, and HPC, are designed with full consideration of boundary security and network communication security. The design framework enhances security protection step by step according to different protection categories, and implements security control with different strategies for different security areas based on the principle of convenient management and control.

Regional border security: By configuring border firewalls to enable security filtering policies, we can prevent intrusion and malicious code, establish user identity authentication and access control policies, enable security audit policies, and ensure network access and interface security.

In terms of network communication security, we closely monitor the flow of data, especially the outflow of data, and use strict auditing and security control measures to ensure the confidentiality and integrity of sensitive data to prevent loss and leakage.

4.3 Five-layer control

The three-layer architecture isolation introduced in Section 4.2 above is mainly designed from a horizontal perspective. In terms of depth, we divide all the logical combinations of IT resources in the EDA environment into five layers for hierarchical control. Physical environment security is of course also very important, because its security measures are common in all industries, so we will not go into details in this article.

The five layers here are mainly designed from the perspective of IT assets and data related to the EDA design environment, as shown in the figure below, which are divided into network layer security, terminal node security, host security, application layer security and data security. We have highlighted the main security measures in each security control layer in the figure below, and we will elaborate on them in subsequent special articles.

Figure 4.3 Five-layer resource security control in the R&D environment

In the chip design environment security architecture, data security protection is given the highest priority. All R&D data, IT assets, and service resources can be considered as security objects, which must be reasonably classified for security, and sensitive data marked as highly confidential, confidential, etc. must be encrypted and protected through DLP solutions. In this way, even if the data leaks out of the company due to human error or intentional behavior, it is difficult to crack it because it is encrypted, thereby protecting the company's IP assets efficiently and securely.

Undoubtedly, in the chip industry, especially domestic chip design companies, the most concerned security demand is data security. The complexity of today's information systems determines that it is not enough to just protect the security of the data layer. This requires a systematic, comprehensive integrated system solution and management platform for vertical and horizontal cross-dimensional management and maintenance.

The security system architecture should take risk control as the starting point, use technical means and tools, improve personnel security awareness, adopt comprehensive and smooth integrated processes and management platforms, and implement the most appropriate security measures to protect chip R&D data and IP. The decision-making of security risk control is by no means based on investing a lot of money, buying more security products and deploying them, and then "sitting back and worrying"; nor can it be fully protected by making the entire environment completely physically and logically isolated.

The security system framework of "one platform, three-layer isolation, and five-layer control" suitable for the chip industry can control the security risks that the chip industry is concerned about within the expected effects of the enterprise. It is suitable for chip industries of different sizes and can be flexibly expanded, changed and upgraded to protect chip R&D data and IP to the greatest extent.

For more in-depth discussions, please pay attention to the subsequent series of articles of "Core Cloud and Core Security".

If you want to know more about chips on the cloud , please contact:

Johnny Wang

Vice President of IT/CAD and EDA Cloud Computing Services of Moore Elite

+86-021-51137998

johnny.wang@mooreelite.com

Wendy Zhou

Technical Director of IT/CAD and EDA Cloud Computing Division of Moore Elite

+86-021-51137998

wendy.zhou@mooreelite.com

refer to:

[1] TSMC’s production line was “poisoned” and shut down for three days, resulting in losses exceeding NT$1 billion

[2] More than 20GB of Intel source code and proprietary data dumped online

[3] A large amount of confidential data of Intel CPUs was leaked, and unreleased chip designs were exposed

[4] Review of the development of information security

[5] Information Security Technology - Technical Requirements for Cybersecurity Multi-Level Protection Security Design (GB/T 25070-2019)

Recommended reading (click to view): The power of the cloud on a chip

If you have Chip design, wafer packaging and testing

Education and training, and other business needs

Feel free to scan the QR code to contact us