Abstract: A secure system includes a data port, a network on chip (NoC) module, a processor communicatively coupled to the NoC module, a communication interface operatively coupled to the processor and to the data port, an electronic field-programmable gate array (eFPGA) configuration module operatively coupled to the NoC module, and a clock operatively coupled to the NoC module. In a first modality, the communication interface is at least partially disabled. In a second modality, the communication interface is at least partially disabled, boundary scan operations are disabled, a RESET signal is held in a constant state, and/or redacted code is rendered inoperable. In a third modality, the communication interface is at least partially enabled to send and receive commands and data via the data port, the boundary scan operations are enabled, the RESET signal is not held in the constant state, and/or the redacted code is operable.

Abstract: A method for a system for security evaluation includes working one state at a time; identifying primitives of interest and systematically applying relevant attacks for the system; starting at chip level, working through states, and then expanding a system boundary and repeating; following a sequence of: chip>circuit card>subsystem>system>platform for a product solution under analysis; determining if a system definition has sufficient detail, or is too abstract; for a chip with a native secure boot protocol, determining if all players are represented; representing attacks as vectors made up of measurements of the following attributes: Dollars, days, Probability of success, Probability of destruction, technology node, and number of samples; and representing countermeasures as vectors made up of scaling factors for each of attack attributes.

Abstract: A system that includes a plurality of encapsulation blocks having a plurality of digital signal processing (DSP) blocks provided with preconfigured logic functions and a plurality of pacing control networks operatively connected with the plurality of DSP blocks. The system also includes a streaming cross bar operatively connected with each encapsulation block of the plurality of encapsulation blocks. Each encapsulation block of the plurality of encapsulation blocks includes a DSP block of the plurality of DSP blocks and a pacing control network of the plurality of the pacing control networks. Each DSP block of the plurality of DSP blocks is independently and separately connected with the streaming cross bar via the plurality of pacing control networks.

Abstract: A port protection network provided with a joint test action group (JTAG) core and method of use. The port protection network includes an agent device operatively connected with a streaming bus and a test access port (TAP) of the JTAG core. The port protection network also includes a master device operatively connected with the streaming bus and the TAP of the JTAG core. In the port protection network, the agent device is configured to selectively restrict access to the master device through the JTAG core.

Abstract: An on-chip firewall circuit for providing secure on-chip communication is disclosed. The firewall circuit includes a configurable table of port IDs along with a configurable setting for each port ID to either provide the corresponding port ID with open access to the components of a secure enclave (SE) module or restricted access. If access is restricted, then the command is rerouted to a portion of the secure memory within the SE module, where it can be read only via a secure processing device within the SE module. The secure processing device may require additional verification of the port ID before executing the command stored within the secure memory. In this way, unsecure devices from outside of the SE module can be configured to have no direct access to any of the components within the SE module.