Enhancing Semiconductor SoC Security: Addressing Risk Due to “Chicken Bits”
In the world of semiconductor System-on-Chip (SoC) designs, it’s not uncommon to include undocumented features and control bits that can be used to enable or disable certain features. These elusive bits are commonly referred to as “chicken bits“. This allows for testing of new features that may not be ready […]
Securing Third-Party IP: A Vital Step in Safeguarding the Design Supply Chain
Secure silicon is a foundational element of a secure design supply chain for electronic systems, as semiconductors power everything from consumer electronics to critical infrastructure and defense systems. The complexity of the modern system-on-chip (SoC) designs fulfilling this demand often requires integration of third-party intellectual property (IP) components, such as […]
The “Shift Left” Approach in Hardware Security
Are you confident that your hardware security is robust enough to catch critical security flaws early in your design process? Incorporating a ‘shift-left’ approach —integrating security from the early stages of the development cycle—can greatly enhance your cybersecurity defenses. This is crucial for semiconductor devices, whose security vulnerabilities become orders […]
Hardware Security Guide to Industry Standards and Regulations
In an era marked by relentless technological advancements, the significance of cybersecurity standards, regulations and guidelines has emerged as a critical dimension for companies engaged in the manufacturing of electronic devices. In this dynamic landscape, semiconductor manufacturers are compelled to navigate a complex web of standards and compliance requirements to ensure […]
Cycuity Sets New Standard for Semiconductor Chip Security Assurance with Next Generation of Radix Technology
New capabilities expand security analysis, enhance performance, and automate security workflows to further Radix’s position as a first line of defense against hardware vulnerabilities SAN JOSE, Calif. — March 19, 2024 — Cycuity, an innovator of semiconductor security solutions, has introduced comprehensive new features for its Radix technology, including advanced […]
Microarchitecture Vulnerabilities: Uncovering the Root Cause Weaknesses
In early 2018, the tech industry was shocked by the discovery of hardware microarchitecture vulnerabilities that bypassed decades of work put into software and application security. Meltdown and Spectre exploited performance features in modern application processors to leak sensitive information about victim programs to an adversary. This leakage occurs through […]
Why Semiconductor Security Is More Important Than Ever in 2024
When I think about the state of semiconductor security today compared to when I joined Cycuity in 2020, I can safely say that chip security conversations are now taking place with greater frequency and urgency. Over the past year, I observed three trends that I expect will continue and accelerate […]
Radix Overview from DAC 2023
Here’s a brief overview of Radix from our booth at the Design Automation Conference (DAC) in San Francisco, explaining how we help build more scalable and comprehensive security for the development lifecycle. Related Links:
Cycuity Achieves ISO/SAE 21434 Certification for Automotive Cybersecurity Compliance
Affirms Cycuity’s hardware security verification solution and engineering processes comply with cybersecurity standard for road vehicles SAN JOSE, Calif. — July 11, 2023 — Cycuity, Inc., an innovator of semiconductor security solutions, today announced that its Radix security product and engineering processes are now certified as compliant with ISO/SAE 21434, […]
Accelerating the DoD’s Access to Commercial Microelectronic Design Security Technology
We recently announced our $99M IDIQ contract from the Department of Defense (DoD) to drive proliferation of our Radix technology and expand its capabilities for increased assurance of microelectronic devices. The contract award comes at a critical inflection point with the rapidly growing demand to improve design security for commercial […]
Cycuity Awarded Seven-Year $99 Million IDIQ Contract To Address Design Supply Chain Security
First phase to address secure design supply chain and third-party IP security in close collaboration with partners in the defense and commercial sectors SAN JOSE, Calif. – June 14, 2023 – Cycuity, Inc., the pioneer of hardware security solutions, today announced it was awarded a SBIR Phase III IDIQ contract […]
Radix Coverage for Hardware Common Weakness Enumeration (CWE) Guide
Ready to leverage CWEs with Radix? MITRE’s hardware Common Weakness Enumeration (CWE) database aggregates hardware weaknesses that are the root causes of vulnerabilities in deployed parts. In this 100+ page guide, each CWE is listed along with a Radix template Security Rule that can be filled in with design-specific signals […]
Enhancing Automotive Security with MITRE CWE
The cybersecurity of the electronics used in automotive designs is crucial and must be considered very early during the architecture and design phase of development. An important set of guideposts for this process can be found in the MITRE CWE (Common Weakness Enumeration). The CWE list provides a solid framework […]
Simplifying Automotive Cybersecurity Compliance
As automobile design increases in the complexity of its digital components, the resulting expanded attack surfaces mean that increasingy strong cybersecurity measures will be required if automotive components and systems are to work as intended. Naturally, this has given rise to increasing compliance requirements, with new regulations defining measures required […]
Getting Ahead of the Curve with Automotive Security Compliance
In the ever-evolving world of smart cars, cybersecurity has emerged as a major priority in the automotive industry. Automotive manufacturers are facing a market that demands smart cars meet more stringent automotive security compliance requirements, and providing evidence of security rigor to regulators, stakeholders, and consumers is more critical than […]
Creating Comprehensive and Verifiable Hardware Security Requirements
Developing effective hardware security requirements is one of the trickiest aspects of building trustworthy electronic products. Even highly skilled and experienced teams don’t always get it right. Why? First, it’s very difficult to anticipate every security risk – much less cover every possible scenario with a specific security requirement. Instead, […]
A Security Maturity Model for Hardware Development
With systems only growing more sophisticated, the potential for new semiconductor vulnerabilities continues to rise. Consumers and hardware partners are counting on organizations meeting their due diligence obligations to ensure security sensitive design assets are secure when products are shipped. This is an iterative process, so a security maturity model […]
Verifying the OpenTitan Hardware Root of Trust
Dominic Rizzo (OpenTitan) and Jason Oberg (Cycuity) OpenTitan is the leading open source silicon root of trust project. It was also the industry’s first open source silicon root of trust, designed from scratch as a transparent, trustworthy and secure implementation for enterprises, platform providers and chip manufacturers. What Is a […]
Capture Effective Hardware Security Requirements in 3 Steps
As hardware vulnerabilities continue to rise, it’s increasingly crucial for those developing semiconductors to reduce consumer and business risk by establishing comprehensive security programs. These should include a systematic process for developing security requirements, verifying them at scale throughout the design process, and producing final documentation for security sign-off before […]
Embedded Insiders Podcast: Verifying the CHIPS Act and Emerging Security Standards
On this episode, the Insiders are joined by Andreas Kuehlmann, Executive Chairman and CEO of Cycuity, formerly known as Tortuga Logic, to discuss the importance of security at the chip level amidst the release of new standards and recent government involvement in the semiconductor industry via the much-talked-about CHIPS Act.
Cybernews Feature: Andreas Kuehlmann, Cycuity CEO
Featured on Cybernews Software often seems like the most important thing that makes the digital world go round, but we often forget that hardware is also in the picture. And as we make sure to secure our digital lives with password managers, virtual private networks, and whatnot, few tend to […]
A New Phase in Our Journey to Trustworthy Electronic Products
Semiconductor chips drive our everyday lives – and our global economy – in more ways than any of us could have envisioned when Tortuga Logic was founded in 2014. And similarly, the importance of hardware security has grown dramatically beyond what anyone could have predicted at that time. This has […]
Tortuga Logic Rebrands as Cycuity
Addressing Evolving Needs in Product Security SAN JOSE, Calif. — June 22, 2022 — Tortuga Logic has officially changed its name to Cycuity, introducing a brand identity that marks a new phase in the company’s growth. Cycuity will expand the scope of its vision to support more holistic product security […]
Hardware Security Assurance Starts With Cycuity
We talk about hardware security this week. Tune in to bootstrap yourself with a primer on hardware security with Dr. Jason Oberg – Cycuity CTO. https://www.youtube.com/watch?v=F5SIZJwh3vk
Advancing the Maturity of Your Hardware Security Program
Where Are You Today on the Hardware Security Maturity Model? Hardware security is a journey. Knowing where to start and what goals to set regarding comprehensive hardware security verification can be challenging, but our five-level maturity model can help bring focus to your planning and execution. Whether you’re beginning at […]
Cybersecurity is a Journey
Hardware Is the Foundation of Your Security Posture Due to the inability to ‘patch’ silicon, failure to identify and remediate hardware vulnerabilities early comes with catastrophic consequences. However, most of the focus and investments in cybersecurity have historically been on device software and its administrators, not on securing the underlying […]
Detect and Prevent Security Vulnerabilities in your Hardware Root of Trust
Computer hardware is omnipresent, with more than one trillion semiconductor devices sold in 2018. Such large growth in the number of semiconductor devices is driven by many factors, including the rapidly expanding sector of the Internet of Things (IoT), which has resulted in the proliferation of simple microcontrollers in all […]
Measurable Hardware Security with MITRE CWEs
MITRE’s hardware CWE database aggregates, in a common form, the hardware weaknesses that are root causes of vulnerabilities. The list is categorized into major themes such as Security Flow Issues, Debug and Test Problems, Memory and Storage Issues, General Circuit and Logic Design Concerns, and others Hardware CWEs are ideal […]
Radix Automated Security Verification
Cycuity’s Radix technology adds systematic hardware vulnerability detection and prevention to existing ASIC, SoC, and FPGA verification methodologies using its comprehensive information flow analysi/s technology. By bringing more precise and more systematic security practices to every step of the development process, Radix helps security and verification teams identify and isolate […]
Security Verification with Radix
The attack surface of a semiconductor-based product evolves in unpredictable ways as design and development advance from block to system level. Creating comprehensive security requirements is an essential first step. But manual, point-in-time requirements verification is not practical with sophisticated products manufactured in collaboration with multiple supply chain partners. The […]
Security Signoff with Radix
One of the most challenging tasks that semiconductor product stakeholders have is making informed decisions about when a design is ready to receive security signoff. Leaders are often forced to decide when a product can proceed to tape-out and chip manufacturing based on incomplete or outdated information – all while […]
The New Rules of Hardware Security
Now that semiconductors play a central and fast-expanding role in many aspects of everyday life, chip manufacturers face a growing collection of new pressures, including: Increasing design complexity More demanding security requirements from customers New security standards and regulatory requirements Increasingly sophisticated threat actors These challenges are exacerbated by the […]
Requirements Definition with Radix
Most companies developing semiconductors – or products that incorporate them – have existing hardware security practices in place. But the security requirements that these activities are based on often have two key limitations: They focus disproportionately on known risks and fail to account for the unexpected. They aren’t easily verifiable […]
Building a Robust Hardware Security Program
Chips and the Products That Rely on Them Are Everywhere Semiconductors are now a daily part of modern life. They power sensitive military equipment and enterprise infrastructure, including many with low to zero tolerance for security risk. Even everyday consumers rely on silicon to improve their professional and personal lives […]
Is Your Hardware Root of Trust Delivering the Security You Expect?
A hardware root of trust (HRoT) creates a strong foundation for system security, reducing the likelihood of full system compromise. While a HRoT provides valuable security features, it is important to ensure that they are secure features. Vulnerabilities can have a major impact, including: Unprivileged access to your customers’ proprietary […]
Ensuring Security by Design is Actually Secure
Today’s connected systems touch nearly every part of consumers’ lives, from smart thermostats in our homes to self-driving cars on our roads. The adoption of these new devices has led to an explosion of new semiconductors and use models. But these novel conveniences also come with new risks. With vulnerabilities […]
A History of Hardware Security and What it Means for Today’s Systems
Although semiconductors provide the foundation of every modern electronic computing system, it’s difficult for most people to imagine the consequences of a hardware security incident on their own lives. However, this is quickly changing as more sophisticated and successful system exploits rooted in hardware make it into major news headlines. […]
Hardware Security Optimization with MITRE CWE
Whether you’re just starting to build out a hardware security program at your organization, or you’re looking to optimize existing hardware security processes, the MITRE Common Weakness Enumeration (CWE) database is an excellent resource to keep in your toolbox. What is CWE? A CWE is a weakness, or flaw, in […]
What is MoonBounce? Why You Should Be Concerned and What You Can Do About It
You’ve probably heard of rootkits, but have you ever heard of bootkits? They’re basically all that is terrifying about rootkits – only taken a level deeper. Rather than inserting themselves into the root level of an operating system, they target the firmware that sits beneath the OS. So at a […]
Tortuga Logic Appoints Dr. Mitchell Mlinar as New Vice President of Engineering
Seasoned Engineering executive brings extensive leadership experience in product development, security, cloud, and hardware design San Jose, CA – January 11, 2022 — Tortuga Logic® Inc, a cybersecurity company that has pioneered semiconductor chip security solutions, today announced the appointment of Dr. Mitchell Mlinar as Vice President of Engineering. In this […]
Building a More Secure U.S. Microelectronic Design Infrastructure
The security of the U.S. microelectronic designs and their supply chain is becoming a significantly growing concern for both commercial semiconductor companies and the Department of Defense (DoD). The industry has seen significant impact from both silicon shortages and vulnerabilities that have caused disruption in the assurance of microelectronics that […]
The Most Important CWEs For Hardware Security
Due to the significant growth in hardware vulnerabilities, industry leaders have been coming together to discuss the most important security weaknesses to hardware and semiconductors. In early 2020, through invaluable contributions from The MITRE Corporation, Intel Corporation, and Tortuga Logic, a hardware-specific Common Weakness Enumeration (CWE™) taxonomy was born. This […]
Detecting Spectre Using Radix
By Jerry McGoveran, Senior Security Applications Engineer, Tortuga Logic This is the second post in a two-part series on how Radix can be used to detect and discover microarchitectural vulnerabilities such as Meltdown and Spectre. The prior post, Detecting Meltdown Using Radix, written by Nicole Fern, discussed the Meltdown vulnerability, […]
Power Side-Channel Analysis Against Values Squashed in the Processor Pipeline
Executive Summary Speculative microarchitectural side-channels have been prevalent over the last several years, the most predominant being variants of Meltdown and Spectre. Another unique and harmful side effect of speculative execution is its influence on power side-channels. This technical report details how leakage can occur through power side-channels due to speculative execution. Specifically […]
Detecting Meltdown Using Radix
This is the first post in a two-part series on how Radix can be used to detect and discover microarchitectural vulnerabilities such as Meltdown and Spectre. This first post introduces the Meltdown vulnerability, formulates Meltdown as a hardware information flow property violation, and provides details on how Tortuga Logic’s Radix […]
Tortuga Logic and DARPA Extend Partnership Through the DARPA Toolbox Initiative.
Commercial Partnership Enables DARPA Researchers to Take Advantage of Tortuga Logic’s Security Verification Technology Through the Toolbox Program San Jose, CA, March 30, 2021 | Tortuga Logic® Inc, a cybersecurity company and innovator of semiconductor chip security solutions, today announced a new licensing agreement with the U.S. Defense Advanced Research […]
Darpa Toolbox – Accelerating innovation for forward looking security research
As most are aware, our infrastructure continues to be under cyber attack from state-sponsored actors. The Solar Winds hack was the most aggressive and damaging attack to date, affecting government agencies and commercial institutions. It’s clear that our adversaries are sophisticated and are accelerating their desire to disrupt our way […]
Information Flow Analysis: Tracking Information through Hardware Designs
Many of today’s systems are built around specialized computing hardware that includes intellectual property (IP) to accelerate algorithms used in applications such as Machine Learning and Artificial Intelligence, or Cryptography. While a specific algorithm or system may be secure in theory, a final System on Chip (SoC) implementation may not […]
Tortuga Logic announces expansion of product portfolio
New Security Governance Platform will be Developed in Conjunction with an Investment from In-Q-Tel, Inc. San Jose, Calif. – March 9, 2021: Tortuga Logic® Inc, a cybersecurity company that has pioneered semiconductor chip security solutions, today announced the development of a Security Governance Platform (SGP), expanding its portfolio of advanced […]
Tortuga Logic Expands Government-sponsored Program
US Government Awards $12M Contract to Hardware Security Pioneer Tortuga Logic to Advance Solutions for Zero-Trust Assured Microelectronics SAN JOSE, Calif. – Dec. 21, 2020: Tortuga Logic® Inc., a cybersecurity company that has pioneered ASIC, FPGA and SoC hardware security solutions, today announced that it has been awarded an SBIR […]
A Fireside Chat with Dr. Jason Oberg
We talk about hardware security this week. Tune in to bootstrap yourself with a primer on hardware security with Dr. Jason Oberg – CTO of Cycuity. https://www.youtube.com/watch?v=MYY39G19xWk
Establishing a Special Interest Group on Common Hardware Weaknesses
It seems like almost every week, yet another hardware security vulnerability is announced. Just last week a team of researchers disclosed a new attack called “Platypus”, an acronym for “Power Leakage Attacks: Targeting Your Protected User Secrets.” This is another attack exploiting the simple fact that hardware sits below the […]
CEO Interview: Andreas Kuehlmann of Tortuga Logic
You may remember Andreas from his time at Synopsys, where he led the new Software Integrity Business Unit. He joined Tortuga Logic a couple of months ago to lead the company. Given his background in software security, I was eager to get a CEO interview… Read the full interview on […]
Tortuga Logic Announces Expansion of Cybersecurity Leadership Team
Tortuga Logic Announces Expansion of Cybersecurity Leadership Team, Appoints Andreas Kuehlmann as Executive Chair and Interim CEO, Co-Founder Jason Oberg as CTO SAN JOSE, Calif. – Aug. 4, 2020: Tortuga Logic, Inc., a cybersecurity company specializing in hardware security, today announced that its Board of Directors has appointed Andreas Kuehlmann as Executive […]
Hardware Security — A Critical Piece of the Cybersecurity Puzzle
Cybersecurity is a critical foundation of our rapidly expanding digital world-spanning hardware and software that powers everything from our personal devices to the global infrastructure. Over the past decade, significant progress has been made in many security domains, especially in maturing secure software development processes. So far, hardware security has […]
Hardware Security Verification with CWE and Information Flow Analysis
Common Weakness Enumeration (CWE) is a community-developed list of software and hardware weakness types which may cause security issues. CWEs for software have been around since 2006 but the list of hardware weaknesses is new. The list is maintained by the MITRE organization and can be found here: cwe.mitre.org A […]
Tortuga Logic’s Dr. Jason Oberg Appointed to the CWE/CAPEC Board
SAN JOSE, Calif. –July 21, 2020: Tortuga Logic, Inc., a cybersecurity company specializing in hardware security, today announced that its CEO, Dr. Jason Oberg, has been appointed to the newly established, Common Weakness Enumeration (CWE™) / Common Attack Pattern Enumeration and Classification (CAPEC™) Board. CWE is sponsored by the U.S. […]
Reducing Hardware Security Risk
Introduction In today’s world, hackers, computer viruses and cyber-terrorists are making headlines almost daily. Security has become a priority in all aspects of life, and most importantly, of our businesses. Recently hackers have been targeting the heart of our most complex systems, the Application Specific ICs (ASICs) and Systems on […]
What Makes A Chip Tamper-Proof?
The cyber world is the next major battlefield, and attackers are busily looking for ways to disrupt critical infrastructure. Read the full article.
Fundamental Changes in Economics of Chip Security
June 10th, 2020 – By: Ed Sperling: Protecting chips from cyberattacks is becoming more difficult, more expensive and much more resource-intensive, but it also is becoming increasingly necessary as some of those chips end up in mission-critical servers and in safety-critical applications such as automotive… Read the full article.
CEO Update 2020
Dr. Jason Oberg, CEO and co-founder of Tortuga Logic, overviews his thoughts on hardware security vulnerabilities and the new industry initiatives driving hardware security. Read the full interview.
3 Steps to a Security Plan
Assessing the security of a hardware design sometimes seems like a combination of the guy looking under a streetlight for his car keys, because that’s where the light is (we have this tool, let’s see what problems it can find) and a whack-a-mole response to the latest publicized vulnerabilities (Cache […]
Hardware CWEs…This Will Change Everything
Something happened in February of this year that will change the way security of integrated circuits (ASICs), System on Chips (SoCs), and field-programmable gate arrays (FPGAs) are specified, designed, and verified… Read the full article.
An Objective Hardware Security Metric in Sight
Security has been a domain blessed with an abundance of methods to improve in various ways, not so much in methods to measure the effectiveness of those improvements… Read the full interview on SemiWiki.com.
Tortuga Logic Scores Role in DoD Security Programs
It should be no surprise in the current climate that the US government is ramping up investment in microelectronics security, particularly with an eye on China and investments they are making in the same area. This has two major thrusts as I read it: to ensure trusted and assured microelectronics […]
Verifying Security in Processor-Based SoCs
Security in modern systems is of utmost importance. Device manufacturers are including multiple security features and attack protections into both the hardware and software design. For example, the Synopsys DesignWare ARC Processor IP includes many security functions in its SecureShield feature set. End-product system security, however, cannot be guaranteed by […]
Taking Aim at the Achilles Heel of Computer Hardware
Cybersecurity is at a crossroads. Spending on cybersecurity is expected to exceed $133 billion in 2022, and yet we still have huge data breaches. Read the full article.
Mercury Systems Selects Radix for DARPA Program
SAN JOSE, Calif., Jan. 15, 2020 /PRNewswire: Tortuga Logic, Inc., a cybersecurity company specializing in hardware security, today announced that its products and services have been selected by Mercury Systems, Inc. (Nasdaq: MRCY), to support the DARPA Guaranteed Architecture for Physical Security (GAPS) program. Mercury Systems’ secure processing subsystems are used in numerous Command, Control, […]
Radix™ Hardware Security Verification Solutions Licensed by Xilinx
Tortuga Logic’s Radix Series Bolsters Firmware and System Security SAN JOSE, Calif., July 30, 2019 /PRNewswire/ — Tortuga Logic, a cybersecurity company specializing in system-level security, today announced a licensing agreement with Xilinx Inc. Under the license, Xilinx will use Tortuga Logic’s Radix™ series of security verification solutions to provide best in class […]
The Headaches of Being a SoC Security Architect
A modern System-on-Chip (SoC) has a wide array of very strict and difficult-to-verify security properties. Issues related to locking critical configuration or key registers, proper implementation of interconnect access control rules, and general configuration during system boot are issues that pain just about every SoC Security Architect. They spend hours […]
You Probably Have a Lot of Dead Hens in Your Hardware Design
Meeting timing, keeping under power budget, delivering on time – all aspects of hardware design are pretty easy if you just relax the constraint of being “correct”! Hardware designers of course know this and are quick to find creative and easy fixes to their problems but are of course held […]
You Must Verify HW/SW Interactions To Avoid Security Vulnerabilities
Imagine waking up tomorrow morning only to discover that your employer’s brand is all over the news for the wrong reasons. Qualcomm employees experienced that last week. Over 900 million Android devices containing a Qualcomm processor were shown to have four known security vulnerabilities, and these alarming security issues are […]
Securing the Internet of Things Starts with Silicon
In just a few short years, connected devices of the Internet of Things (IoT) have gone from concepts to reality and as a result there are now major concerns regarding their initial development. The consensus opinion is that communication standards, power, and security are the major issues for connected device […]
Securing FPGAs
Ask an FPGA design engineer about securing their designs and a typical reply is likely “Oh – we don’t have to worry about that, our FPGA vendor takes care of silicon security”. This perspective is partially true in that FPGA vendors provide security functionality to protect a user’s bitstream and the […]
Here’s What You Need To Know About Design-For-Security
It’s the natural inclination of engineering management to address difficult and new issues in product development by testing for them late in the design cycle. Often the new issues are not well understood, EDA tools and techniques to address the issues are new and unproven (if available at all), and […]
Software Security Is Necessary But Not Sufficient
As the silicon designs inside the connected devices of the Internet of Things transition from specifications to tapeouts, electronics companies have come to the stark realization that software security is simply not adequate. Securing silicon is now a required, not optional, part of RTL design processes. Design-for-Security (DFS) needs to […]