These new offerings embed advanced real-time cybersecurity features in the systems-on-chip (SoCs) that power and control modern products. The first product in the range, the UltraSoC Bus Sentinel, allows SoC designers to control access to sensitive areas of their devices, instantaneously detect and block suspicious transactions, and build a long-term profile of system operation to secure against current and future cyber threats.
UltraSoC’s security solutions allow designers to incorporate an independent internal monitoring system into their chips. This continuously checks that the device is operating as expected, detecting anomalous behaviour that might suggest a security breach.
Because it is embedded in the hardware, it can respond in real time (in microseconds rather than the milliseconds required by traditional threat mitigation measures), is very hard to subvert or circumvent, and can even block “zero-day” type attacks that the chip’s designers have not anticipated. In addition to detecting and blocking cyber threats, it can be used to trigger actions that prevent propagation, and to provide a forensic “black box” record of events.
The Bus Sentinel module monitors and controls the internal bus of an SoC, observing how the chip’s interconnected sub-blocks are interacting. It can be configured at run time to detect specific transaction types; for example, if a process tries to access the control registers of the memory controller at any time other than a system re-boot; or if a process with insufficient privileges attempts to access a protected area of memory.
The detection process itself is performed via a range of configurable filters which can be cascaded to implement complex conditions and detect even very subtle nuances of system behaviour.
In addition to its detection functions, the Bus Sentinel can be configured to respond to threats in a variety of ways, also in real time: it can allow the transaction to proceed unmodified; it may block the transaction from proceeding beyond the monitor using a transaction gating technique; it can modify the transaction in some way – for example by marking it with a flag; and it can generate a response on the bus. It can also issue a trigger event across the dedicated UltraSoC communications fabric, allowing an immediate response to be generated by other system blocks, or by external threat mitigation systems.
David Rogers, CEO of cybersecurity specialists Copper Horse, commented: “As the threat landscape evolves and the consequences of attacks become more concerning, implementing security features in hardware has many advantages. By putting security at the heart of an SoC, UltraSoC’s technology helps by monitoring, detecting and addressing security concerns at the most fundamental level possible today.”
The Bus Sentinel’s system of filters, counters and timers allows it to be configured to detect common known security threats. These capabilities give the system designer a wide variety of approaches to any given threat vector.
Suspicious transactions can be detected and flagged, and subsequent transactions monitored without the attacker’s knowledge, to profile the threat. Transactions can be blocked, with the option to respond to the initiator and gather further information. Or the Bus Sentinel can trigger a response anywhere else within the on-chip system, communicating via the dedicated UltraSoC communications fabric.
The Bus Sentinel is equipped with storage units that can record data for use by the filters in future transaction identification. It can also be used in concert with the overall UltraSoC infrastructure to gather rich statistical data. This can be used by an on-chip analytics engine, or passed to an external cloud-based analytics system, to profile the system and produce a “signature” of normal behaviour based on many deployed instances of the device. This in turn allows the threat mitigation system to adapt to the rapidly evolving threat landscape.
The UltraSoC Bus Sentinel will be generally available in Q1 2020.