A Survey on Split Manufacturing: Attacks, Defenses, and Challenges by Perez, Tiago D. & Pagliarini, Samuel
Digital Object Identifier XXX
A Survey on Split Manufacturing:
Attacks, Defenses, and Challenges
TIAGO D. PEREZ, SAMUEL PAGLIARINI
Tallinn University of Technology (TalTech)
Department of Computer Systems
Centre for Hardware Security
Tallinn, Estonia
(e-mails: {tiago.perez,samuel.pagliarini}@taltech.ee)
Corresponding author: T. D. Perez (e-mail: tiago.perez@taltech.ee).
This work was supported by the European Union through the European Social Fund in the context of the project âA˘IJICT programmeâA˘I˙.
ABSTRACT
In today’s integrated circuit (IC) ecosystem, owning a trusted foundry is not economically viable and
therefore most IC design houses are now working under a fabless business model. In order to overcome
the security concerns associated with fabrication outsourcing, the Split Manufacturing technique was
proposed. In Split Manufacturing, the Front End of Line (FEOL) layers (transistors and lower metal
layers) are fabricated at an untrusted high-end foundry, while the Back End of Line (BEOL) layers (higher
metal layers) are manufactured at a trusted low-end foundry. This approach hides the BEOL connections
from the untrusted foundry, thus preventing overproduction and piracy threats. However, many works
demonstrate that BEOL connections can be derived by exploiting layout characteristics that are introduced
by heuristics employed in typical floorplanning, placement, and routing algorithms. Since straightforward
Split Manufacturing may not afford a desirable security level, many authors propose defense techniques to
be used along with Split Manufacturing. In this work, we present a detailed overview of the technique, the
many types of attacks towards Split Manufacturing, as well as possible defense techniques described in the
literature. For the attacks, we present a concise discussion on the different threat models and assumptions,
while for the defenses we classify the studies into three categories: proximity perturbation, wire lifting,
and layout obfuscation. The main outcome of our survey is to highlight the discrepancy between many
studies – some claim netlists can be reconstructed with near perfect precision, while others claim marginal
success in retrieving BEOL connections. Finally, we also discuss future trends and challenges inherent to
Split Manufacturing, including the fundamental difficulty of evaluating the efficiency of the technique.
INDEX TERMS Hardware Security, Hardware Trojans, Integrated Circuits, IP Theft, Reverse Engineering,
Split Manufacturing
I. INTRODUCTION
Counterfeiting and intellectual property (IP) infringement is
a growing problem in several industrial sectors, including
the electronics sector. In Europe, for instance, seizures of
counterfeit electronics products increased by almost 30%
when comparing the 2014-2016 and 2011-2013 periods [1].
Legitimate electronics companies reported about $100 billion
in sales loss every year because of counterfeiting [2].
As electronic systems are being increasingly deployed in
critical infrastructure, counterfeited and maliciously modi-
fied integrated circuits (ICs) have become a concern. The
globalized nature of the IC supply chain contributes to the
problem as we lack the means to assess the trustworthiness
of the design and fabrication of ICs. It is foreseeable that a
fault in a low-quality counterfeit or a malicious modified IC
will disrupt critical infrastructure – with grave consequences.
Therefore, hardware security has gained more attention in the
past decades, emerging as an important research topic.
As the IC supply chain has became more globalized,
ensuring the integrity and trustworthiness of ICs becomes
more challenging [3]. When a modern IC is conceived, the
probability that all involved parties are trusted is close to
zero. The process of conceiving an IC can be broken down
in three major steps: design, manufacturing, and validation.
Designing an IC involves arranging blocks and their in-
terconnections. Some blocks are in-house developed, while
VOLUME XXX, 2020 1
ar
X
iv
:2
00
6.
04
62
7v
1 
 [c
s.C
R]
  8
 Ju
n 2
02
0
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
FIGURE 1: Counterfeit Electronics Taxiderm (Adapted from [3] ).
some are third-party IPs. Finally, a layout is generated by
instantiating libraries that might also be in-house developed
or provided by third parties. The resulting layout is then
sent to a foundry for manufacturing. The process of valida-
tion requires test for physical defects as well as verification
of packaged parts for correct functionality. Both test and
packaging facilities may be untrusted, as these efforts are
often offshored. Thus, in order to produce an IC, sensitive
information almost inevitably is exposed to untrusted parties.
Today’s reality is that ICs are vulnerable to many hardware-
based threats, including insertion of hardware trojans, IP
piracy, IC overbuilding, reverse engineering, side-channel
attacks and counterfeiting.
Hardware trojans are malicious modifications to an IC,
where attackers insert circuitry (or modify the existing logic)
for its own malicious purposes. This type of attack is
mounted during manufacturing, as the foundry holds the
entire layout and can easily identify key-locations for modi-
fications. Third-party IPs can also contain trojans/backdoors
that may contain hidden functionalities, and which can be
used to access restricted parts of the design and/or expose
data that would otherwise be unknown to the adversary.
IP piracy and IC overbuilding are, essentially, illegal own-
ership claims of different degrees. As said before, during
designing an IC, third-party and in-house developed IPs are
utilized. The untrusted foundry (or a rogue employee of it)
can copy an IP without the owner’s authorization. Similarly,
malicious foundries can manufacture a surplus of ICs (over-
building) without the owner’s knowledge, and sell these parts
in the grey market.
Reversing engineering an IC has been extensively demon-
strated [4]. An attacker can identify the technology node
and underlying components (memory, analog, and standard
cells), from which a gate-level netlist is extract and even a
high-level abstraction can be inferred [5]. Reverse engineer-
ing can be effortlessly executed during manufacturing, as the
foundry holds the entire layout and most likely holds the IP
as well. After fabrication, when ICs are already packaged and
in the field, reverse engineering is more laborious but can be
executed by a knowledgeable adversary.
According to [3], counterfeited components are classified
into seven distinct categories, as illustrated in Fig. 1. Recy-
cled, remarked, out-of-spec/defective and forged documen-
tation are intrinsic after-market problems, where products
are offered by parties other than the original component
manufacturer or its authorized vendors. On the other hand,
overproducing, cloning, and tampering are problems faced
during the designing and/or fabrication. For this reason, in
this paper, we will focus on these threats. It is important to
realise that these threats could be avoided if a trusted fabrica-
tion scheme was in place. However, the escalating cost and
complexity of semiconductor manufacturing on advanced
technologies made owning a trusted advanced foundry un-
feasible. Design companies now have the tendency to adopt
the fabless business model [6]. Consequentially, outsourcing
of the manufacturing exposes their entire layout to untrusted
foundries, leaving their designs vulnerable to malicious at-
tacks.
While many ad hoc techniques have been proposed to
individually combat these threats, very few solutions di-
rectly address the lack of trust in the fabrication process.
Split Manufacturing stands out from other techniques as it
promotes a hybrid solution between trusted and untrusted
fabrication. The technique was first pitched to DARPA circa
2006 in a white paper authored by Carnegie Mellon and
Stanford universities. Later, it was picked by IARPA which
launched the Trusted IC program [7] that stewarded much of
the research in the area and led to this survey.
In Split Manufacturing, the key concept is to split the
circuit in two distinct parts before manufacturing, one con-
taining the transistors and some routing wires, and the other
containing only the remaining routing wires. These parts are
then fabricated in different foundries. The anatomy of an IC
is illustrated in Fig. 2 (adapted from [8]), containing two set
of layers, the bottom layer where the transistors are built,
called Front end of the Line (FEOL), and the top layer where
the metal layers are built for routing purposes, called Back
end of Line (BEOL). In Split Manufacturing, the FEOL is
first manufactured in a high-end foundry, and later the BEOL
is stacked on top of it by a second (and possibly low-end)
foundry. This process requires electrical, mechanical, and/or
optical alignment techniques to ensure the connections be-
tween them. Additionally, FEOL and BEOL technologies
have to be compliant with each other [9], regarding the
2 VOLUME XXX, 2020
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
metal dimension rules where the split is done, which can
be done after metal layer M1. If the technologies are vastly
different from one another, Split Manufacturing may incur
heavy overheads.
In this work, Split Manufacturing technique is the focus.
As described above, Split Manufacturing can tackle threats
that occur during the fabrication. Its avoids overproduction,
reverse engineering (to some extent) and unwanted modifi-
cations, limiting the capability of attackers. In Section II,
we provide a background and more in-depth explanation
of the technique. We address security threats in Section
II, demonstrating the potential vulnerabilities found in split
circuits and describing the state-of-the-art attacks proposed
until the present day. In Section IV, split circuits security is
discussed, showing how it can be improved using security
enhancements techniques. Future trends and lessons learnt
are discussed in Section V. Finally, our conclusions are
presented in Section VI.
FIGURE 2: Anatomy of an integrated circuit (Adapted from
[8])
II. SPLIT MANUFACTURING: BACKGROUND
As mentioned before, in order to have access to advanced
technologies, many design companies have to outsource their
IC manufacturing to untrusted high-end foundries. Protecting
their designs against threats that may occur during manufac-
turing is a concern. Designs can be protected by applying
the Split Manufacturing technique, thus combating all threats
highlighted in Fig. 2 to enhance the IC security during
manufacturing.
Split Manufacturing protects a design by hiding sensitive
data from the untrusted foundry. This is achieved by splitting
the IC into two parts before manufacturing, a horizontal cut
that breaks the circuit into one part containing the transistors
and some (local) routing wires, and another containing only
routing wires. These parts are termed FEOL and BEOL.
As the FEOL and the BEOL of an IC are built sequentially,
first FEOL and then BEOL, this characteristic enables the
Split Manufacturing technique. Since the FEOL contains the
transistors and possibly a few of the lowest ultra-thin metal
layers – the most complex parts of an CMOS process [10] –,
it is logical to seek to use a high-end foundry for its manu-
facturing, even if said foundry is not trusted. Completing the
IC can then be done in a trusted low-end foundry, where the
BEOL is stacked on top of the FEOL. Split Manufacturing
was successfully demonstrated [9], [11], [12], where designs
were manufactured with ~0% of faults, and are reported to
present a performance overhead of about 5%. Therefore, de-
sign companies can make use of advanced foundries without
fully exposing their layouts for manufacturing.
However, there are many caveats to Split Manufacturing.
The technique can be successfully applied only if the tech-
nologies used to build the FEOL and BEOL are “compat-
ible”. In theory, a layout can be split at any metal layer if
the chosen layer presents a good interface between FEOL
and BEOL. Since advanced technologies utilize the dual-
damascene fabrication process, the layout can only be split on
metal layers [13], thus, the FEOL cannot terminate in a via.
The dual-damascene process is characterized by patterning
the vias and trenches in such a way that the metal deposition
fills both at the same time, i.e., via-metal pairs (e.g., VIA1
and M2) must mandatory be built by the same foundry.
Two technologies are said to be compatible with each other
if there is a way for a BEOL via to land on the FEOL
uppermost layer while respecting all design rule checks
(DRCs) of both technologies. DRCs are used to guarantee the
manufacturability and functionality of an IC, and are defined
with respected to the characteristics of the materials utilized
and to tolerance ranges of the manufacturing processes (e.g.,
polishing, patterning and deposition). These rules encompass
minimum enclosure, width, spacing, and density checks.
Modern technologies have several options for via shapes.
As long as one via shape is valid, the technologies are
compatible for Split Manufacturing purposes. However, in
practice, to keep the overhead of the technique under control,
an array of via shapes must be feasible, thus providing the
physical synthesis with a rich selection. According to [9],
compatibility between two technologies can be generalized
by enclosure rules as in Eq. 1, where MW.U.x is the min-
imum width of Mx on untrusted foundry, VW.T.x is the
minimum width of Vx on trusted foundry and EN.T.x is
the minimum enclosure on trusted foundry. As illustrated in
Figure 3, the minimum enclosure width, Mx.EX.Vx, must
be compatible between the two foundries. In modern tech-
nologies, Eq. 1 is no longer sufficient as it does not capture
the intricate rules for vias and line endings (enclosure from 1
side, 2 sides, 3 sides, T-shaped/hammerheads, etc.).
MW.U.x ≥ VW.T.x+ (2EN.T.x) (1)
Split Manufacturing also presents challenges on the design
flow front, which is illustrated in Fig. 4. An in-house team
designs the circuit, from RTL to layout. Most likely, the
layout contains IPs obtained from third parties. Depending
on the metal layer where the layout is to be split, it may
affect existing IP. Logic and memory IP may use higher metal
layers – memories typically require 4 to 5 metal layers, while
VOLUME XXX, 2020 3
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
FIGURE 3: Compatibility Metal Dimensions Between FEOL
and BEOL.
standard cells typically require 2 metal layers –, limiting
where the split can be done. Standard cells and memories
have to be re-designed if they use metal layers that will be
split, a grave challenge that may render Split Manufacturing
no longer feasible.
Still referring to Fig. 3, the FEOL and BEOL are generated
using a hydrid process design kit (PDK), and then later split
to be manufactured. After splitting the layout correctly, the
FEOL is first manufactured in a high-end foundry, and later
the BEOL is stacked on top of it by a second (and possibly
low-end) foundry.
Even by splitting the layout, it is often argued that the
FEOL exposes enough information to be exploited. Attacks
towards the FEOL can effectively retrieve the BEOL con-
nections by making educated guesses. The efficiency of
the guessing process is inherently linked to the threat level
assumed, which determines the information the attacker pos-
sesses to begin with. The literature describes two distinct
threat models:
• Threat model I: an attacker located at the untrusted
foundry holds the FEOL layout and wants to retrieve
the BEOL connections.
• Threat model II: an attacker located at the untrusted
foundry holds the entire gate-level netlist that is as-
sumed to be provided by a malicious observer. The
attacker here still holds the FEOL layout and wants to
retrieve the BEOL connections. [14].
It is important to emphasize that the second threat model
completely nullifies the security introduced by Split Man-
ufacturing. Possessing the gate-level netlist makes reverse
engineering the layout trivial, as if the attacker held the
entire layout, not only the FEOL. Assuming the attacker has
knowledge about the netlist challenges the design company
integrity. It could be argued that this vulnerability is so severe
that Split Manufacturing virtually stops making sense. For
this reason, threat model I is the focus in this work. However,
as our goal is to present a comprehensive survey, related
works that used threat model II will be covered as well.
Assuming the threat model I, an attacker already knowing
all the layers that make up the FEOL, has the interested in
retrieving the BEOL connections to recreate the full design
(or as close as possible). The commonly used assumption
is that attackers are powerful and work within the untrusted
foundry in some capacity. Thus, the attackers have deep
understanding about the technology. Extracting the (still
incomplete) gate-level netlist from a layout is, therefore, a
trivial task.
Many approaches to retrieve the BEOL connectivity have
been proposed, several of which are term proximity attacks
[8], [15], [16]. Since EDA tools focus on optimizing power,
performance, and area (PPA), the solution found by a place-
ment algorithm (that uses heuristics internally) tends to place
connected cells close to one another as this would in turn
reduce area, wirelength, and delay. Therefore, finding the cor-
rect missing connections between FEOL and BEOL can be
done by assessing input and output pins that are in proximity
(thus, the name proximity attack). The more input and output
pins to connect, the higher is the probability to make a wrong
connectivity guess. Thus, higher level of security is achieved
by splitting the circuit at the lowest metal layer possible.
As a promising technique to enhance the security of ICs in
this era of fabless chip design, Split Manufacturing still faces
some enormous challenges:
Logistical challenge: Split Manufacturing is not
presently incorporated into the IC supply chain. Finding
foundries with compliant technologies that are willing
to work with each other is not trivial.
Technological challenge: even within compliant tech-
nologies, non-negligible overheads can be introduced if
they are vastly different1. In the worst case scenario, it
can make routing impossible. Thus, this fact narrows
down the technology choices available.
Security challenge: the attained security of straightfor-
ward Split Manufacturing is still under debate. Attacks
towards the FEOL can be effective, where the hidden
connections can be retrieved.
For the purpose of this survey, we categorize related works
in the literature as attacks and defense. In attacks, authors
propose new attack models or modifications of existing at-
tacks in order to improve their effectiveness. In defenses,
authors propose new techniques to use together with Split
Manufacturing in order to improve its security level.
III. ATTACKS ON SPLIT MANUFACTURING
The Split Manufacturing technique was developed to protect
ICs against threats related to manufacturing in potentially
untrusted foundries. In practical terms, to split the layout
means to hide some connections from the untrusted foundry.
The security provided by Split Manufacturing is based on
the fact that the attacker in the FEOL foundry cannot infer
the missing BEOL connections. This assumption, however.
was challenged by several works where authors proposed
attack approaches that can potentially retrieve the missing
connections with varying degrees of success. In the text that
follows, we present works that proposed Split Manufacturing
attacks. These attacks are discussed in chronological order,
1For a thorough discussion and silicon results on BEOL-related over-
heads, please refer to [17].
4 VOLUME XXX, 2020
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
FIGURE 4: Split Manufacturing Design Flow.
compiled in Tab. 1. These works are divided by threat model,
attack type, novelty and benchmark circuits used for their
experiments.
The first reported attack is by Jeyavijayan et al.and is
described in [8]. In this work, the authors assume that naive
Split Manufacturing (i.e., splitting a layout without care for
the connections) is inherently insecure. They introduced the
concept of proximity attacks that exploits “vulnerabilities”
introduced by EDA design tools. Since EDA tools focus on
optimizing power, performance, and area (PPA), the solution
found by a placement algorithm (that uses heuristics inter-
nally) tends to place logically connected cells close to one
another so they become physically connected during routing.
This heuristic, in turn, reduces area, wirelength, and delay.
Therefore, the distance between output-input pairs can be
used as a metric to recover the missing BEOL connections.
FIGURE 5: Circuit Partitioned Example.
Designs are commonly partitioned for its physical im-
plementation, i. e., separated into small logical blocks with
few connections between them. That way, the designer have
total control of the floorplaning regarding the blocks place-
ment. And also, they can be separately implemented and
later integrated, creating a sense of parallelism in the design
flow, which can reduce the overall physical implementation
time. Consider as example the circuit illustrated in Fig. 5,
partitioned into partition A and B. The input pins. Consider
a target output pin Px,A,out and its corresponding candidate
input pin Px,B,in. During placement, the EDA tool will at-
tempt to place the pin Px,A,out as close as possible to Px,B,in
than any other pin in partition B. Using this information, an
attacker may recover the connections missing in the FEOL
layout, performing then a proximity attack. The authors argue
that their proposed attack flow is successful due to being able
to leverage the following “hints” provided by the EDA tools:
Hint 1 - Input-Output Relationship: input partitions pins
are connected either to another partition output pin or to
an input port of the IC (i.e., input to input connections
are excluded from the search space).
Hint 2 - Unique Inputs per Partition: input-output pins
between partitions are connected by only one net. If a
single partition output pin feeds more than one input pin,
the fan-in and fan-out nodes are usually placed within
the partitions (i.e., one-to-many connections are ruled
out from the search space).
Hint 3 - Combinational Loops: in general, only very
specific structures are allowed to utilize combinational
loops (e.g., ring oscillators). These structures are very
easy to identify. In most cases, random logic does
not contain combinational loops (i.e., connections that
would lead to combinational loops can be excluded from
the search space).
An attacker can correctly connect a target pin to a can-
didate pin by identifying the closest pin from a list of pos-
sible candidates. The list of possible candidates is created
by observing the three hints mentioned above. A possible
candidate pin is an unassigned output pin of another partition
and an unassigned input port of the design. Then, a minimum
distance metric is used to connect the pins, based on the
previously discussed heuristics of EDA tools.
In Algorithm 1, we describe the proximity attack detailed
in [8]. The input to the algorithm is the FEOL layout, from
which the information about unassigned input-output ports
can be derived. The algorithm does not describe the specifics
of how to derive a netlist from a layout. However, the com-
plexity of this task is rather straightforward. It is assumed that
the attacker possess information about both the PDK and the
standard cell library. In many cases, the untrusted foundry is
VOLUME XXX, 2020 5
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
the actual provider of both2. From there, a layout in GDSII
or OASIS format can be easily reverted to a netlist by any
custom design EDA tool.
Algorithm 1: Proximity attack
Input: FEOL layers
Output: Netlist with BEOL connections
1 Reverse engineer FEOL layers and obtain partitions;
2 while Unassigned partition pins or ports exist do
3 Select arbitrary unassigned pin/port as a targetPin;
4 ListOfCandPins = BuildCandPinsList(targetPin);
5 Select candPin from ListOfCandPins that is closest
to targetPin;
6 Connect targetPin and candPin;
7 Update netlist;
8 Return: netlist
9 BuildCandPinsList(targetPin)
Input: targetPin PX,i,in
Output: CandPins for targetPin
10 CandPins = Unassigned output pins of other partitions +
unassigned input ports of the design;
11 for each PinJ ∈ CandPins do
12 if CombinationalLoop(targetPin, PinJ ) then
13 CandPins -= PinJ ;
14 Return: CandPins
From the gate-level netlist, the algorithm chooses an arbi-
trary TargetPin from the unassigned partition input pins and
output ports, creates a list of possible CandidatePins, and
connects the TargetPin to the closest pin in this list. After
each connection, the netlist is updated. This procedure is
repeated until all unassigned ports are connected. When the
procedure is over, the attacker obtains the possible missing
BEOL connections. If all guesses were correct, the original
design has been reverse engineered and Split Manufacturing
has been defeated.
Algorithm 1 was originally applied to the ISCAS'85 [23]
suite of benchmark circuits. These circuits were selected and
published to help in comparing automatic test generation
(ATPG) tools. Due to the small size of these circuits, they
may not be the best option to assess the effectiveness of Split
Manufacturing. The authors reported an effectiveness of 96%
of Correct Connection Rate (CCR) for the c17 circuit (largest
circuit in ISCAS'85 suite), demonstrating that the algorithm
is capable of retrieving the missing BEOL connections. In
Tab. 2, we highlight the best and worst results in terms of
CCR.
Jeyavijayan et al. [8] were the first to question the security
of straightforward Split Manufacturing, showing promising
results from their proximity attack, even if the considered
2For the PDK, it is very natural that it is created by the untrusted foundry
itself. For standard cell libraries, the cells might be designed by the foundry
or by a third-party licensed by the foundry. In either case, the effort to revert
a layout to a netlist remains trivial.
benchmark circuits are rather small in size. This was the
starting point for other studies proposing different attacks
to Split Manufacturing in a attempt to retrieve the missing
BEOL connections. Improvements over the original proxim-
ity attack, as well as other attacks, are compiled in Tab. 1.
The effectiveness of the proximity attack utilizing distance
of unassigned pins alone as metric to find missing BEOL con-
nections was questioned by Magaña et al. [18]. The authors
propose to utilize both placement and routing information
in proximity attacks. For their results, large-sized circuits
from the ISPD-2011 routability-driven placement contest
[24] were used. These benchmarks are better representatives
of modern circuits as they contain 9 metal layers and up
to two million nets in a design. Thus, in an attempt to
increase the success rate of the attack for large-sized circuits,
they proposed routing-based proximity in conjunction with
placement-centric proximity attacks.
A key difference present in [18] is that it utilizes a different
threat model (model II), claiming that the untrusted foundry
possesses information about the the entire place & routed
netlist, as well as the FEOL layout. This assumption is hard
to reason if the attacker’s intent was to overproduce the IC
or pirate the IP. For these goals, clearly, this assumption is
unnecessary. The attacker himself can, if he indeed possesses
the netlist, perform his own physical synthesis and generate
his own layout. The interest in reverse engineering the BEOL
connections of the original design diminishes. Nevertheless,
we report on the strategies employed by the authors of [18]
since they build on the approach proposed by [8].
FIGURE 6: Layout Circuit Abstraction For the First 3 Metal
Layers
Regarding the attacks, the authors of [18] proposed four
different techniques to identify a small search neighborhood
for each pin. The goal is to create a neighborhood that is
small enough to make further pruning feasible, and therefore
increase the likelihood of including the matching pins. The
techniques are called placement proximity, routing proximity,
crouting proximity and overlap of placement and routing
proximity, and are described in the text that follows. The
circuit illustrated in Fig. 6 is the example (before the split)
that will guide the discussion on these four techniques.
6 VOLUME XXX, 2020
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
TABLE 1: Threat Models, Attacks and Metrics.
Work Year Threat Model Attack type Novelty Benchmark suite(s) Largest circuitsize (gates)
Size
Average
[8] 2013 I Proximity Attack Based on Proximity ISCAS'85 3.51K 1288
[18] 2016 II Proximity Placement and routing proximityused in conjunction ISPD'11 1.29M 951k
[19] 2018 I Proximity Network-Flow-Based with Design
Based Hints
ISCAS'85 & ITC'99 190.21K 9856
[20] 2018 I Proximity Proximity Attack Based on MachineLearning ISPD'11 1.29M 951k
[21] 2019 I SAT SAT Attack without Proximity Informa-
tion
ISCAS'85 & ITC'99 190.21K 9856
[22] 2019 I SAT SAT attack dynamically adjustedbased on proximity information ISCAS'85 & ITC'99 190.21K 9856
TABLE 2: Benchmarks Size and Attacks Results Comparison.
Work Benchmark Attack Split Layer Size (In Gate Count) Metric Result
[8] c17 Proximity Not Defined 6 CCR(%) 100
[8] c7552 Proximity Not Defined 3513 CCR(%) 94
[18] Superblue 1 Placement Proximity M2 847k % Match in List 12.84
[18] Superblue 1 Placement Proximity M2 847k CCR(%) 5.479
[18] Superblue 1 Routing Proximity M2 847k % Match in List 71.08
[18] Superblue 1 Routing Proximity M2 847k CCR(%) 0.651
[18] Superblue 1 Overlap (P&R) Proximity M2 847k % Match in List 13.05
[18] Superblue 1 Overlap (P&R) Proximity M2 847k CCR(%) 3.977
[18] Superblue 1 Crouting Proximity M2 847k % Match in List 82.08
[18] Superblue 1 Crouting Proximity M2 847k CCR(%) 0.651
[19] c7552 Network-flow Based Proximity Not Defined 3513 CCR(%) 93
[19] c7552 Proximity Not Defined 3513 CCR(%) 42
[19] B18 Network-flow Based Proximity Not Defined 94249 CCR(%) 17
[19] B18 Proximity Not Defined 94249 CCR(%) < 1
[20] Superblue 1 Proximity M6 847k % Match in list 33.40
[20] Superblue 1 Proximity M6 847k CCR(%) 0.76
[20] Superblue 1 ML M6 847k % Match in list 83.12
[20] Superblue 1 ML M6 847k CCR(%) 1.91
[20] Superblue 1 ML-imp M6 847k % Match in list 74.65
[20] Superblue 1 ML-imp M6 847k CCR(%) 2.11
[20] Superblue 1 ML-imp M4 847k % Match in list 75.45
[20] Superblue 1 ML-imp M4 847k CCR(%) 2.58
[21] c7552 SAT Attack Not Defined 3513 Logical Equivalence(%) 100
[21] B18 SAT Attack Not Defined 94249 Logical Equivalence(%) 100
[22] c7552 Improved SAT Attack Not Defined 3513 Logical Equivalence(%) 100
[22] B18 Improved SAT Attack Not Defined 94249 Logical Equivalence(%) 100
Placement proximity exploits the placement information
of cells. Each split wire is taken from the pin location of
the corresponding standard cell that is connected to it. A
search neighborhood is defined as a square centered around
the corresponding pin with an area equal to the average areas
of the bounding boxes (BB) in a typical design. The authors
argue that it can also be measured based on BBs of the non-
split wires in the design under attack, under the assumption
that the number of wires that remain in the FEOL is also very
large in practice. Considering the circuit illustrated in Figure
6 before the split as example. If the split is done at M2, the
search area defined using the placement proximity would be
as illustrated in Fig. 7 (a). Note that the layer at which the
layout is split does not affect the search area defined by the
placement proximity.
Routing proximity exploits the routing information. First,
for each split wire, pins are identified as the point where the
wire is actually cut at the split layer, i.e., the via location.
Next, a square area centered around those pins is defined.
The size of the square area is defined based on the average
BBs of the pins on that layer in the design. This procedure
for identifying results in different search neighborhood sizes
according to the split layer location, i.e., the search radius
adapts to the routing resources of each layer. A search area
defined using routing proximity is illustrated in Fig. 7 (b).
Crouting proximity takes into account routing congestion
by exploiting the union of placement and routing proximity.
The search area for each pin is define in such way that the
ratio of number of pins to the search area is equal across all
the pins in the split layer. Thus, if a pin is located at a high
routing congestion area, the search area will be expanded
until the pin density in the new search area reaches a target
value or the search area grows to four times its starting value.
The starting value is set according to the split layer, set as the
average of numbers of pins which fall within a BB. A search
area defined using crouting proximity is illustrated in Fig. 7
VOLUME XXX, 2020 7
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
(c).
The last strategy proposed by [18] also combines place-
ment and routing information. It is referred to as Overlap
of placement and routing proximities. The concept here is to
include a subset of pins identified by the placement proximity
list which have their corresponding pins included in the
routing proximity list. According to the author, intuitively,
the overlap then identifies a subset of pins which may be
more likely to point towards the direction of the matching
pin. A search area defined using the overlap of placement
and routing proximities is illustrated in Fig. 7 (d).
Magaña et al. [18] assessed each strategy using the bench-
mark circuit superblue1. Different split layers were also con-
sidered. In Tab. 2, we compiled the results for split layer M2.
By comparing the results, it becomes clear that no strategy
was able to recover 100% of the missing BEOL connections.
The best result was only 5.479% of CCR. This is in heavy
contrast with the findings of [8]. However, the circuit sizes
differ by orders of magnitude.
According to the authors of [18], proximity alone is no way
sufficient to reverse engineer the FEOL. However, proximity
attacks have merit as they can be used to narrow down the list
of candidates to a significantly smaller size. Using crouting
proximity, in 82.08% of the cases, the search area defined
contained the matched pin in the list of candidates. The
authors also present results for split layer M8. We opt not to
show these results in Tab. 2. Using the circuit superblue1 as
example, the number of unassigned pins when the circuit is
split at M8 is only 1.2% of the pins when split at M2. There-
fore, the small number of unassigned pins to be connected
overshadows the large circuit used for their experiments. It
must also be emphasized that splitting a circuit in such higher
layers is rather impractical since M8 tends to be a very thick
metal reserved for power distribution in typical 10-metal
stacks. There is very little value in hiding a power distribution
network from an adversary that wants to pirate an IP. Once
again, we opt not to show this result in our comparisons.
A network-flow based attack model toward flattened de-
signs was proposed by Wang et. al [19]. The authors argue
that the proximity attack originally proposed by [8] utilizes
hints that can be used only by hierarchical designs, and that
lots of designs are flattened designs3. Based on the original
proximity attack, they propose an proximity attack utilizing
five hints: physical proximity, acyclic combinational logic
circuit, load capacitance constraint, directionality of dangling
wires, and timing constraint. Note that the first tow hints are
already described by [8] and [18]. The three novel hints are
described below:
Load Capacitance Constraint: gates can drive a limited
load to honor slew constraints. Typically, maximum
load capacitance is constrained and has a maximum
3We highlight that best practices in circuit design have changed over
the years. Hierarchical design was heavily utilized for many years, but it
lost favor due to the difficulty in performing reasonable timing budgeting
between the many blocks of a system. Thus, flattened designs are often used
to facilitate timing closure.
value defined by the PDK and the standard cell charac-
terization boundaries. Hence, an attacker will consider
only connections that will not violate the load capaci-
tance constraints.
Directionality of Dangling Wires: EDA tools route wires
from a source to a sink node along the direction of the
sink node. Therefore, the directionality of remaining
dangling wires at lower metal layers may indicate the
direction of their destination cell with a high degree of
certainty4. An attacker can disregard connections in the
other directions.
Timing Constraint: connections that create timing paths
that violate timing constraints can be excluded. An
attacker, through an educated guess of the clock period,
can determine a conservative timing constraint and ex-
clude any connections that would lead to slower paths.
The network-flow based attacked framework proposed by
Yang et. al, considers two hints proposed by [8] plus the
aforementioned hints to create a directed graph G = (V,E),
where V is a set of vertices and E is a set of edges. The set
(V ) is composed by the set of vertices corresponding to the
output pins Vo, and a set corresponding to the input pins (Vi),
the source vertex (S) and the target vertex (T ). The set E
consists ofESo, edges from S to every output pin vertex,Eoi,
edges from output pin vertices to input pin vertices, and EiT ,
which includes edges from every input vertex to the target
vertex. An example of this kind of representation is shown in
Fig. 8, where (a) is the circuit with missing connections, and
(b) is the network-flow representation. The detailed problem
formulation is omitted from this work. To find the connec-
tions, its used min-cost network-flow problem, where the
decision variables are the flow xi,j going through each edge
(i, j) ∈ E . The authors utilize the Edmons-karp algorithm
[25] to solve this problem. Complexity of the algorithm alone
is given byO(V E2), however, its needed to run the algorithm
V in the worst case, thus, the run-time of the complete
network attack is given by O(V 2E2), assuming the worst
case.
The network-flow approach was applied to ISCAS-85 and
ITC-99 benchmark circuits. For comparison, they applied
both the original proximity attack and the network-flow at-
tack to flattened designs. As shown in Tab. 2, their network-
flow proximity attack outperformed the original in terms of
CCR. However, despite the evident improvement, the attack
could only retrieve 17% of the missing BEOL connections
for a medium sized circuit (b18 from the ITC-99 suite).
A Machine Learning (ML) framework was used by Zhang
et al. [20] in an attempt to improve the attack proposed in
[18]. They used the same setup as previously discussed. How-
ever, they incorporated more layout features as placement,
routing, cell sizes, and cell pin types in their ML formulation.
4Metals usually have preferred directions that alternate along the stack
(i.e., if M1 is vertical, then M2 is horizontal). Therefore, this hint becomes
more effective if the attacker can observe more than one routing layer of the
FEOL
8 VOLUME XXX, 2020
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
FIGURE 7: Multiple strategies for pin/connectivity search areas according to [18]
FIGURE 8: (a) Circuit with missing connections. (b)
Network-flow model for inferring the missing connections.
(Adapted from [19])
A high-level overview of their modeling framework is
shown in Fig. 9 (a). First, they create a challenge instance
from the entire layout and only FEOL view. Next, for each
virtual pin (point where a net is broken on the split layer)
they collect layout information, including placement, routing,
cell areas, and cell pin as illustrated in Fig. 9 (b). Using this
information, samples are generated which are fed into the ML
training process. Each sample carries information for a pair
of virtual pins which may or may not be matched. Classifiers
then are build by the ML using training samples. After
training and building the regression model, cross validation
is used for evaluation which ensures validation of the model
is done on the rest of the data which was not used for
training. Their framework faces scaling issues when applied
to lower split metal layers. An improved ML framework is
then proposed as well, denoted by ML-imp, to solve the
scaling issues.
For their experiments, Zhang et al. [20] utilizes the ISPD
2011 benchmark suite. They compare results from their last
work [18], ML framework and ML-imp framework. How-
ever, they do not show results for lower split metal layers
(e.g., M2). Instead, results are provider for M8, M6, and M4
splits. As pointed out before, utilizing higher layers for the
split effectively shrinks the otherwise large circuits used in
their experiments. A drastic reduction of unassigned pins is
expected for such higher layers, as higher metal layers are
used often for power routing, not for signal routing. Results
for the superblue1 circuit are shown in Tab. 2. Regarding re-
covering missing BEOL connections, ML and ML-imp could
only retrieve around 2%, therefore not showing a huge im-
provement when compared to their previous work. However,
search list area accuracy showed significantly better results
compared to their prior work. Besides obtained results, their
machine learn framework needs the entire layout during its
modeling. This characteristic may, in a best case scenario,
nullify the applicability for an attacker that only holds the
FEOL layout.
Attacks using proximity information as metric are not
the only solution to recover missing BEOL connections. An
effective methodology to apply a Boolean satisfiability based
strategy is proposed by Chen et al. [21]. The authors claim
that their attack methodology does not need or depend on
any proximity information, or even any other insights into
the nature of EDA tools during the design process. The key
insight in their work is to model the interconnect network
as key-controlled multiplexers (MUX). Initially, all combi-
nations of signal connections between the FEOL partitions
are allowed, as illustrated in Fig. 10. First, a MUX network
is created in order to connect all missing paths in the circuit.
This MUX network leads to potential cyclic paths, thus, there
is a possibility to generate many combinational cycles during
the attack process corresponding to incorrect key guesses.
Therefore, constraints on the key values are generated in
order to avoid activating the cyclic paths. The attack can be
summarized in 4 steps: identification of all cyclic paths, gen-
eration of cycle constraints, cycle constraints optimizations,
and finally, SAT attack. Chen et al. utilizes the SAT solver
based attack method based on CycSat proposed by [26]. The
SAT attack algorithm has as input the FEOL circuit with
MUX network and the packaged IC that serves as an oracle,
and as output MUX keys to yield correct BEOL nets.
In reality, [21] presents a different interpretation of threat
model I since the attacker is assumed to possess a functional
IC. This IC would then have to be available in the open mar-
VOLUME XXX, 2020 9
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
FIGURE 9: (a) Machine Learn Modeling by Zhang et al. [20]. (b) Few Layout Features Examples.
ket for being purchased by the attacker. This characteristic
severely narrows down the applicability of this SAT attack.
For instance, ICs designed for space or military use will not
be freely available, thus an oracle is not known to the attacker.
Experimental results presented by [21] utilize ISCAS-
85 and ITC-99 benchmark circuits. It has been shown that
their attack could recover the correct logic circuit for all the
circuits. However, there is a small caveat. In Tab. 2, two of
those results are shown. For seven of the studied benchmarks
(c1908, c2670, c5315, c7552, b14, b15, b17), the connections
recovered are identical to the BEOL connections. For the
remaining benchmarks, the recovered connections are not
identical but logically equivalent to the original circuit. In
practice, the logically equivalent circuit may present per-
formance deviations from the original design. Matching the
performance of the original design can be done by executing
place and route using the logically equivalent gate-level
netlist. Depending on the attack goal, it is possible that the
attacker had already planned to execute the physical synthesis
flow again (say, to resell the IP in a different form or shape).
An attack that guarantees 100% of logic equivalence recovery
is powerful enough, allowing attackers to copy and modify
split layouts.
In order to increase the efficiency and capacity of SAT at-
tack proposed in [21], the authors propose two improvements
in [22]. First, the size of the key-controlled interconnect
network that models the possible BEOL connections should
be reduced. Second, after the MUX network is inserted
into the FEOL circuit, the number of combinational cycles
it induces in the design for incorrect key guesses should
also be reduced. Proximity information is then exploited
to achieve the proposed improvements. The improved SAT
attack method which exploits proximity information showed
significant reduction in the attack time and increase in the
capacity. Same as in [21], the circuits tested were 100%
recovered, as shown in Tab. 2.
FIGURE 10: MUX Network for a Bipartitioned FEOL Cir-
cuit. (Adapted from [21])
IV. SPLIT MANUFACTURING DEFENSES
Attacks toward Split Manufacturing showed promising re-
sults, as described in the previous section. A malicious at-
tacker has the real potential to recover the missing BEOL
connections. If the missing connections are successfully re-
covered, the security introduced by applying the technique is
nullified. Therefore, straightforward Split Manufacturing is
questioned by several works. Several authors propose defense
techniques that augment the technique, i.e., techniques that
when used together with Split Manufacturing do increase the
achieved security level against attacks. In Tab. 3, we compile
a comprehensive list of defense techniques found in the
literature. Each defense technique utilizes a different metric
and threat model, depending upon the type of attack they
are trying to overcome. Since many of the studied defense
techniques often introduce heavy PPA overheads, Tab. 4 also
shows if the studied work assessed overheads and which ones
were addressed.
In the text that follows, the many defense techniques
are divided into categories, namely Proximity Perturbation
(i.e., change location of cells or pins), Wire Lifting (i.e.,
change routing to upper layers), and Layout Obfuscation (i.e.,
hide the circuit structure). We present the categories in this
exact order. For some techniques, it is worth mentioning that
10 VOLUME XXX, 2020
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
TABLE 3: Split Manufacturing Defenses
Work Year Threat Model Category Defense Metrics Defense Overheads Presented
[8] 2013 I Proximity Perturbation Pin Swapping Hamming Distance -*
[14] 2013 II Wire Lifting Wire Lifting k-Distance Power, Area, Delay and Wire-Length
[11] 2014 I Layout Obfuscation Layout Obfuscation for
SRAMs and Analog IPs
- Performance, Power and Area
[27] 2014 I Layout Obfuscation Obfuscation Techniques Neighbor Connectedness
and Entropy
Performance and Area
[28] 2015 I Layout Obfuscation Automatic Obfuscation
Cell Layout
Neighbor Connectedness
and Entropy
Performance, Power and Area
[29] 2015 I Layout Obfuscation Obfuscated Built-in Self-
Authentication
Obfuscation Connection Number of Nets
[18] 2016 I Wire Lifting Artificial Blockage Inser-
tion
Number of Pins -*
[30] 2016 I Wire Lifting Net Partition, Cell Hidden
and Pin Shaken
- -*
[15] 2017 I Proximity Perturbation Routing Perturbation Hamming Distance Performance and Wire-Length
[31] 2017 I Wire Lifting Secure Routing Perturba-
tion for Manufacturability
Hamming Distance Performance and Wire-Length
[32] 2017 I Proximity Perturbation placement-centric
Techniques
CCR Performance, Power and Area
[33] 2017 II Proximity Perturbation Gate Swapping and Wire
Lifting
Effective Mapped Set Ra-
tio and Average Mapped
Set Pruning Ratio
Wire-Length
[34] 2018 I Wire Lifting Concerted Wire Lifting Hamming Distance Performance, Power and Area
[19] 2018 I Proximity Perturbation Secure Driven Placement
Perturbation
Hamming Distance Power and Wire-Length
[35] 2018 I Proximity Perturbation placement and routing per-
turbation
Hamming Distance Performance, Power and Area
[36] 2019 I Layout Obfuscation Isomorphic replacement
for Cell Obfuscation
Isomorphic Entropy -*
[37] 2019 II Layout Obfuscation Dummy Cell and Wire In-
sertion
k-security Area and Wire-Length
* Authors do not present any discussion regarding overhead.
overlaps do exist and that techniques could be categorized
differently. Thus, this categorization is our interpretation of
the state of the art and may not be definitive. Furthermore, the
boundaries between categories are not strict. For example, a
technique may perform a layout modification that promotes
proximity perturbation and leads to (indirect) wire lifting.
A. PROXIMITY PERTURBATION
Attacks toward split circuits are generally based on leverag-
ing proximity information. As previously mentioned, missing
connections have a tendency to be close to one another. The
first category of defenses, Proximity Perturbation, addresses
this hint left by the EDA tools. The goal of the techniques
within this category is to promote changes in the circuit such
that the proximity information between the FEOL pins is less
evident. Therefore, the success rate of the proximity attacks
is decreased.
In [8], the authors propose pin swapping to overcome prox-
imity attacks. Rearranging the partition pins can alter their
distance in such way to deceive the attacker. As an example,
if the pins PG3,B,in and PG6,A,in (Fig. 5) are swapped,
the proximity attack will incorrectly guess the connection
between PG2,A,out and PG3,B,in. Thus, a sufficient number
of pins have to be swapped in order to create a netlist that
is significantly different from the original netlist (based on
some sort of metric for similarity). In [8], Hamming distance
is proposed as a way to quantify the difference between
the outputs of the original netlist and the modified netlist.
The authors argue that the optimum netlist is created when
the Hamming distance is 50%. Since the best rearrangement
for N pins of partitions might take N ! computations (rather
computationally expensive), pair-wise swapping of pins is
considered in [8]. Pair-wise swapping of pins results in
O(N2) computations.
The modified netlist is created based on a series of rules.
Similarly to the proximity attack, a list of candidates pins to
be swapped is created before the actual swap is applied. Since
not every pin can be swapped, a candidate pin to be swapped
should:
• be an output pin of the partition where the target pin
resides
• not be connected to the partition where the candidate pin
resides
• not form a combinational loop
Using the above constraints, a candidate pin is selected.
The target pin also needs to be chosen carefully. In [8], IC
testing principles [38] and hints from the original proximity
attack are used to choose the target pin. The swapping proce-
dure is described in Algorithm 2, where TestingMetric is
a metric based on IC testing principles described in details
in [8]. The proposed defense technique is validated using
ISCAS'85 circuits and the original proximity attack. For the
smallest circuit, c17, it took only one swap to achieve 50% of
VOLUME XXX, 2020 11
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
Hamming Distance. For the largest studied circuit, c7552, it
took 49 swaps. These results are summarized in Tab. 4.
As demonstrated in [8], rearranging the partition pins can
thwart proximity attacks. However, according to Chen et al.
[33], pin swapping at partition level has limited efficacy. They
demonstrated that an attacker holding the FEOL layout as
well as the nestlist can insert hardware trojans, even when
the defense approach of [8] is applied. It must be highlighted
that [33] assumes threat model II, which we have previously
argued that has the potential to nullify the vast majority of
defenses towards split circuits. Thus, they proposed a defense
to counter the threat from hardware trojans attacks. Their
defense incorporates the global wire-length information, with
the goal to hide the gates from their candidate locations, and
as result decreasing the effective mapped set ratio (EMSR).
The EMSR metric is an attempt to quantify the ratio of
real gates location of a given mapping during a simulated
annealing-based attack. This defense consists of two steps,
first a greedy gate swapping defense [19], and second, a
measurement of the security elevation in terms of EMSR. The
technique is evaluated using ISCAS'85 benchmarks circuits,
and the EMSR metric to quantify the defense effectiveness.
The results are shown in Tab. 4.
Following the same principle of increasing the Hamming
Distance, Wang et al. [15] propose a routing perturbation
based defense. The optimum Hamming distance is sought
to be achieved by layer elevation, routing detour, and wire
decoys, while testing principles are used to drive the pertur-
bation choices. Layer elevation is essentially a wire lifting
technique: without changing the choice of split metal layer,
wires are forced to route using higher metal layers, thus being
lifted from the FEOL to the BEOL. Intentional routing detour
is a way to increase the distance between disconnect pins of
the FEOL. If done properly, disconnected pins will not be
the closest to each other, deceiving the proximity attack. In
some cases, routing detour will increase the distance between
disconnect pins, however, they still remain the closest to
each other. In this scenario, wire decoys can be drawn near
disconnected pins, in such a way that they are now the closest
and will picked as the ideal candidate pin.
The perturbations proposed in [15] can incur heavy over-
heads, and for this reasons wires to be perturbed are chosen
by utilizing IC testing principles. In [15], fault observability,
as defined in SCOAP, is used as a surrogate metric for this
task. The technique is evaluated using ISCAS'85 and ITC'99
benchmark circuits. For all studied circuits, the Hamming
distance increased by an average of 27%, with only an
average of 2.9% wire length overhead (WLO). The results for
the largest and smallest studied circuit are shown in Tab. 4.
Sengupta et al. [32] take a difference direction from other
works. They utilize an information-theoretic metric to in-
crease the resilience of the layout against proximity attacks.
As demonstrated in [32], mutual information (MI) can be
used to quantify the amount of information revealed by the
connectivity distance between cells. Mutual information is
calculated by taking into account the cells connectivity D, if
Algorithm 2: Fault Analysis-Based Swapping of Pins to
Thwart Proximity Attack (Adapted from [8]).
Input: Partitions
Output: List of target and swapping pins
1 ListofTargetP ins = ∅;
2 ListofSwappingP ins = ∅;
3 ListofUntouchedP ins = All partition pins and I/O
ports;
4 while Untouched output partitions pins or input ports
exist do
5 for UntouchedP in do
6 SwappingP ins =
7 BuildSwappingPinsList(UntouchedP in); for
SwappingP in ∈ SwappingP ins do
8 Compute
9 TestMetric(UntouchedP in, SwappingP in);
10 Find the TargetP in and SwappingP in with the
Highest TestMetric from its SwappingPins;
11 ListofTargetP ins+ = TargetP ins;
12 ListofSwappingP ins+ = SwappingP ins;
13 ListofUntouchedP ins− = TargetP ins;
14 LisofUntouchedP ins− = SwappingP in;
15 Swap TargetPin and SwappingPin;
16 Update netlist;
17 Return: ListofTargetPins and ListofswappingPins;
BuildSwappingPinList(TargetP in);
Input: TargetP inPx,i,out
Output: SwappingP ins for TagetP in
18 for PinJ ∈ SwappingP ins do
19 if CombinationalLoop(TargetP in, P inJ) then
20 SwappingP ins− = PinJ ;
21 Return: SwappingP ins;
they are connected or not, and their Manhattan distance X ,
described by equation 2, where H[·] is the entropy. The dis-
tribution of the variables X for a given layout is determined
pair-wise for all gates, allowing a straightforward compu-
tation of I(X;D). Thus, layouts with the lowest mutual
information, i.e., the correlation between cell connectivity
and their distance is low, are more resilient against proximity
attacks.
In order to minimize the information “leaked” from mu-
tual information, [32] applies cell placement randomization
and three other techniques: g-color, g-type1, and g-type2.
Randomizing the cell placement can achieve the desired low
mutual information, however, the PPA overhead incurred is
excessive. Minimizing mutual information without excessive
PPA overhead can be achieved by the other techniques. From
a graph representation of the circuit, graph coloring can be
used to hide connectivity information, where gates of the
same color must not be connected. Thus, the resulting colored
netlist is then partitioned by clustering all cells of same color
12 VOLUME XXX, 2020
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
together. During cell placement, the cells with the same color
will be confined within their respective clusters. According
to [32], these constraints naturally mitigate the information
leakage to a great extent. The technique g-color utilizes only
the graph coloring as described above. The other two, g-
type1 and g-type2, take into account the type of the gate to
create the clusters. The g-type1 approach clusters gates only
by their functionality, while g-type2 utilizes functionality and
the number of inputs for clustering. The authors assessed
their techniques utilizing ISCAS'85 and MNCN benchmar
suites. Results for the smallest and largest circuits are shown
in Tab. 4.
MI = I(X;D) = H[X]−H[X/D] (2)
Similar to the pin swapping technique proposed by [8],
Wang et al. [19] propose a placement-based defense with the
same objective of deceiving a proximity attack by perturbing
the proximity information. Differently from pin swapping,
their placement-based defense considers the incurred wire-
length overhead as a metric. This technique is based on
changing gate locations such that the proximity hint is no
longer effective. Their algorithm consists of two phases, one
to select which gates to be perturbed and a second phase
where the selected gates are (re)placed. Gate selection is done
by extracting a set of trees using two techniques, BEOL-
driven and logic-ware extraction. The first approach selects
all gate trees that contain any metal wires in the BEOL,
i.e., connections that are not hidden from the attacker. The
second approach takes into account the wire-length impact
and the gate tree impact on the overall security. After ex-
tracting the set of trees, the placement perturbation is done
in one of two ways: physical-driven or logic-driven. For each
extracted tree, the physical-driven perturbation changes the
location of gates using a Pareto optimization approach. Also,
each solution is evaluated by its wire-length overhead and
a perturbation metric, that discerns the placement difference
from the original layout considering the security introduced.
According to [19], geometric-based difference alone may be
insufficient to enhance the split circuit security. Thus, a logic-
driven perturbation is performed with a weighted logical
difference (WLD) metric, which encourages perturbation
solutions with large logical difference from its neighbors.
The authors assessed their techniques combining the gate se-
lection and perturbation as BEOL+Physical, Logic+Physical
and Logic+Logic, using ISCAS'85 and ITC'99 circuit bench-
marks. Results for the smallest and largest circuits considered
are shown in Tab. 4.
A considerably different approach is proposed by Pat-
naik et al. [35], whereas netlist modifications are promoted
(instead of placement/routing modifications during physical
synthesis). The goal is to modify the netlist of a design in
order to insert (partial) randomization. According to [35], it
helps to retain the misleading modifications throughout any
regular design flow, thereby obtaining more resilient FEOL
layouts where the netlist changes are later “corrected” in the
BEOL. This methodology is implemented as an extension
to commercial EDA tools with custom in-house scripts. The
process goes as follows: first, the netlist is randomized.
Second, the modified netlist is place and routed. Lastly, the
true functionality is restored by re-routing the BEOL. For
the netlist randomization, pairs of drivers and their sinks are
randomly selected and swapped. This is done in such way to
avoid combinational loops that may be introduced by swap-
ping. The modified netlist then is place and routed, utilizing a
‘do not touch’5 setting for the swapped drivers/sinks to avoid
logic restructuring/removal of the related nets. Finally, the
true connectivity is restored in the BEOL with the help of
correction cells [35] that resemble switch boxes. The tech-
nique is evaluated using ISCAS'85 circuits, and the results
for the largest and smallest circuit are shown in Tab. 4.
B. WIRE LIFTING
Hiding routing information from untrusted foundries is the
main objective of the Split Manufacturing technique. Since
attacks mainly rely on hints left by EDA tools to recover
the missing BEOL connections, the amount of hidden in-
formation is related to the circuit performance – splitting
the circuits at low metal layers increase the security level.
Following the same idea, wire lifting proposes ‘lifting’ wires
from FEOL layer to the BEOL layer. That is, changing the
routing to split metal layers has the potential to increase the
security level.
Wire lifting was first presented by Imerson et al. [14].
In this work, Split Manufacturing is consider as a 3D IC
implementation [39]. For the sake of argument, we will
continue to refer to this technique as Split Manufacturing,
even if the notion of untrusted FEOL vs. trusted BEOL is
shifted. This type of 3D implementation consists of two
or more independently manufactured ICs, where each IC
represents a tier that is vertically integrated on top of each
other. Connections between the tiers are done using vertical
metal pillars, referred to as through-silicon vias (TSV). In
[14], a 3D implementation consisting of two tiers is used for
their experiments. The bottom tier containing the transistors
and some routing wires (akin to the FEOL in SM), and the top
tier, containing only routing wires (akin to the BEOL layer
in SM). Regarding the manufacturing of these 3D ICs, the
bottom tier is built in a high-end untrusted foundry, and the
top tier is built in an also untrusted foundry (not necessarily
high-end, however).
In [14], threat model II is used, i.e., the adversary is as-
sumed to possess the entire netlist. The problem is formulated
as the attacker being the FEOL foundry, which in turn also
possesses the so called ‘unlifited netlist’ extracted from the
FEOL layout. By utilizing a graph to represent the circuits
as described before, the attacker seeks a bijective mapping
of gates in the unlifted netlist to gates in the complete
netlist. According to [14], if the attacker can distinguish
5This terminology is used in IC design to mean that a specific cell or
family of cells should not be optimized, i.e., not to be touched.
VOLUME XXX, 2020 13
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
TABLE 4: Proximity Perturbation Defense Results
Work Attack
Type
Benchmark Defense Technique Defense Metric Defense Overhead Split
Layer
Result with-
out Defense
Result with
Defense
[8] Proximity c17 - Hamming Distance 1 Swap for 50%
HD
-* 100% CCR 78% CCR
[8] Proximity c7552 - Hamming Distance 49 Swaps for 50%
HD
-* 94% CCR 91% CCR
[33] Proximity c432 Modifed Greedy Gate
Swapping
EMSR 75% of WLO -* 90% EMSR 25% EMSR
[33] Proximity c432 Modifed Greedy Gate
Swapping
EMSR 300% of WLO -* 78% EMSR 10% EMSR
[15] Proximity c432 - Hamming Distance 3.1% WLO for
46.1% HD
-* 92.4% CCR 78.8% CCR
[15] Proximity c432 - Hamming Distance 4.1% WLO for
31.7% HD
-* 62.8% CCR 37.9% CCR
[32] Proximity c432 Random Mutual Information < 10% PPA M1 17% CCR < 1% CCR
[32] Proximity c432 g-color Mutual Information < 10% PPA M1 17% CCR 2% CCR
[32] Proximity c432 g-type1 Mutual Information < 10% PPA M1 17% CCR 6% CCR
[32] Proximity c432 g-type2 Mutual Information < 10% PPA M1 17% CCR 4.5% CCR
[32] Proximity c7552 Random Mutual Information < 10% PPA M1 13% CCR < 1% CCR
[32] Proximity c7552 g-color Mutual Information < 10% PPA M1 13% CCR 2% CCR
[32] Proximity c7552 g-type1 Mutual Information < 10% PPA M1 13% CCR 4% CCR
[32] Proximity c7552 g-type2 Mutual Information < 10% PPA M1 13% CCR 3% CCR
[19] SAT c432 BEOL+Physical Perturbation 4.5% WLO -* 58% CCR 56% CCR
[19] SAT c432 Logic+Physical Perturbation 5.57% WLO -* 58% CCR 58% CCR
[19] SAT c432 Logic+Logic WLD 1.68% WLO -* 58% CCR 52% CCR
[19] SAT b18 BEOL+Physical Perturbation 8.06% WLO -* 15% CCR 14% CCR
[19] SAT b18 Logic+Physical Perturbation 1.70% WLO -* 15% CCR 17% CCR
[19] SAT b18 Logic+Logic WLD 0.61% WLO -* 15% CCR 16% CCR
[35] Proximity c432 Netlist Randomiza-
tion
Hamming Distance < 10% PPA overall -* 92.4% CCR 94.3% CCR
[35] Proximity c7552 Netlist Randomiza-
tion
Hamming Distance < 10% PPA overall -* 94.4% CCR 94.3% CCR
* Split layer not specified by the authors.
any gate between the two netlists, the split circuit does not
provides any security. A security notion is discussed by
the authors, based on existing multiples mapping between
gates in the unlifted and the complete netlist. Called k-
security, this metric qualifies that gates across the design
are indistinguishable from at least k − 1 other gates in the
circuits. Thus, a defender wants to lift wires in a way to
guarantee the higher k − security possible. Two procedures
are proposed to achieve this goal, one utilizing a greedy
heuristic targeted at small circuits (due to scalability issues),
and another procedure that utilizes partitioning to solve those
issues. For their experimental study, they have utilized the
ISCAS'85 benchmark suite and a DES crypto circuit with
approximated 35000 gates. The results are shown in Tab. 5,
where k = 1 is the original circuit and k = 48 is when
all the wires are lifted. It is worth to mention that, besides
the notion of the security metric, their defense technique was
not validated using an actual proximity attack towards the
modified netlist.
An artificial routing blockage6 insertion that promotes
wire lifting is proposed by Magaña et al. [18]. The goal of
this technique is to deceive proximity attacks by wire lifting.
As discussed before, the objective of commercial EDA tools
6This terminology is used in IC design to mean that a specific area should
be avoided by the EDA tool for a specific task. A blockage can be for
placement and/or for routing.
is to guarantee the best PPA possible. During the routing
stage, lower metals are preferred for signal routing, promot-
ing better PPA. Thus, routing blockages can be inserted at
the split layer (usually the lowest possible), forcing signals to
be routed above the split layer. The result is an artificial wire
lifting done during the routing stage.
Applying this type of procedure must be done considering
the design routability and overhead introduced, as well as top
level floorplan decisions for the power grid, clock distribu-
tion, and resources for busses. Larger designs are generally
difficult to be routed – simply reducing the number of routing
layers can make the desing unroutable. In [18], a procedure
is proposed to insert routing blockages ensuring the design
routability is kept. After a first routing stage, the design
is divided into small rectangular non-overlapping windows.
The routing congestion then is analyzed in each window
at the split layer for the blockage insertion. If the area has
capacity for more routing, a routing blockage is inserted,
otherwise the original routing is kept. Utilizing ISPD'11
circuits, the technique is evaluated using the proximity attack
proposed by [18], and its effectiveness using two metrics,
E[LS] and FOM . The metric E[LS] reports the candidate
list size, being an average over different search areas. The
metric FOM is a figure of merit of the ratio of candidates
list size divided by the search area, when averaged over all
the search areas at the split layer. According to [18], higher
value of FOM means it is more challenging for the attacker
14 VOLUME XXX, 2020
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
TABLE 5: Wire Lifting Defense Results
Work Attack
Type
Benchmark Defense Technique Defense Metric Defense Overhead Split
Layer
Result with-
out Defense
Result with
Defense
[14] SAT c432 Wire Lifting k-security 477% of WLO -* k=1 k=48
[18] Proximity Superblue 1 Routing Blockage In-
sertion
E[LS] Not Presented M4 1.51 1.77
[18] Proximity Superblue 1 Routing Blockage In-
sertion
FOM Not Presented M4 1222.8 1433
[34] Proximity c432 Concerted Lifting Hamming Distance 7.7% of Area Average** 23.4 45.9
[34] Proximity c432 Concerted Lifting CCR 13.2% of Power Average** 92.4 0
[34] Proximity c7552 Concerted Lifting Hamming Distance 16.7% of Area Average** 1.6 25.7
[34] Proximity c7552 Concerted Lifting CCR 9.3% of Power Average** 97.8 0
[31] Proximity c2670 CMP-Friendly Hamming Distance 3.4% of WLO -* 14.5% 20.4%
[31] Proximity c2670 CMP-Friendly CCR(%) 3.4% of WLO -* 48.1% 33.4%
[31] Proximity b18 CMP-Friendly Hamming Distance 0.4% of WLO -* 21.6% 27.6%
[31] Proximity b18 CMP-Friendly CCR(%) 0.4% of WLO -* 12.1% 10.7%
[31] Proximity c2670 SADP-Compliant Hamming Distance 7.49% of WLO -* 14.5% 24.4%
[31] Proximity c2670 SADP-Compliant CCR(%) 7.49% of WLO -* 48.1% 6.4%
[31] Proximity b18 SADP-Compliant Hamming Distance 4.64% of WLO -* 21.6% 29.6%
[31] Proximity b18 SADP-Compliant CCR(%) 4.64% of WLO -* 12.1% 2.7%
[30] Proximity s526 Net Partitioning CCR(%) Not Presented -* 40%*** 0%***
[30] Proximity s526 Net Partitioning &
Cell Hiding
CCR(%) Not Presented -* 40%*** 0%***
[30] Proximity s526 Net Partitioning &
Cell Hiding & Pin
Shaking
CCR(%) Not Presented -* 40%*** 0%***
[30] Proximity s9234.1 Net Partitioning CCR(%) Not Presented -* 30%*** 4%***
[30] Proximity s9234.1 Net Partitioning &
Cell Hiding
CCR(%) Not Presented -* 30%*** 1.5%***
[30] Proximity s9234.1 Net Partitioning &
Cell Hiding & Pin
Shaking
CCR(%) Not Presented -* 30%*** 1.5%***
* Split layer not specified by the authors.
** Results are given as an average between M3, M4 and M5.
*** These results cannot be compared with previous ones as the transistor technology is vastly different.
because of the density of candidates (over the same search
area). The results for the Superblue 1 circuit is shown in
Tab. 5.
Design for Manufacturability (DFM) has become an ex-
tremely important aspect of IC design for many years now.
Manufacturing an IC is a sensitive process that involves many
critical steps. Hence, a layout is required to be compliant
to several rules to ensure its manufacturability. A layout is
said to be manufacturable if there are no DRC violations.
However, for a design to also achieve high yield, the layout
must also pass strict DFM checks. The most common checks
are related to wire and via density over predetermined region
sizes. Until now, defense techniques discussed were mainly
concerned about security and PPA overheads. Feng et al. [31]
argue that previous works have largely neglected manufac-
turability concerns. Therefore, they proposed two wire-lifting
techniques that address two important DFM-related tech-
niques: Chemical Mechanical Planarization (CMP) and Self-
Aligned Double Patterning (SADP) [40]. The first technique,
CMP-friendly routing defense is divided into layer elevation,
wire selection, and re-routing. Layer elevation selects wires
for lifting according to following principles [31]:
• The wire has a significant logic difference from its
neighboring wires. As such, an incorrect connection in
attacking this wire may lead to more signal differences.
• The wire has large observability such that an erroneous
guess by the adversary can easily affect the circuit
primary output signals.
• The wire segment is originally at a wire-dense region.
The wire density of this region would be reduced by
the layer elevation and makes the corresponding FEOL
layer have more uniform wire density.
• The BEOL region where the wire is elevated to has low
wire density so that the density of the corresponding
BEOL layer is more uniform.
Principles 1 and 2 have the intention to increase security in
the same way as described in [15]. After the wire lifting step,
a set of wires is selected for re-routing. The selection has two
purposes, CMP-friendliness and security improvement. For
CMP-friendliness, wires located in dense regions are selected
to be re-rerouted in sparse areas. For the security improve-
ment, decoys are inserted if the routing detour passes through
a sparse area. An attacker would feel suspicious and may
realize that the detour is a defense measure. After selecting
the set of wires to be re-routed, wires are re-routed one at
a time. According to [15], their routing approach considers
wire density, while the routing perturbation proposed by [15]
can be solely focused on security, and may not be CMP-
friendly. Utilizing a graph representation, their re-routing
method is based on the Dijkstra’s shortest path algorithm [41]
where the density of wires is used as a metric.
With a few exceptions, the SADP-compliant routing de-
VOLUME XXX, 2020 15
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
fense follows the same approach as described above. During
wire lifting, the density is not considered. Wire re-routing
is actually wire extension of FEOL wires as in [42]. This
wire extension of FEOL wires inevitably leads to re-routing
of connected BEOL wires. According to [31], solving SADP
violations by wire extension can also increase security, as its
increase the distance between vias. The wire extension for si-
multaneous SADP-compliance and security is realized using
Integer Linear Programming. In their experiments, ISCAS'85
and ISPD'11 are used to evaluate their techniques. Each
technique, CMP-friendly and SADP-compliant, is evaluated
separately. The results for the smallest and largest circuit are
shown in Tab. 5.
Wire lifting approaches, in general, are not cost-free. As
shown in the previous results, wire-lifting based defenses
introduce a considerable PPA overhead. The cost-security
trade-offs was first studied by Paitinak et al. [34], i.e., PPA
margins for a given security budget. In [34], a concerted
wire-lifting method is proposed. The authors claim to enable
higher degrees of security while being cost-effective. For
their method, custom elevating cells are used for executing
the wire-lifting. Elevating cells connect gates or short wires
directly to the first layer above the split layer. Their wire-
lifting method utilizes three strategies: lifting high-fanout
nets, controlling the distance for open pin pars, and ob-
fuscation of short nets. High-fanout nets are chosen to be
lifted for two reasons: (a) a wrong connection made by the
attacker propagates the error to multiple locations, and, (b)
introduces multiple open pin pairs. As the attack to overcome
is the proximity, controlling the open pin pairs distance
is necessary. This distance is controlled at will simply by
controlling the placement of the elevating cells. According
to [34], short nets may be easy for an attacker to identify
and localize (from assessing driving strengths). Short wires
are obfuscated by inserting an elevating cell with two pins
close to each other, one being the true connection and the
other a dummy connection. Finally, wires are lifted according
to those strategies until a given PPA budget is reached. For
their experimental study, ISCAS'85 and ISPD'11 circuits are
utilized. However, results for attacks are presented only for
ISCAS'85 circuits. For ISPD'11, only the PPA impact result
introduced by their technique is presented. Once again, we
present the results for the smallest and largest of the studied
circuits in Tab. 5.
While the majority of studies reported in our survey make
use of conventional transistors (bulk CMOS technologies
with either planar or FinFET transistors), Yang et al. [30]
proposed a design methodology to secure Split Manufac-
turing for Vertical Slit Field Effect Transistor (VeSFET)-
based integrated circuits. VeSFET is a twin-gate device with
a horizontal channel and four metal pillars implementing
vertical terminals [43]. While a detailed explanation on VeS-
FETs is beyond the scope of this work, we do highlight
the differences between VesFET and conventional transistors.
In contrast with conventional transistors, VeSFET can be
accessed by both top and bottom pillars, allowing two-side
routing and offering a friendly monolithic 3D integration
[43]–[45]. While the MOSFET has two layers, FEOL and
BEOL, VeSFET has tiers of the layer containing the transis-
tors. Connections between tiers can be made directly, same
as TSV by the pillars, or by a layer containing connections
between tiers. A VeSFET 2D IC design contains only one
tier and both top and bottom connections, whereas 3D IC
design contains two or more tiers. In summary, the notion
of tier is pushed down to the transistor level in this device
topology, thus making it an interesting platform for Split
Manufacturing.
The method proposed by [30] assumes that both foundries
are untrusted and have the same capability (i.e., same tech-
nology). For 2D IC designs, the first foundry manufactures
the tier with the top connections, comprising most of the
connections. Then, the rest of the bottom connections, com-
prising of the critical minority connections, are completed
by the second foundry. For 3D IC designs, they proposed a
special type of standard cell referred as cell A and B. Cell
A has two tiers that are visible and manufactured by the first
foundry, with inter-tier connections. Cell B has only the top
tier visible and manufactured by the first foundry, the low
tier is completed by the second foundry, without inter-tier
connections. Thus, transistors can be hidden from the first
foundry as a security feature. Vulnerabilities claimed by [30]
for both 2D and 3D methods are described in Tab. 6. Note,
reverse engineering and IC overbuilding is claimed to be
impossible because the first foundry controls the number of
wafers available to the second foundry.
Increasing the security of both 2D and 3D VesFET designs
is achieved by net partitioning, and exclusively for 3D de-
signs, by transistor hiding and pin shacking. Net partitioning
is performed similarly to the wire lifting techniques described
above, where nets are chosen to be routed in the bottom
connection layer, thus, hiding those from the first foundry.
Their selection method is done by selecting nets from se-
quential logic. First, all the high-fanout nets are selected to be
partitioned. Next, the remaining nets are selected by a search
area, where two approaches are used, distance-first search
and high-fanout first search. In distance-first method, a pin in
a predefined search window connecting to an un-partitioned
net is selected when it has the minimum distance to the
currently processed pin pair. The FO-first search method
selects the pin connecting to a net having the highest FO
in the searching window. Transistor hiding in 3D designs is
done by utilizing cells similar to the cell B. Cells connected
only by partitioned nets are candidates for hiding. After
selecting the candidates, availability of unused transistors
accessible for the second foundry in the lower tiers of the
nearby cells is checked. If the available transistor count is
sufficient, then the cell is hidden. The empty space created
could provide clues for the first foundry about the security
technique. Pin shaking is applied, obfuscating the empty
space. Some nearby cells are moved to this area to obfuscate
the layout for any distance-based proximity attackers. In
[30], 10 MCNC LGSynth'91 benchmark circuits are used to
16 VOLUME XXX, 2020
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
evaluate the effectiveness of their methodology. The best and
worst results are shown in Tab. 5. It is worth to mention
that, even thought the VesFET implementation mimics the
conventional Split Manufacturing implementation, the results
cannot be compared side by side in a fair manner.
TABLE 6: Split Manufacturing VesFET Method Vulnerabil-
ities Described by [30]
Threats 1st Foundry 2nd Foundry
Design
Reconstruction
2D IC: Very Difficult
3D IC: Impossible
Impossible due to
a very limited
information
Trojan Insertion Possible, but will be
detected
No control of de-
vices
Reverse
Engineering Meaningless Impossible
IC Overbuilding Meaningless
C. LAYOUT OBFUSCATION
The main goal of Split Manufacturing – to hide sensitive
information from untrusted foundries – is compromised once
we start to consider more regular structures such as memory.
Even without knowing where all the routing goes to, an
attacker can easily identify regular structures just by look-
ing at the FEOL layout, possibly leading to easier attacks.
Mitigating attacks towards regular structures could be done
by obfuscating those structures in such a way that they
became indistinguishable. In this section, we discuss works
that propose layout obfuscation techniques to be used in a
Split Manufacturing context.
During the development of a modern IC, third-party IPs
are sought to close a technological gap or to minimize time-
to-market. IPs are typically categorized as soft and hard
IPs: soft IPs typically come in code form, giving the cus-
tomer flexibility to modify the IP such that it meets a given
specification during synthesis. Therefore, soft IPs do not
present a direct challenge for a Split Manufacturing design
flow. Perhaps, and on a very specific scenario, a given IP
can facilitate a proximity attack because it promotes certain
library composition choices over others.
On the other hand, hard IPs are completely designed by the
vendor and are technology dependent. In some instances, the
vendor only provides an abstract of the IP; the customer then
has to rely on the foundry to replace the abstract by the actual
layout. Thus, splitting a hard IP is not trivial. Additional
information is needed to be provided by the vendor, which
is not guaranteed, making the IP completely incompatible
with Split Manufacturing. Even when the customer holds
the entirety of the IP layout, differences between the FEOL
foundry and BEOL foundry make the IP no longer compliant
with either technology and therefore virtually useless. Fur-
thermore, defense techniques cannot be applied due to the
lack of information or lack of feasibility. Hard IPs, such as
embedded memories and specialized analog circuits, have
been heavily optimized for maximum compactness, perfor-
mance and yield. In today’s IP market, there still is very little
concern with security in general, so it is not conceivable that
the industry will start to provide split IP any time soon.
The security of hard IPs in a Split Manufacturing context
was first analyzed by Vaidyanathan et al. [11]. A recognition
attack flow is proposed for this purpose. An attacker holding
the FEOL layer starts his attack by isolating a target embed-
ded memory or analog hard IP. Since the targeted hard IP has
a high probability to be constructed by compilation of leaf-
cells, layout pattern recognition software [46] can be used for
leaf-cell identification. After recognizing all the leaf-cells,
the attacker attempts to infer the missing BEOL connections.
Using proximity hints together with the knowledge about the
regularized structure, the connections have a high likelihood
to be guessed correctly. Demonstrated in [11], embedded
memories, such as SRAM, are susceptible to the proposed
recognition attack. Defending against recognition attacks can
be achieved by means of obfuscation. According to [11],
SRAM IPs can be obfuscated by the following methods:
• Randomization of periphery cells, thus avoiding pre-
dictable connections.
• Minimization of regularized topologies used for periph-
eral circuits such as pre-decoders, word line decoders,
sense amplifiers, etc.
• Adding non-standard application-specific functions to
improve obfuscation and performance.
A synthesis framework is proposed by [11] to obfuscate
SRAM IPs. Referred as application-specific SRAM, it syn-
thesize SRAMs using augmented bitcell arrays and standard
cell logic IP, instead of using leaf-cells. Such synthesis,
when compared with conventional SRAM compilation, ac-
complishes all the three obfuscation goals described above
while still providing similar performance.
Analog hard IPs are also vulnerable to recognition attacks.
In contrast with embedded memories (that are often com-
piled), analog hard IPs are mostly hand designed to cater
for a challenging specification or interface. Even when such
customization degree is employed, the majority of the design
is done utilizing leaf-cells (e.g., current mirrors, matched
arrays, etc.). Thus, disclosing important information that
could be used as leverage for recognition attacks. In [11], two
methods are proposed to defend analog hard IPs against such
attacks:
• Obfuscation of analog leaf-cells.
• Use of diverse topologies and architectures that enable
obfuscation and efficiency.
Next, let us discuss the techniques utilized in order to
achieve the goals listed above. First, adding camouflaging
dummy transistors in empty spaces can turn leaf-cells indis-
tinguishable. Second, regularizing transistor widths, which
allows transistor with different channel lengths to abut each
other, thereby obscuring boundaries across different sized
transistors. Third, utilizing the same idea behind wire-lifting,
routing blockages can be inserted between transistors below
the split layer. Such routing scheme would make it difficult
VOLUME XXX, 2020 17
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
to infer the missing BEOL connections, virtually in the same
way as it does for a standard-cell based design.
To demonstrate the feasibility and efficacy of their pro-
posed approaches, the authors of [11] designed and fabricated
test chips in 130nm technology. For comparison, the same
designs were Split Manufactured and conventionally manu-
factured. Split Manufacturing used Global Foundries Singa-
pore as the trusted foundry and IBM Burlington as the trusted
foundry. Conventional manufacturing was entirely done in
Global Foundries Singapore. The first reported design is
a smart SRAM that targets an imaging application. Two
implementations of a parallel 2x2 access 1Kb SRAM were
demonstrated. For conventional manufacturing, the SRAMs
were traditionally implemented, and for Split Manafucturing,
the SRAMs were implementated using their smart synthesis
approach. For their measurements, 10 chips at 1.2V were
used to demonstrate the feasibility regarding PPA. Area
reported for the split manufactured samples was 75% of
the conventional manufacture, and, the power consumption
was 88%. Performance was equal between conventional and
split manufactured, both could work with the same clock
frequency.
The second demonstrated design is a DAC with statistical
element selection. The test chip contains a high resolution
15-bit current steering DAC. Only a description of the re-
sults is presented, where the authors claim there are tiny
measurements differences between the performance of the
conventional and the split manufactured, emphasizing that
the differences are within measurement noise.
An attacker trying to reverse engineering a split IC will
try to recover the maximum number of connections as pos-
sible, while minimizing the Time To Evaluate (TTE), i.e.,
the amount of time needed to reverse engineering the IC.
For Jagasivamani et al. [27], the goal of a designer seeking
to secure its design is to create an IC with a high TTE
while being cost-effective regarding design effort and PPA
overheads. If TTE is high enough, an adversary would be
discouraged from reverse engineering the IC. To achieve this
goal, [27] proposes obfuscation methods that do not require
any modifications to standard cells nor the implementation of
any specialized cell.
Four techniques are proposed by [27] for layout obfus-
cation, (1) limited standard-cell library, (2) smart-dummy
cell insertion, (3) isomorphic cell and (4) non-optimal cell
placement. Along with the techniques, a set of metrics is
presented to help assess the obfuscation level of a design.
Neighbor connectedness, a measure of how interconnected
cells are to their respective neighbors, i.e., how much prox-
imity information is exposed to the attacker. For a specific
cell, this metric is computed as how many connections that
cell has for a given radius around it. Standard-cell compo-
sition bias, a metric that addresses the effort required for
composition analysis of a design. The bias signature could
leave information of the function of the cell. Thus, this metric
measures how skewed a design is according to a specific bias
cell. In [27], they utilized three types of bias cells for it, XOR-
type, flip-flop and adder type of cells. Cell-level obfuscation,
a metric that measures the percentage of standard-cells that
have been obfuscated. Entropy, which is similar to the con-
cept of mutual information previously discussed.
Technique (1) aims to achieve obfuscation by reducing the
usage of complex cell and instead favour only fine-grain logic
to compose the design (i.e., to prefer single stage cells over
complex multi-stage cells). Removing specialized complex
cell could obfuscate functional signatures due to the larger
granularity that is employed to construct the cell. However,
since complex gates will need to be reconstructed through
basic cells, a heavy PPA overhead is likely to occur when
applying this technique. Technique (2) aims to obfuscate
compositional analysis by adding dummy cells in such a way
that a neutral bias composition is achieved. Dummy cells are
inserted as spare cells 7, focusing solely on obfuscating the
composition analysis. Technique (3) obfuscates the layout by
regularizing the shapes of the cells in a library. All layouts
of logic standard cells are made FEOL-identical such that
the overall circuit layout appears to be a sea of gates. The
functionality of the cells is defined later by the BEOL con-
nections. Thus, the true functionally of the cell is hidden at
the BEOL, making cell-level identification harder. Technique
(4) employs the same strategy from placement perturbation
discussed before.
For their experimental study, the authors of [27] made use
of a multiplier block with a high number of adder cells and a
crypto-like circuit. Experiments were separated into limited
library and smart dummy insertion. Results are shown as a
percentage relative to the baseline circuit, i.e., without any
protection approach applied. Neighbor connectedness (%)
for radius ≤ 25nm decreased substantially for both test
cases and circuits (for more information see [27]). Overheads
results are shown in Tab. 7, where the results presented are
normalized in relation with the baseline circuit.
TABLE 7: Performance Impacts from [27] Defenses Ap-
proaches.
Benchmark Metric Limited Library Smart Dummy
mult24 Area 94.9% 72.6%Timing Slack -64.8% 3.4%
a5/1 Area 69.8% 69.4%Timing Slack -27.2% -1.2%
Utilizing exactly the same concepts and metrics described
in [27], Otero et al. [28] proposed a “trusted split-foundry
toolflow” based on cellTK [47]. The concept of the cellTK-
based flow is to have on-demand cell generation from a
transistor-level netlist. This is heavily in contrast with a tradi-
tional ASIC flow that relies on a predefined (and thoroughly
characterized) cell library. Leveraging cellTK, [28] proposed
7Spare cells are extra logic usually inserted during physical synthesis.
These cells are used when an engineering change order (ECO) is required,
such that small tweaks to the circuit logic can be performed with minimal
changes to placement and routing.
18 VOLUME XXX, 2020
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
an extension version referred as split-cellTK. This exten-
sion version can generate multiple physical layouts for each
unique cell without modifying the circuit topology, which is
then used to implement obfuscation strategies. Two strategies
are proposed, referred as Uniform and Random. The Uniform
strategy tries to standardize the size and spacing between
cells by inserting dummy transistors to equalize the number
of nMOS and pMOS devices and, after the cell placement,
dummy cells are inserted in empty gaps. A Random strategy
is also proposed to reduce the overhead introduced by the
Uniform one. Instead of deliberately standardizing the size
and spacing between cells, a specific number of empty spaces
is chosen for these tasks. A more in-depth explanation about
their strategies is beyond the scope of this work because they
are closely related to cellTK itself. However, their goals and
evaluations are the same as in [27]. For their experimental
study, they utilized the island-style asynchronous FPGA de-
veloped in [48]. A test chip was Split Manufactured in 65nm
and the design was synthesized with a baseline cellTK, i.e.,
without any defense strategy. Their defense strategies were
evaluated only by simulations. The performance results for
the baseline, Uniform and Random strategies when trying to
obfuscated an adder are shown in Tab. 8. Trustworthiness
results are given in terms of neighbor connectedness and,
for all implementations discussed, neighbor connectedness
results were significantly smaller than the results reported by
[27].
TABLE 8: Performance Results of Obfuscating an Adder by
[28].
Technique Area(µm2)
Power
(mW)
Energy
(pJ)
Perf.
(MHz)
Baseline 462 0.146 0.257 568
Uniform 717 0.149 0.307 486
Random 760 0.164 0.303 542
In the context of obfuscation, but also generally for Split
Manufacturing, a higher level of security is achieved when
the split layer chosen is the lowest possible. Xiao et al. [29]
point out that splitting at lower metal layer could increase
the cost to manufacture the IC; it is argued that the FEOL-
BEOL integration process must be more ‘precise’ for correct
alignment. Thus, a closer technology match between the
trusted and untrusted foundries is required. As we previously
argued, if the goal is to make use of the best silicon available
from an untrusted foundry, the implication is that the trusted
foundry cannot be a legacy node, but perhaps can still be
a mature node. In [29], a methodology for obfuscating the
layout is proposed for split at M3 or higher, keeping the cost
as low as possible and at the same time providing a high
level of security. Their strategy is similar to the insertion of
dummy cells; however, functional cells are inserted instead.
Referred as obfuscated built-in self-authentication (OBISA),
the inserted functional cells are connected together to form
a circuit. As the circuit is connected to the original circuit it
is trying to protect, they claim this fact makes it extremely
difficult for an attacker to separate the OBISA design from
the original design. The idea behind OBISA is to obfuscate
the layout by hindering neighbor connectedness analysis and
standard-cell composition bias analysis while also perturbing
the proximity between gates. As illustrated in Fig. 11, the
additional functional cell could deceive proximity attacks,
assuming that the EDA tool would place the gates between
OBISA cells further than the original circuit.
The proposed OBISA circuitry has two operating modes:
functional and authentication. During functional mode,
OBISA stays idle and incoming signals and clock are
gated/blocked. Thus, the original circuit is not affected by
OBISA operating as it should. As the name suggests, when in
authentication mode, OBISA is used to verify the trustworthi-
ness of the manufactured IC (in the field). The specifics of the
authentication are beyond the scope of this work and will not
be discussed. The insertion of OBISA cells follows a similar
strategy of dummy cell insertion as discussed in [27]. The
connections of the inserted cells are done in certain way to
promote the testability of the OBISA circuit and increase the
obfuscation strength. Their approaches were evaluated using
benchmark circuits from OpenCore. Results for the smallest
and largest circuits are shown in Tab. 9.
TABLE 9: Implementation Results from [29]
Benchmark Gate
count
OBISA cell
count
Total nets Nets ≥M4
DES3 1559 158 1799 127
DES_perf 49517 2090 49951 1343
FIGURE 11: Circuit Representation with OBISA Cells
(Square Cells) Inserted (adapted from [29]).
Another study using look-alike cells is reported by Masoud
et al. [36] where the goal remains to make the attacker unable
to distinguish cells and their inputs/outputs, thus mitigating
attacks to some degree. In this study, two types of search
algorithms are proposed to replace cells for isomorphic cells.
In contrast with [27] where all cells are replaced, in [36]
only cells with high impact on the security are replaced.
Thus, the overhead introduced by cell replacement can be
controlled without impacting the security level (i.e., a trade-
off is established). The proposed algorithms are based on
‘gate normalization’, whereby truth tables of cells are anal-
ysed in order to balance the occurrence of 0s and 1s (e.g.,
XOR and XNOR gates are normalized by definition). An
analysis is made by replacing existing gates by XORs and
comparing the deviation from the the original circuit. If the
VOLUME XXX, 2020 19
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
deviation is larger than a given deviation threshold, the gates
are effectively replaced.
A novel layout obfuscation framework is proposed by Li
et al. [49] which builds on the wire lifting concept of [14].
According to the authors, wire lifting alone is not enough to
secure a design. If an attacker can tell the functionality of a
specific gate that had its wires lifted, the security is already
compromised. To address this problem, a framework that
considers dummy cells and wire insertion simultaneously
with wire lifting is proposed. As in [14], threat model II was
used. The proposed framework makes use of mixed-integer
linear programming (MILP) formulation for the FEOL layer
generation and a Lagragian relaxation (LR) algorithm to
improve scalability. The generation of the new FEOL layout
considers three operations: wire-lifting, dummy cell insertion
and dummy wire insertion. Dummy wire insertion is done
only on dummy cell, thus, the original functionality of the
circuit is guaranteed and floating pins are avoided. Utilizing
a graph representation, they re-formulate the metric security
to accommodate the dummy cell and dummy wire insertion.
Since the original graph isomorphic relationship is lost when
new nodes are inserted, a new approach has to be used
to formalize the relationship between the original and the
new FEOL; this concept is denoted as k-isomorphism [50]
and the associated security analysis is denoted as k-security.
In their experimental study, TrustHub [51] trojan insertion
methods are used to select the nodes for protection. They
used ISCAS'85 benchmark circuits together with functional
units (shifts, alu, and div) from the OpenSPARC T1 processor
[52]. Comparison between MILP and LR algorithms are done
for several k-security levels, and the results are given in terms
of area overhead (AO) and wire-length overhead (WLO). The
results for a few security levels are shown in Tab. 10.
TABLE 10: Comparison Between MILP and LR Algorithms
for c4232 [49].
Security Level Algorithm AO(%) WLO(%)
15 MILP 18 180
20 MILP 41 220
25 MILP 58 295
15 LR 18 200
20 LR 40 230
25 LR 60 305
V. FUTURE TRENDS AND CHALLENGES
Despite our effort to present the results of the many studied
papers in the most fair way possible, it is clear that the
hardware security community lacks a unified benchmark
suite and/or a common criteria for assessing results. Often,
researchers make use of benchmark suites that are popular in
the test community but have no real applicability in security.
For instance, the ISCAS'85 suite has no crypto cores in
it, which are the bread and butter of the research in the
area. Furthermore, we believe the community would largely
benefit from using circuits that better represent IC design
FIGURE 12: Techniques Validated in Silicon Among Pre-
sented Works.
practices of this decade where IPs often have millions of
gates and ICs have billions of transistors.
While the lack of a common criteria is an issue for the
academic community, the lack of an industry-supported path
for Split Manufacturing is even more troubling. Today, more
than ever, foundries compete for the title of ‘best silicon’
and rarely engage in cross-foundry cooperation. Efforts of
the past, such as the now defunct Common Platform of IBM,
Samsung and GF, could have been a catalyser for the adop-
tion of Split Manufacturing. Without such collaboration, it is
hard to foresee a future where the technique will gain traction
again. Furthermore, the study of DFM-related implications of
the technique is really cumbered by the fact that we cannot
measure yield from massively produced Split Manufactured
chips.
We have discussed in details how many attacks leverage
heuristics and hints left behind by the EDA tools. Many
of these heuristics are very logical and can be appreciated,
even graphically, as we demonstrated in Fig. 7. It is entirely
possible that machine learning approaches can detect subtle
biases in the tools that are not easy to appreciate graphically.
There is no consolidated knowledge of what these biases are
and to which extent machine learning is effective in detecting
them. This avenue of research is certainly interesting and we
believe it will be the target of many papers in the near future.
Another topic that has led to no consensus is whether an
attacker can make use of a partially recovered netlist. For
instance, let us assume a design that instantiates the same
module multiple times. If one of the modules is correctly
recovered, perhaps a cursory inspection of the structure will
allow the attacker to recover all other parts. The same line of
thinking can be applied to datapaths and some cryptographic
structures that are regular in nature. In a sense, an analysis of
the functionality of the recovered netlist could be combined
with existing attacks for further improvement of correctly
guessed connections.
We note that many of the works studied in this survey have
not actually demonstrated their approach in silicon. This fact
is summarized in Fig. 12. Manufacturing a split design is ex-
20 VOLUME XXX, 2020
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
tra challenge. As discussed here before, finding two foundries
willing to work together could be next to impossible. This
could be the main reason that such small percentage of works
validated their techniques in silicon. As a community effort,
we should strive to validate our approaches in silicon as often
as possible.
VI. CONCLUSION
Our findings showed a big disparity on how the Split Manu-
facturing technique is approached among the surveyed stud-
ies. A variety of benchmark suites and metrics were used
for evaluation, making direct comparisons between studies
very difficult – and in some cases impossible. In spite of that,
we were able to classify the studies, clearly demonstrating
the many interpretations of the technique, its attacks, and
defenses. Our belief is that this survey assesses the most
significant studies about Split Manufacturing as we focused
on papers that appear on highly-regarded venues. Results
gathered from the surveyed studies were compiled such that
main features, metrics, and performance results are available.
Regarding the results themselves, these are presented in
such manner to illustrate the present state of the technique.
Therefore, this work can be very helpful for future Split Man-
ufacturing researchers to contextualize their own techniques
for augmenting Split Manufacturing.
Overall, the security of Split Manufacturing is still under
debate. Some studies conclude that the technique is indeed
secure, and others that it is not. However, these conclu-
siosn are reached for different scenarios, i.e., using different
benchmark circuits and set of metrics. Creating a unified
benchmark suite suitable for Split Manufacturing evaluation,
along with a unified set of metrics to quantify/qualify its
performance could facilitate the discussion about its security
level. In addition, increasing the number of demonstrations
in silicon could also help with evaluation and adoption issues
related to Split Manufacturing.
REFERENCES
[1] European Union Intellectual Property Office (EUIPO). 2019 Status Report
On IPR Infringement.
[2] M. Pecht and S. Tiku. Bogus: Electronic manufacturing and consumers
confront a rising tide of counterfeit electronics. IEEE Spectrum, vol. 43,
no. 5, pp. 37âA˘S¸46, 2006.
[3] Ujjwal Guin, Ke Huang, Daniel Dimase, John M. Carulli, Mohammad
Tehranipoor, and Yiorgos Makris. Counterfeit integrated circuits: A rising
threat in the global semiconductor supply chain. Proceedings of the IEEE,
102(8):1207–1228, 2014.
[4] Randy Torrance and Dick James. The state-of-the-art in semiconductor
reverse engineering. Proceedings - Design Automation Conference, pages
333–338, 2011.
[5] P. Subramanyan, N. Tsiskaridze, K. Pasricha, D. Reisman, A. Susnea, and
S. Malik. Reverse engineering digital circuits using functional analysis. In
2013 Design, Automation Test in Europe Conference Exhibition (DATE),
pages 1277–1280, March 2013.
[6] AnySillicon. Fabless Company Sales By Region 2018.
https://anysilicon.com/fabless-company-sales-by-region-2018.
[7] Intelligence Advanced Research Projects Activity (IARPA). Trusted
Integrated Circuits Program. https://www.iarpa.gov/index.php/research-
programs/tic.
[8] Jeyavijayan Rajendran, Ozgur Sinanoglu, and Ramesh Karri. Is split
manufacturing secure? Design, Automation and Test in Europe (DATE),
(Ic):1259–1264, 2013.
[9] Kaushik Vaidyanathan, Bishnu P. Das, Ekin Sumbul, Renzhi Liu, and
Larry Pileggi. Building trusted ICs using split fabrication. IEEE Inter-
national Symposium on Hardware-Oriented Security and Trust (HOST),
pages 1–6, 2014.
[10] T. Kikkawa and R. Joshi. Design technology co-optimization for 10 nm
and beyond. In Proceedings of the IEEE 2014 Custom Integrated Circuits
Conference, pages 1–1, Sep. 2014.
[11] Kaushik Vaidyanathan, Renzhi Liu, Ekin Sumbul, Qiuling Zhu, Franz
Franchetti, and Larry Pileggi. Efficient and secure intellectual property
(IP) design with split fabrication. IEEE International Symposium on
Hardware-Oriented Security and Trust (HOST), pages 13–18, 2014.
[12] B. Hill, R. Karmazin, C. T. O. Otero, J. Tse, and R. Manohar. A split-
foundry asynchronous fpga. pages 1–4, Sep. 2013.
[13] T. Usui, K. Tsumura, H. Nasu, Y. Hayashi, G. Minamihaba, H. Toyoda,
H. Sawada, S. Ito, H. Miyajima, K. Watanabe, M. Shimada, A. Ko-
jima, Y. Uozumi, and H. Shibata. High performance ultra low-k
(k=2.0/keff=2.4)/cu dual-damascene interconnect technology with self-
formed mnsixoy barrier layer for 32 nm-node. In 2006 International
Interconnect Technology Conference, pages 216–218, 2006.
[14] Frank Imeson, Ariq Emtenan, Siddharth Garg, and Mahesh V Tripunitara.
Securing Computer Hardware Using 3D Integrated Circuit (IC) Tech-
nology and Split Manufacturing for Obfuscation. USENIX Security’13,
(Ic):495–510, 2013.
[15] Yujie Wang, Pu Chen, Jiang Hu, and Jeyavijayan Rajendran. Routing
perturbation for enhanced security in split manufacturing. Asia and
South Pacific Design Automation Conference (ASP-DAC), pages 605–
610, 2017.
[16] Kun Yang, Ulbert Botero, Haoting Shen, Domenic Forte, and Mark Tehra-
nipoor. A split manufacturing approach for unclonable chipless RFIDs for
pharmaceutical supply chain security. Asian Hardware Oriented Security
and Trust Symposium (AsianHOST), 2018-May:61–66, 2018.
[17] S. N. Pagliarini, M. M. Isgenc, M. G. A. Martins, and L. Pileggi. Ap-
plication and product-volume-specific customization of beol metal pitch.
IEEE Transactions on Very Large Scale Integration (VLSI) Systems,
26(9):1627–1636, 2018.
[18] Jonathon Magaña, Daohang Shi, and Azadeh Davoodi. Are proximity
attacks a threat to the security of split manufacturing of integrated cir-
cuits? IEEE/ACM International Conference on Computer-Aided Design
(ICCAD), 07-10-Nove(c):1–7, 2016.
[19] Yujie Wang, Pu Chen, Jiang Hu, Guofeng Li, and Jeyavijayan Rajendran.
The Cat and Mouse in Split Manufacturing. IEEE Transactions on Very
Large Scale Integration (VLSI) Systems, 26(5):805–817, 2018.
[20] Boyu Zhang, Jonathon Crandall Magana, and Azadeh Davoodi. Analysis
of Security of Split Manufacturing using Machine Learning. pages 1–6,
2018.
[21] Suyuan Chen and Ranga Vemuri. On the Effectiveness of the Satisfiability
Attack on Split Manufactured Circuits. IEEE/IFIP International Confer-
ence on VLSI and System-on-Chip, VLSI-SoC, 2018-Octob:83–88, 2019.
[22] Suyuan Chen and Ranga Vemuri. Exploiting proximity information in a
satisfiability based attack against split manufactured circuits. IEEE Inter-
national Symposium on Hardware Oriented Security and Trust (HOST),
pages 171–180, 2019.
[23] F. Brglez, D. Bryan, and K. Kozminski. Combinational profiles of sequen-
tial benchmark circuits. In IEEE International Symposium on Circuits and
Systems,, pages 1929–1934 vol.3, 1989.
[24] Natarajan Viswanathan, C.J. Alpert, Cliff Sze, Zhuo Li, Gi-Joon Nam,
and Jarrod Roy. The ispd-2011 routability-driven placement contest and
benchmark suite. pages 141–146, 01 2011.
[25] T. L. Magnanti R. K. Ahuja and J. B. Orlin. Network Flows: Theory,
Algorithms, and Applications. Upper Saddle River, NJ, USA: Prentice-
Hall, 1993.
[26] H. Zhou, R. Jiang, and S. Kong. Cycsat: Sat-based attack on cyclic logic
encryptions. In 2017 IEEE/ACM International Conference on Computer-
Aided Design (ICCAD), pages 49–56, 2017.
[27] Meenatchi Jagasivamani, Peter Gadfort, Michel Sika, Michael Bajura, and
Michael Fritze. Split-fabrication obfuscation: Metrics and techniques.
IEEE International Symposium on Hardware-Oriented Security and Trust
(HOST), pages 7–12, 2014.
[28] Carlos Tadeo Ortega Otero, Jonathan Tse, Robert Karmazin, Benjamin
Hill, and Rajit Manohar. Automatic obfuscated cell layout for trusted split-
foundry design. IEEE International Symposium on Hardware-Oriented
Security and Trust (HOST), pages 56–61, 2015.
[29] Kan Xiao, Domenic Forte, and Mark Mohammed Tehranipoor. Efficient
and secure split manufacturing via obfuscated built-in self-authentication.
VOLUME XXX, 2020 21
Perez et al.: A Survey on Split Manufacturing: Attacks, Defenses, and Challenges
Proceedings of the 2015 IEEE International Symposium on Hardware-
Oriented Security and Trust, HOST 2015, pages 14–19, 2015.
[30] Ping Lin Yang and Malgorzata Marek-Sadowska. Making split-fabrication
more secure. IEEE/ACM International Conference on Computer-Aided
Design, Digest of Technical Papers, ICCAD, 07-10-Nove:1–8, 2016.
[31] Lang Feng, Yujie Wang, Jiang Hu, Wai Kei Mak, and Jeyavijayan Ra-
jendran. Making split fabrication synergistically secure and manufac-
turable. IEEE/ACM International Conference on Computer-Aided Design
(ICCAD), 2017-Novem:313–320, 2017.
[32] Abhrajit Sengupta, Satwik Patnaik, Johann Knechtel, Mohammed Ashraf,
Siddharth Garg, and Ozgur Sinanoglu. Rethinking split manufacturing: An
information-theoretic approach with secure layout techniques. IEEE/ACM
International Conference on Computer-Aided Design (ICCAD), 2017-
Novem:329–336, 2017.
[33] Zhang Chen, Pingqiang Zhou, Tsung Yi Ho, and Yier Jin. How secure is
split manufacturing in preventing hardware trojan? IEEE Asian Hardware
Oriented Security and Trust Symposium (AsianHOST), pages 1–6, 2017.
[34] Satwik Patnaik, Johann Knechtel, Mohammed Ashraf, and Ozgur
Sinanoglu. Concerted wire lifting: Enabling secure and cost-effective split
manufacturing. Asia and South Pacific Design Automation Conference
(ASP-DAC), 2018-Janua:251–258, 2018.
[35] Satwik Patnaik, Mohammed Ashraf, Johann Knechtel, and Ozgur
Sinanoglu. Raise Your Game for Split Manufacturing: Restoring the True
Functionality Through BEOL. Design Automation Conference (DAC),
pages 1–6, 2018.
[36] Mohamad A. Masoud, Yousra Alkabani, and M. Watheq El-Kharashi. Ob-
fuscation of Digital Systems using Isomorphic Cells and Split Fabrication.
International Conference on Computer Engineering and Systems (ICCES),
pages 488–493, 2019.
[37] Meng Li, Bei Yu, Yibo Lin, Xiaoqing Xu, Wuxi Li, and David Z. Pan.
A Practical Split Manufacturing Framework for Trojan Prevention via
Simultaneous Wire Lifting and Cell Insertion. IEEE Transactions on
Computer-Aided Design of Integrated Circuits and Systems, 38(9):1585–
1598, sep 2019.
[38] M. Bushnell and Vishwani Agrawal. Essentials of Electronic Testing for
Digital, Memory and Mixed-Signal VLSI Circuits. Springer Publishing
Company, Incorporated, 2013.
[39] Tezzarron Semiconductors. 3D-ICs and Integrated Circuit Security. Tech.
rep. 2008.
[40] D. Z. Pan, B. Yu, and J. Gao. Design for manufacturing with emerging
nanolithography. IEEE Transactions on Computer-Aided Design of Inte-
grated Circuits and Systems, 32(10):1453–1472, 2013.
[41] N. Jasika, N. Alispahic, A. Elma, K. Ilvana, L. Elma, and N. Nosovic.
Dijkstra’s shortest path algorithm serial and parallel execution perfor-
mance analysis. In 2012 Proceedings of the 35th International Convention
MIPRO, pages 1811–1815, 2012.
[42] Y. Ding, C. Chu, and Wai-Kei Mak. Throughput optimization for sadp and
e-beam based manufacturing of 1d layout. In 2014 51st ACM/EDAC/IEEE
Design Automation Conference (DAC), pages 1–6, 2014.
[43] W. Maly, N. Singh, Z. Chen, N. Shen, X. Li, A. Pfitzner, D. Kasprowicz,
W. Kuzmicz, Y. Lin, and M. Marek-Sadowska. Twin gate, vertical slit fet
(vesfet) for highly periodic layout and 3d integration. In Proceedings of
the 18th International Conference Mixed Design of Integrated Circuits and
Systems - MIXDES 2011, pages 145–150, 2011.
[44] M. Weis, A. Pfitzner, D. Kasprowicz, R. Emling, T. Fischer, S. Henzler,
W. Maly, and D. Schmitt-Landsiedel. Stacked 3-dimensional 6t sram
cell with independent double gate transistors. In 2009 IEEE International
Conference on IC Design and Technology, pages 169–172, 2009.
[45] X. Qiu and M. Marek-Sadowska. Can pin access limit the footprint
scaling? In DAC Design Automation Conference 2012, pages 1100–1106,
2012.
[46] M. Schobert et al. Degate. http://www.degate.org/documentation.
[47] R. Karmazin et al. celltk: Automated layout for asynchronous circuits with
nonstandard cells. IEEE ASYNC, 2013.
[48] B. Hill et al. A split-foundry asynchronous fpga. IEEE CICC, 2013.
[49] Haocheng Li, Satwik Patnaik, Abhrajit Sengupta, Haoyu Yang, Johann
Knechtel, Bei Yu, Evangeline F.Y. Young, and Ozgur Sinanoglu. Attacking
split manufacturing from a deep learning perspective. Design Automation
Conference, pages 1–6, 2019.
[50] James Cheng, Ada Fu, and Jia Liu. K-isomorphism: Privacy preserving
network publication against structural attacks. pages 459–470, 01 2010.
[51] H. Salmani, M. Tehranipoor, and R. Karri. On design vulnerability analysis
and trust benchmarks development. In 2013 IEEE 31st International
Conference on Computer Design (ICCD), pages 471–474, 2013.
[52] P. Nguyen, T. Tran, P. Diep, and D. Le. A low-power asic implementation
of multi-core opensparc t1 processor on 90nm cmos process. In 2018
IEEE 12th International Symposium on Embedded Multicore/Many-core
Systems-on-Chip (MCSoC), pages 95–100, 2018.
TIAGO D. PEREZ received the M.S. degree in
electric engineering from the University of Camp-
inas, São Paulo, Brazil, in 2019. He is currently
pursuing a Ph.D. degree at Tallinn University of
Technology (TalTech), Tallinn, Estonia.
From 2014 to 2019, he was a Digital Designer
Engineer with Eldorado Research Institute, São
Paulo, Brazil. His fields of work include digital
signal processing, telecommunication systems and
IC implementation. His current research interests
includes the study of hardware security from the point of view of digital
circuit design and IC implementation.
SAMUEL PAGLIARINI (M’14) received the PhD
degree from Telecom ParisTech, Paris, France, in
2013.
He has held research positions with the Uni-
versity of Bristol, Bristol, UK, and with Carnegie
Mellon University, Pittsburgh, PA, USA. He is
currently a Professor of Hardware Security with
Tallinn University of Technology (TalTech) in
Tallinn, Estonia where he leads the Centre for
Hardware Security. His current research interests
include many facets of digital circuit design, with a focus on circuit reliabil-
ity, dependability, and hardware trustworthiness.
22 VOLUME XXX, 2020
