Two-run RAM march testing with address decimation

Conventional march memory tests have high fault coverage, especially for simple faults like stack-at fault (SAF), transition fault (TF) or coupling fault (CF). The same-time standard march tests, which are based on only one run, are becoming insufficient for complex faults like pattern-sensitive faults (PSFs). To increase fault coverage, the multi-run transparent march test algorithms have been used. This solution is especially suitable for built-in self-test (BIST) implementation. The transparent BIST approach presents the incomparable advantage of preserving the content of the random access memory (RAM) after testing. We do not need to save the memory content before the test session or to restore it at the end of the session. Therefore, these techniques are widely used in critical applications (medical electronics, railway control, avionics, telecommunications, etc.) for periodic testing in the field. Unfortunately, in many cases, there is very limited time for such test sessions. Taking into account the above limitations, we focus on short, two-run march test procedures based on counter address sequences. The advantage of this paper is that it defines requirements that must be taken into account in the address sequence selection process and presents a deeply analytical investigation of the optimal address decimation parameter. From the experiments we can conclude that the fault coverage of the test sessions generated according to the described method is higher than in the case of pseudorandom address sequences. Moreover, the benefit of this solution seems to be low hardware overhead in implementation of an address generator

Memory Fault Simulator for Static-Linked Faults

Static linked faults are considered an interesting class of memory faults. Their capability of influencing the behavior of other faults causes the hiding of the fault effect and makes test algorithm design and validation a very complex task. This paper presents a memory fault simulator architecture targeting the full set of linked fault

MarciaTesta: An Automatic Generator of Test Programs for Microprocessors' Data Caches

SBST (Software Based Self-Testing) is an effective solution for in-system testing of SoCs without any additional hardware requirement. SBST is particularly suited for embedded blocks with limited accessibility, such as cache memories. Several methodologies have been proposed to properly adapt existing March algorithms to test cache memories. Unfortunately they all leave the test engineers the task of manually coding them into the specific Instruction Set Architecture (ISA) of the target microprocessor. We propose an EDA tool for the automatic generation of assembly cache test program for a specific architectur

Validation & Verification of an EDA automated synthesis tool

Reliability and correctness are two mandatory features for automated synthesis tools. To reach the goals several campaigns of Validation and Verification (V&V) are needed. The paper presents the extensive efforts set up to prove the correctness of a newly developed EDA automated synthesis tool. The target tool, MarciaTesta, is a multi-platform automatic generator of test programs for microprocessors' caches. Getting in input the selected March Test and some architectural details about the target cache memory, the tool automatically generates the assembly level program to be run as Software Based Self-Testing (SBST). The equivalence between the original March Test, the automatically generated Assembly program, and the intermediate C/C++ program have been proved resorting to sophisticated logging mechanisms. A set of proved libraries has been generated and extensively used during the tool development. A detailed analysis of the lessons learned is reporte

Design for testability of a latch-based design

Abstract. The purpose of this thesis was to decrease the area of digital logic in a power management integrated circuit (PMIC), by replacing selected flip-flops with latches. The thesis consists of a theory part, that provides background theory for the thesis, and a practical part, that presents a latch register design and design for testability (DFT) method for achieving an acceptable level of manufacturing fault coverage for it. The total area was decreased by replacing flip-flops of read-write and one-time programmable registers with latches. One set of negative level active primary latches were shared with all the positive level active latch registers in the same register bank. Clock gating was used to select which latch register the write data was loaded to from the primary latches. The latches were made transparent during the shift operation of partial scan testing. The observability of the latch register clock gating logic was improved by leaving the first bit of each latch register as a flip-flop. The controllability was improved by inserting control points. The latch register design, developed in this thesis, resulted in a total area decrease of 5% and a register bank area decrease of 15% compared to a flip-flop-based reference design. The latch register design manages to maintain the same stuck-at fault coverage as the reference design.Salpaperäisen piirin testattavuuden suunnittelu. Tiivistelmä. Tämän opinnäytetyön tarkoituksena oli pienentää digitaalisen logiikan pinta-alaa integroidussa tehonhallintapiirissä, korvaamalla valitut kiikut salpapiireillä. Opinnäytetyö koostuu teoriaosasta, joka antaa taustatietoa opinnäytetyölle, ja käytännön osuudesta, jossa esitellään salparekisteripiiri ja testattavuussuunnittelun menetelmä, jolla saavutettiin riittävän hyvä virhekattavuus salparekisteripiirille. Kokonaispinta-alaa pienennettiin korvaamalla luku-kirjoitusrekistereiden ja kerran ohjelmoitavien rekistereiden kiikut salpapiireillä. Yhdet negatiivisella tasolla aktiiviset isäntä-salpapiirit jaettiin kaikkien samassa rekisteripankissa olevien positiivisella tasolla aktiivisten salparekistereiden kanssa. Kellon portittamisella valittiin mihin salparekisteriin kirjoitusdata ladattiin yhteisistä isäntä-salpapireistä. Osittaisessa testipolkuihin perustuvassa testauksessa salpapiirit tehtiin läpinäkyviksi siirtooperaation aikana. Salparekisterin kellon portituslogiikan havaittavuutta parannettiin jättämällä jokaisen salparekisterin ensimmäinen bitti kiikuksi. Ohjattavuutta parannettiin lisäämällä ohjauspisteitä. Salparekisteripiiri, joka suunniteltiin tässä diplomityössä, pienensi kokonaispinta-alaa 5 % ja rekisteripankin pinta-alaa 15 % verrattuna kiikkuperäiseen vertailupiiriin. Salparekisteripiiri onnistuu pitämään saman juuttumisvikamallin virhekattavuuden kuin vertailupiiri

Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves

Intel Software Guard Extension (SGX) offers software applications enclave to protect their confidentiality and integrity from malicious operating systems. The SSL/TLS protocol, which is the de facto standard for protecting transport-layer network communications, has been broadly deployed for a secure communication channel. However, in this paper, we show that the marriage between SGX and SSL may not be smooth sailing. Particularly, we consider a category of side-channel attacks against SSL/TLS implementations in secure enclaves, which we call the control-flow inference attacks. In these attacks, the malicious operating system kernel may perform a powerful man-in-the-kernel attack to collect execution traces of the enclave programs at page, cacheline, or branch level, while positioning itself in the middle of the two communicating parties. At the center of our work is a differential analysis framework, dubbed Stacco, to dynamically analyze the SSL/TLS implementations and detect vulnerabilities that can be exploited as decryption oracles. Surprisingly, we found exploitable vulnerabilities in the latest versions of all the SSL/TLS libraries we have examined. To validate the detected vulnerabilities, we developed a man-in-the-kernel adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL library running in the SGX enclave (with the help of Graphene) and completely broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only 57286 queries. We also conducted CBC padding oracle attacks against the latest GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS (i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it only needs 48388 and 25717 queries, respectively, to break one block of AES ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can be completed within 1 or 2 hours.Comment: CCS 17, October 30-November 3, 2017, Dallas, TX, US

Secure Split Test for Preventing IC Piracy by Un-Trusted Foundry and Assembly

In the era of globalization, integrated circuit design and manufacturing is spread across different continents. This has posed several hardware intrinsic security issues. The issues are related to overproduction of chips without knowledge of designer or OEM, insertion of hardware Trojans at design and fabrication phase, faulty chips getting into markets from test centers, etc. In this thesis work, we have addressed the problem of counterfeit IC‟s getting into the market through test centers. The problem of counterfeit IC has different dimensions. Each problem related to counterfeiting has different solutions. Overbuilding of chips at overseas foundry can be addressed using passive or active metering. The solution to avoid faulty chips getting into open markets from overseas test centers is secure split test (SST). The further improvement to SST is also proposed by other researchers and is known as Connecticut Secure Split Test (CSST). In this work, we focus on improvements to CSST techniques in terms of security, test time and area. In this direction, we have designed all the required sub-blocks required for CSST architecture, namely, RSA, TRNG, Scrambler block, study of benchmark circuits like S38417, adding scan chains to benchmarks is done. Further, as a security measure, we add, XOR gate at the output of the scan chains to obfuscate the signal coming out of the scan chains. Further, we have improved the security of the design by using the PUF circuit instead of TRNG and avoid the use of the memory circuits. This use of PUF not only eliminates the use of memory circuits, but also it provides the way for functional testing also. We have carried out the hamming distance analysis for introduced security measure and results show that security design is reasonably good.Further, as a future work we can focus on: • Developing the circuit which is secuered for the whole semiconductor supply chain with reasonable hamming distance and less area overhead

Построение и применение маршевых тестов для обнаружения кодочувствительных неисправностей запоминающих устройств

The urgency of the problem of testing storage devices of modern computer systems is shown. The mathematical models of their faults and the methods used for testing the most complex cases by classical march tests are investigated. Passive pattern sensitive faults (PNPSFk) are allocated, in which arbitrary k from N memory cells participate, where k << N, and N is the memory capacity in bits. For these faults, analytical expressions are given for the minimum and maximum fault coverage that is achievable within the march tests. The concept of a primitive is defined, which describes in terms of march test elements the conditions for activation and fault detection of PNPSFk of storage devices. Examples of march tests with maximum fault coverage, as well as march tests with a minimum time complexity equal to 18N are given. The efficiency of a single application of tests such as MATS ++, March C− and March PS is investigated for different number of k ≤ 9 memory cells involved in PNPSFk fault. The applicability of multiple testing with variable address sequences is substantiated, when the use of random sequences of addresses is proposed. Analytical expressions are given for the fault coverage of complex PNPSFk faults depending on the multiplicity of the test. In addition, the estimates of the mean value of the multiplicity of the MATS++, March C− and March PS tests, obtained on the basis of a mathematical model describing the problem of the coupon collector, and ensuring the detection of all k2k PNPSFk faults are given. The validity of analytical estimates is experimentally shown and the high efficiency of PNPSFk fault detection is confirmed by tests of the March PS type.Показывается актуальность задачи тестирования запоминающих устройств современных вычислительных систем. Исследуются математические модели неисправностей запоминающих устройств и используемые методы тестирования наиболее сложных из них на базе классических маршевых тестов. Выделяются пассивные кодочувствительные неисправности (PNPSFk), в которых участвуют произвольные k из N ячеек памяти, где k << N, а N представляет собой емкость памяти в битах. Для этих неисправностей приводятся аналитические выражения минимальной и максимальной полноты покрытия, которые достижимы в рамках маршевых тестов. Определяется понятие примитива, описывающего в терминах элементов маршевого теста условия активизации и обнаружения неисправностей PNPSFk запоминающих устройств. Приводятся примеры построения маршевых тестов, имеющих максимальную полноту покрытия, а также маршевых тестов с минимальной временной сложностью, равной 18N. Исследуется эффективность однократного применения тестов типа MATS++, March C− и March PS для различного количества k ≤ 9 ячеек памяти, участвующих в неисправности PNPSFk. Обосновывается применимость многократного тестирования с изменяемыми адресными последовательностями, в качестве которых предлагается применять случайные последовательности адресов. Приводятся аналитические выражения для полноты покрытия сложных неисправностей PNPSFk в зависимости от кратности теста. Кроме того, даются оценки среднего значения кратности тестов MATS++, March C− и March PS, полученные на основании математической модели, которая описывает задачу собирателя купонов, и обеспечивающие обнаружение всех k2k неисправностей PNPSFk. Экспериментально показывается справедливость аналитических оценок и подтверждается высокая эффективность обнаружения неисправностей PNPSFk тестами типа March PS