Self-Test Mechanisms for Automotive Multi-Processor System-on-Chips

L'abstract è presente nell'allegato / the abstract is in the attachmen

Conception et test des circuits et systèmes numériques à haute fiabilité et sécurité

Research activities I carried on after my nomination as Chargé de Recherche deal with the definition of methodologies and tools for the design, the test and the reliability of secure digital circuits and trustworthy manufacturing. More recently, we have started a new research activity on the test of 3D stacked Integrated CIrcuits, based on the use of Through Silicon Vias. Moreover, thanks to the relationships I have maintained after my post-doc in Italy, I have kept on cooperating with Politecnico di Torino on the topics related to test and reliability of memories and microprocessors.Secure and Trusted DevicesSecurity is a critical part of information and communication technologies and it is the necessary basis for obtaining confidentiality, authentication, and integrity of data. The importance of security is confirmed by the extremely high growth of the smart-card market in the last 20 years. It is reported in "Le monde Informatique" in the article "Computer Crime and Security Survey" in 2007 that financial losses due to attacks on "secure objects" in the digital world are greater than $11 Billions. Since the race among developers of these secure devices and attackers accelerates, also due to the heterogeneity of new systems and their number, the improvement of the resistance of such components becomes today’s major challenge.Concerning all the possible security threats, the vulnerability of electronic devices that implement cryptography functions (including smart cards, electronic passports) has become the Achille’s heel in the last decade. Indeed, even though recent crypto-algorithms have been proven resistant to cryptanalysis, certain fraudulent manipulations on the hardware implementing such algorithms can allow extracting confidential information. So-called Side-Channel Attacks have been the first type of attacks that target the physical device. They are based on information gathered from the physical implementation of a cryptosystem. For instance, by correlating the power consumed and the data manipulated by the device, it is possible to discover the secret encryption key. Nevertheless, this point is widely addressed and integrated circuit (IC) manufacturers have already developed different kinds of countermeasures.More recently, new threats have menaced secure devices and the security of the manufacturing process. A first issue is the trustworthiness of the manufacturing process. From one side, secure devices must assure a very high production quality in order not to leak confidential information due to a malfunctioning of the device. Therefore, possible defects due to manufacturing imperfections must be detected. This requires high-quality test procedures that rely on the use of test features that increases the controllability and the observability of inner points of the circuit. Unfortunately, this is harmful from a security point of view, and therefore the access to these test features must be protected from unauthorized users. Another harm is related to the possibility for an untrusted manufacturer to do malicious alterations to the design (for instance to bypass or to disable the security fence of the system). Nowadays, many steps of the production cycle of a circuit are outsourced. For economic reasons, the manufacturing process is often carried out by foundries located in foreign countries. The threat brought by so-called Hardware Trojan Horses, which was long considered theoretical, begins to materialize.A second issue is the hazard of faults that can appear during the circuit’s lifetime and that may affect the circuit behavior by way of soft errors or deliberate manipulations, called Fault Attacks. They can be based on the intentional modification of the circuit’s environment (e.g., applying extreme temperature, exposing the IC to radiation, X-rays, ultra-violet or visible light, or tampering with clock frequency) in such a way that the function implemented by the device generates an erroneous result. The attacker can discover secret information by comparing the erroneous result with the correct one. In-the-field detection of any failing behavior is therefore of prime interest for taking further action, such as discontinuing operation or triggering an alarm. In addition, today’s smart cards use 90nm technology and according to the various suppliers of chip, 65nm technology will be effective on the horizon 2013-2014. Since the energy required to force a transistor to switch is reduced for these new technologies, next-generation secure systems will become even more sensitive to various classes of fault attacks.Based on these considerations, within the group I work with, we have proposed new methods, architectures and tools to solve the following problems:• Test of secure devices: unfortunately, classical techniques for digital circuit testing cannot be easily used in this context. Indeed, classical testing solutions are based on the use of Design-For-Testability techniques that add hardware components to the circuit, aiming to provide full controllability and observability of internal states. Because crypto‐ processors and others cores in a secure system must pass through high‐quality test procedures to ensure that data are correctly processed, testing of crypto chips faces a dilemma. In fact design‐for‐testability schemes want to provide high controllability and observability of the device while security wants minimal controllability and observability in order to hide the secret. We have therefore proposed, form one side, the use of enhanced scan-based test techniques that exploit compaction schemes to reduce the observability of internal information while preserving the high level of testability. From the other side, we have proposed the use of Built-In Self-Test for such devices in order to avoid scan chain based test.• Reliability of secure devices: we proposed an on-line self-test architecture for hardware implementation of the Advanced Encryption Standard (AES). The solution exploits the inherent spatial replications of a parallel architecture for implementing functional redundancy at low cost.• Fault Attacks: one of the most powerful types of attack for secure devices is based on the intentional injection of faults (for instance by using a laser beam) into the system while an encryption occurs. By comparing the outputs of the circuits with and without the injection of the fault, it is possible to identify the secret key. To face this problem we have analyzed how to use error detection and correction codes as counter measure against this type of attack, and we have proposed a new code-based architecture. Moreover, we have proposed a bulk built-in current-sensor that allows detecting the presence of undesired current in the substrate of the CMOS device.• Fault simulation: to evaluate the effectiveness of countermeasures against fault attacks, we developed an open source fault simulator able to perform fault simulation for the most classical fault models as well as user-defined electrical level fault models, to accurately model the effect of laser injections on CMOS circuits.• Side-Channel attacks: they exploit physical data-related information leaking from the device (e.g. current consumption or electro-magnetic emission). One of the most intensively studied attacks is the Differential Power Analysis (DPA) that relies on the observation of the chip power fluctuations during data processing. I studied this type of attack in order to evaluate the influence of the countermeasures against fault attack on the power consumption of the device. Indeed, the introduction of countermeasures for one type of attack could lead to the insertion of some circuitry whose power consumption is related to the secret key, thus allowing another type of attack more easily. We have developed a flexible integrated simulation-based environment that allows validating a digital circuit when the device is attacked by means of this attack. All architectures we designed have been validated through this tool. Moreover, we developed a methodology that allows to drastically reduce the time required to validate countermeasures against this type of attack.TSV- based 3D Stacked Integrated Circuits TestThe stacking process of integrated circuits using TSVs (Through Silicon Via) is a promising technology that keeps the development of the integration more than Moore’s law, where TSVs enable to tightly integrate various dies in a 3D fashion. Nevertheless, 3D integrated circuits present many test challenges including the test at different levels of the 3D fabrication process: pre-, mid-, and post- bond tests. Pre-bond test targets the individual dies at wafer level, by testing not only classical logic (digital logic, IOs, RAM, etc) but also unbounded TSVs. Mid-bond test targets the test of partially assembled 3D stacks, whereas finally post-bond test targets the final circuit.The activities carried out within this topic cover 2 main issues:• Pre-bond test of TSVs: the electrical model of a TSV buried within the substrate of a CMOS circuit is a capacitance connected to ground (when the substrate is connected to ground). The main assumption is that a defect may affect the value of that capacitance. By measuring the variation of the capacitance’s value it is possible to check whether the TSV is correctly fabricated or not. We have proposed a method to measure the value of the capacitance based on the charge/ discharge delay of the RC network containing the TSV.• Test infrastructures for 3D stacked Integrated Circuits: testing a die before stacking to another die introduces the problem of a dynamic test infrastructure, where test data must be routed to a specific die based on the reached fabrication step. New solutions are proposed in literature that allow reconfiguring the test paths within the circuit, based on on-the-fly requirements. We have started working on an extension of the IEEE P1687 test standard that makes use of an automatic die-detection based on pull-up resistors.Memory and Microprocessor Test and ReliabilityThanks to device shrinking and miniaturization of fabrication technology, performances of microprocessors and of memories have grown of more than 5 magnitude order in the last 30 years. With this technology trend, it is necessary to face new problems and challenges, such as reliability, transient errors, variability and aging.In the last five years I’ve worked in cooperation with the Testgroup of Politecnico di Torino (Italy) to propose a new method to on-line validate the correctness of the program execution of a microprocessor. The main idea is to monitor a small set of control signals of the processors in order to identify incorrect activation sequences. This approach can detect both permanent and transient errors of the internal logic of the processor.Concerning the test of memories, we have proposed a new approach to automatically generate test programs starting from a functional description of the possible faults in the memory.Moreover, we proposed a new methodology, based on microprocessor error probability profiling, that aims at estimating fault injection results without the need of a typical fault injection setup. The proposed methodology is based on two main ideas: a one-time fault-injection analysis of the microprocessor architecture to characterize the probability of successful execution of each of its instructions in presence of a soft-error, and a static and very fast analysis of the control and data flow of the target software application to compute its probability of success

Building on Local Successes: The Energy Efficiency and Conservation Block Grant Program and its Lessons for Federal Climate Policy

The Energy Efficiency and Conservation Block Grant (EECBG) Program, funded by the American Recovery and Reinvestment Act in 2009, holds important lessons for United States climate policy. A one-time infusion of funding given primarily to local governments to for the purpose of reducing energy use and greenhouse gas emissions, the policy had important but uneven effects. Most recipients were able to show progress on energy efficiency goals to meet program requirements. But communities with pre-existing interest in and experience with climate and energy programs tended to multiply the effects of the funding, using it to launch long-term efforts or prove concepts in order to secure further funding and support. The dissertation shows the value of communities’ participation in voluntary policy initiatives related to climate and energy, as municipalities with even a small amount of related experience were better positioned to turn a one-time infusion of federal funding into long-lasting programs. At the same time, the program’s outcomes demonstrate the enduring power and influence of the federal government in achieving more widespread success, as municipalities that had not previously participated in climate and energy planning were generally unable to continue their work once federal funding was removed, even in the presence of local champions and demonstrated successes. The program also demonstrates that using federal grants-in-aid to accomplish policy goals has important limitations. Though EECBG grants often had a major impact on local policies, their uneven impact exposes the risk that grants-in-aid may further stratify local governments’ capacities in the policy areas to which they are applied. Rather than evening out the playing field, it is possible for such programs to increase the disparities between policy leaders and the rest. The dissertation points to the importance of tailoring federal programs to varying local needs and to the importance of building local differences into program evaluations

Model-based operator guidance in interactive, semi-automated production processes

This contribution focuses on the task of guiding and supervision of technical processes realized by human operators. The review of publications of the last decades discloses that especially technical processes with strong interconnection of human operator and manufacturing process are not adequately addressed by the evolved automation approaches. Integrating human process knowledge and experience into the resulting automation system is still a major concern. Besides the introduction of automation in a handcrafting process that is increasing the overall system complexity, the design of the human-machine interface to the automation system is of central importance. Within this thesis, the trade-off between manual manufacturing and automation is addressed by a semi-automation approach. The application example is the no-bake molding process, a mold manufacturing process for casts that is traditionally handmade. Within this process the human operator plays a central role (i.e. knowledge and expertise), whereas the (intelligent) automation is carrying out physical operation, which is guided and supervised by the human operator. This is achieved by experimentally identified quality representing process variables that allow for in-process feedback to the human operator. Process guiding assistance is given using a formalization approach of the human-automation-interaction. By deducing situative information of interest from the resulting human-automation-system model with respect to the current process goal, the established process model is used for supervision and assistance of the overall process. The design of the human-machine-interface is based on a detailed analysis of the handcrafted process and is realized as a direct, intuitively usable, marker-based interaction technique. The integrated human-automation-system and the corresponding human-machine-interface with process guidance assistance functionality is initially evaluated. The results are discussed for the future work with respect to the individual, human operator-specific process understanding and process reproducibility.Diese Arbeit befasst sich mit Fachkraftaufgaben in der Führung und Überwachung von technischen Prozessen. Die Übersicht der Publikationen der letzten Jahrzehnte eröffnet, dass insbesondere technische Prozesse mit enger Verknüpfung von Mensch und Herstellungsprozess bei den entwickelten Automatisierungsansätzen nicht hinreichend berücksichtigt werden. Die Integration von Prozesswissen und -erfahrung in das resultierende Automatisierungssystem bleibt eine offene Fragestellung. Neben der Einführung von Automation in Handarbeitsprozesse, die die Komplexität des Gesamtsystems erhöhen, ist die Gestaltung der Mensch-Maschine-Schnittstelle zum Automatisierungssystem von zentraler Bedeutung. Der Konflikt zwischen Handarbeit und Automatisierung wird in dieser Arbeit durch die Einführung einer Teilautomatisierung gelöst. Das Anwendungsbeispiel ist das Kaltharzverfahren, ein traditionell in Handarbeit bewältigter Herstellungsprozess für Gussformen. In diesem Prozess spielt die Fachkraft eine zentrale Rolle (z. B. durch ihr Prozesswissen und ihre Expertise), während die (intelligente) Automatisierung –geführt und überwacht durch die Fachkraft– anfallende physische Aktionen ausführt. Dies wird durch experimentell ermit- telte qualitäts-beschreibende Prozessgrößen erreicht, die eine in-prozess Rückführung zum Bedienpersonal ermöglichen. Prozessführungsassistenz ist basierend auf die Formalisierung der Mensch-Automation-Interaktion gegeben. Durch die Bestimmung von situativen Informationen hoher Wichtigkeit aus dem resultierenden Mensch-Automation-System Modell bezogen auf das aktuelle Prozessziel, wird das bestehende Prozessmodell zur Überwachung und Prozessführungsassistenz des Gesamtprozesses genutzt. Die Gestaltung der Mensch-Maschine-Schnittstelle basiert auf einer detaillierten Analyse des Handarbeitsprozesses und ist als direkte, intuitiv bedienbare, markerbasierte Interaktionstechnik realisiert. Das integrierte Mensch-Automation-System sowie die zugehörige Mensch-Maschine-Schnittstelle inklusive Prozessführungsassistenzfunktionen wurden initial evaluiert. Die erzielten Ergebnisse werden hinsichtlich des individuellen, fachkraftabhängigen Prozesswissens und der Reproduzierbarkeit für den Ausblick diskutiert

The drivers of Corporate Social Responsibility in the supply chain. A case study.

Purpose: The paper studies the way in which a SME integrates CSR into its corporate strategy, the practices it puts in place and how its CSR strategies reflect on its suppliers and customers relations. Methodology/Research limitations: A qualitative case study methodology is used. The use of a single case study limits the generalizing capacity of these findings. Findings: The entrepreneur’s ethical beliefs and value system play a fundamental role in shaping sustainable corporate strategy. Furthermore, the type of competitive strategy selected based on innovation, quality and responsibility clearly emerges both in terms of well defined management procedures and supply chain relations as a whole aimed at involving partners in the process of sustainable innovation. Originality/value: The paper presents a SME that has devised an original innovative business model. The study pivots on the issues of innovation and eco-sustainability in a context of drivers for CRS and business ethics. These values are considered fundamental at International level; the United Nations has declared 2011 the “International Year of Forestry”

Proceedings of the 2018 Canadian Society for Mechanical Engineering (CSME) International Congress

Published proceedings of the 2018 Canadian Society for Mechanical Engineering (CSME) International Congress, hosted by York University, 27-30 May 2018

Proceedings of the inaugural construction management and economics ‘Past, Present and Future’ conference CME25, 16-18 July 2007, University of Reading, UK

This conference was an unusual and interesting event. Celebrating 25 years of Construction Management and Economics provides us with an opportunity to reflect on the research that has been reported over the years, to consider where we are now, and to think about the future of academic research in this area. Hence the sub-title of this conference: “past, present and future”. Looking through these papers, some things are clear. First, the range of topics considered interesting has expanded hugely since the journal was first published. Second, the research methods are also more diverse. Third, the involvement of wider groups of stakeholder is evident. There is a danger that this might lead to dilution of the field. But my instinct has always been to argue against the notion that Construction Management and Economics represents a discipline, as such. Granted, there are plenty of university departments around the world that would justify the idea of a discipline. But the vast majority of academic departments who contribute to the life of this journal carry different names to this. Indeed, the range and breadth of methodological approaches to the research reported in Construction Management and Economics indicates that there are several different academic disciplines being brought to bear on the construction sector. Some papers are based on economics, some on psychology and others on operational research, sociology, law, statistics, information technology, and so on. This is why I maintain that construction management is not an academic discipline, but a field of study to which a range of academic disciplines are applied. This may be why it is so interesting to be involved in this journal. The problems to which the papers are applied develop and grow. But the broad topics of the earliest papers in the journal are still relevant today. What has changed a lot is our interpretation of the problems that confront the construction sector all over the world, and the methodological approaches to resolving them. There is a constant difficulty in dealing with topics as inherently practical as these. While the demands of the academic world are driven by the need for the rigorous application of sound methods, the demands of the practical world are quite different. It can be difficult to meet the needs of both sets of stakeholders at the same time. However, increasing numbers of postgraduate courses in our area result in larger numbers of practitioners with a deeper appreciation of what research is all about, and how to interpret and apply the lessons from research. It also seems that there are contributions coming not just from construction-related university departments, but also from departments with identifiable methodological traditions of their own. I like to think that our authors can publish in journals beyond the construction-related areas, to disseminate their theoretical insights into other disciplines, and to contribute to the strength of this journal by citing our articles in more mono-disciplinary journals. This would contribute to the future of the journal in a very strong and developmental way. The greatest danger we face is in excessive self-citation, i.e. referring only to sources within the CM&E literature or, worse, referring only to other articles in the same journal. The only way to ensure a strong and influential position for journals and university departments like ours is to be sure that our work is informing other academic disciplines. This is what I would see as the future, our logical next step. If, as a community of researchers, we are not producing papers that challenge and inform the fundamentals of research methods and analytical processes, then no matter how practically relevant our output is to the industry, it will remain derivative and secondary, based on the methodological insights of others. The balancing act between methodological rigour and practical relevance is a difficult one, but not, of course, a balance that has to be struck in every single paper