SAN DIEGO, CA--(Marketwired - Apr 12, 2016) - Tortuga Logic, transforming the way hardware engineers and system architects test the security of hardware design, today announced its Hardware Security Assessment (HSA) service, offering design engineers and security architects a way to verify the security of integrated circuit (IC) designs.
"The current best-in-class techniques for hardware security assessments are manual and involve code review, staring at schematics and block diagrams, and countless hours of meetings between security engineers and hardware designers," says Dr. Jason Oberg, Tortuga Logic's chief executive officer (CEO). "These legacy methods are ineffective at preventing security vulnerabilities. As more devices are internet enabled, the more we need to be concerned about the thoroughness of hardware security."
Current approaches to check for security vulnerabilities rely on a combination of manual inspection and conventional verification tools, an error-prone process due to increasingly complex chips and growing security demands. System-on-Chip (SoC) designs have complex vulnerabilities in interconnects and encryption subsystems that are difficult or impossible to identify. This is compounded by chip development teams battling time-to-market business pressures.
Existing verification languages are unable to express security properties independent of a design's implementation details. Since security checks must be done late in the development cycle, the final netlist often is ready for tape out and companies are reluctant to change the design except for a catastrophic error. As a result, security engineers are forced to guarantee high-level security requirements with insufficient knowledge, and under time constraints and business pressures.
Tortuga Logic's Hardware Security Assessment for SoC designs includes creating a robust security threat model and checking to ensure a design has no vulnerabilities that could be exploited by the threat model. HSA covers RTL code, RTL code and firmware, and on-chip test circuitry. A proprietary Security Language called Sentinel™ developed by Tortuga Logic is used for expressing security properties at a high level of abstraction.
Often, the security of a design's RTL code cannot be thoroughly verified with conventional methods. By working with security architects and engineers, Tortuga Logic's team uses its proprietary technology to identify all vulnerabilities. Its technology works by modifying the RTL code to create a "Security Model Design" that enables security properties to be checked using formal or other verification approaches. This is accomplished using Prospect™, a proprietary verification environment for the Sentinel language.
Vulnerabilities such as illegitimate access to keys, unauthorized communication between SoC subsystems or unintended data leakage due to on-chip debug and their causes are identified and flagged for design engineers to correct.
A Tortuga Logic HSA delivers an improved security threat model, a thorough check of the RTL code's security, the cause of all vulnerabilities found and recommendations. HSA does not include off-chip software or any physical ("side-channel") attacks.
Pricing and Availability
The Tortuga Logic HSA service is available now. Pricing is available upon request.
For more information, visit: www.tortugalogic.com
About Tortuga Logic
Tortuga Logic, Inc., based in San Diego, Calif., is part of the emerging Design-for-Security market and has the goal to solve security-specific problems, minimizing security breaches in hardware and systems by automating the process of verifying their security properties. It has developed software technology, which includes a proprietary Security Language called Sentinel™ and an implementation of it called Prospect™. This technology is transforming the way hardware designers and system architects test the security of hardware designs. More information can be found at: www.tortugalogic.com Email: email@example.com
Prospect and Sentinel are trademarks of Tortuga Logic. Tortuga Logic acknowledges trademarks or registered trademarks of other organizations for their respective products and services.