Date post: | 21-Dec-2015 |
Category: |
Documents |
View: | 220 times |
Download: | 0 times |
Copy Detection forIntellectual Property Protection
of VLSI Design
Andrew B. Kahng, Darko Kirovski, Stefanus Mantik,
Miodrag Potkonjak and Jennifer L. Wong
UCLA Computer Science Dept., Los Angeles, CA
ICCAD 1999Supported in part by a grant from Cadence Design Systems, Inc.
by the MARCO Gigascale Silicon Research Center,
and by a grant from the NSF.
Motivation
• More functionality integrated on a single chip• Shorter design cycle times
design reuse methodology• Intellectual Property Protection (IPP)
– prevention of unauthorized use– detection of unauthorized use
• Copy detection techniques– watermarking, fingerprinting, etc.– applicable after an illegal copy is found
how to find the illegal copy in the first place?
General Copy Detection Problem
• Given:– a library of n registered pieces of IP– a new unregistered piece of IP
• Determine:– is any significant portion of any registered IP present in
the unregistered IP?
Previous Work
• String matching [BoyerM’77, KnuthMP’77, KarpR’81]
• Text copy detection [BrinDG’95, ShivakumarG’96, and Manber’94]
• Copy detection in biotechnology [Benson’98] and image processing [ForsythF’97]
• Speed-up database query with “Iceberg Queries” [FangSGMU’98]
• LVS [OhlrichEGS’93, ChiangNL’89, NiewczasMS’98]
Outline
• Motivations• General Copy Detection Methodology• Specific Copy Detection Techniques
– Scheduling in High-Level Synthesis– Gate-Level Netlist
• Experimental Confirmations• Conclusions
Generic Copy Detection Methodology
• Identify a common structural representation of solutions (IPs) and what constitutes an element of the solution structure– program: execution orders, instruction sets– circuit: netlist hypergraphs, vertices, hyperedges
Generic Copy Detection Methodology
• Identify a common structural representation of solutions (IPs) and what constitutes an element of the solution structure
• Understand the model of adversary– what may the adversary do to the IP?– must know what can be stolen, and possible forms of
theft, before knowing what protection is needed
Generic Copy Detection Methodology
• Identify a common structural representation of solutions (IPs) and what constitutes an element of the solution structure
• Understand the model of adversary• Identify a means of calculating locally context
dependent signatures for such elements– allows detection of partial IPs
Generic Copy Detection Methodology
• Identify a common structural representation of solutions (IPs) and what constitutes an element of the solution structure
• Understand the model of adversary• Identify a means of calculating locally context
dependent signatures for such elements• Identify rare and/or distinguishing elements of a
registered IP– rare instructions, “strange” cells, etc. [FangSGMU’98]
Generic Copy Detection Methodology
• Identify a common structural representation of solutions (IPs) and what constitutes an element of the solution structure
• Understand the model of adversary• Identify a means of calculating locally context
dependent signatures for such elements• Identify rare and/or distinguishing elements of a
registered IP• Apply “good” comparison methods to identify
suspicious unregistered IPs– linear complexity, DIFF, etc.
Outline
• Motivations• General Copy Detection Methodology• Specific Copy Detection Techniques
– Scheduling in High-Level Synthesis– Gate-Level Netlist
• Experimental Confirmations• Conclusions
Scheduling in High-Level Synthesis
• IP: high-level procedures linked arbitrarily
• Assumptions for the adversary:– extracts procedures from the IP, and embeds the
extracted code into his/her design– relinks the extracted procedures in an arbitrary fashion,
without significant modification of the actual specification within each of the procedures
– may inline a procedure in the newly created specification or conduct local perturbations
Copy Detection for HLS Scheduling
• Given:– a set P of registered procedures– a suspected instruction sequence S
• Find:– the subset P0 P consisting of all instruction sequences
Pi P that occur in S
Copy Detection (Pre-Processing)
• Select a set B of rare instructions (0 < pbj < ),pbjoccurrence probability for bj , bj B
• Identify locations of all bj in B in all Pi P– use dynamic execution order
Copy Detection (Pre-Processing)
• Select a set B of rare instructions (0 < pbj < ),pbjoccurrence probability for bj , bj B
• Identify locations of all bj in B in all Pi P
• Pseudo-randomly select K-tuples of instructions from B with max distance in the sequence order between any two instructions is smaller than – each K-tuple is a pattern– use inexact distance
(within a neighborhood of cardinality N )
...mov AX, BXaddl AX, #BF04subl BX, ESjnz AXxor ES, ESaddl ES, BX...
203020342038203CC304C308
Copy Detection (Pre-Processing)
• Select a set B of rare instructions (0 < pbj < ),pbjoccurrence probability for bj , bj B
• Identify locations of all bj in B in all Pi P
• Pseudo-randomly select K-tuples of instructions from B with max distance in the sequence between any two instructions is smaller than
• Create Constrained PoolPatterns – pati has probability ppati of occurrence in specific location
in S
– find minimal set of patterns such that each Pi P contains at least one pattern
K
jij
Nbji patbpppat
1
12 ),)1(1(
Copy Detection (Pre-Processing)
• Select a set B of rare instructions (0 < pbj < ),pbjoccurrence probability for bj , bj B
• Identify locations of all bj in B in all Pi P
• Pseudo-randomly select K-tuples of instructions from B with max distance in the sequence between any two instructions is smaller than
• Create Constrained PoolPatterns• Identify a rare instruction set C such that each
pattern in Constrained PoolPatterns contains at least one instruction in C, and the sum of occurrence probabilities of cj C is minimum
Copy Detection Steps
• For each instruction cj C found in S
• Match all patterns from constrained PoolPatterns that contain cj to S (use linear search)
...mov AX, BXaddl AX, #BF04xor AX, #FFFFsubl BX, ESjnz AXxor ES, ESmov SI, DXaddl ES, BX...
1F2C1F301F34CF38CF3CCF40
1F281F24
3
3+1...mov AX, BXaddl AX, #BF04subl BX, ESjnz AXxor ES, ESaddl ES, BX...
203020342038203CC304C308
Registered IP
Suspected IP
Gate-Level Netlists
• IP: design netlists
• Assumption for the adversary:– extracts sub-netlists from the IP, and embeds the
extracted sub-netlists into larger netlist– performs local perturbations (buffer insertions and/or
deletions, gate decompositions, etc.)
Signature of a Gate
• |Ni,1| = cardinality of the set of distinct nets incident to gate ci
• |Ci,1| = cardinality of the set of distinct cells on the nets in {Ni,1}
• |Ni,2| = cardinality of the set of distinct nets incident to the cells in {Ci,1}
• etc.
ciNi,1
Ci,1
Ni,2
Signature of a Gate
• Signature sequence of |Ni,1|, |Ci,1|, |Ni,2|, ...• 6 values: first k elements of sequence, k = 6• 3 variants: restrict by pin direction ( in, out, in-out )• 3 variants: vary underlying netlist (deleting
hyperedges with degree greater than some threshold d ( d = 4, 7, 10 )
• 6 x 3 x 3 = 54 numbers
( x1, x2, x3, x4, x5, x6, x7, x8, x9, …, x54 )
inout
in-out
d1 d2 d3
k=1
Gate Signature: Example
ci
I O B I O Bd=3
1 1 013 1
3 1 4
2 1 04 2 1
4 2 5
... ... ... ... ... ...
d=6
k=1
k=2
k=3
( 1, 1, 0, 2, 1, 0, #, #, #, 3, 1, 1, 4, 2, 1, #, #, #, 3, 1, 4, 4, 2, 5, #, #, #, … )
Copy Detection Steps
Pre-Processing• Compute signatures of registered netlists• Sort signatures of registered netlists
Copy Detection Process• Compute signatures of the suspected netlist• Sort signatures of the suspected netlist• Perform linear-time matching by walking through
sorted lists• Matching credit = 2(x -1) / 9 (x = position of match)• Calculate % matching
Outline
• Motivations• General Copy Detection Methodology• Specific Copy Detection Techniques
– Scheduling in High-Level Synthesis– Gate-Level Netlist
• Experimental Confirmations• Conclusions
• Standard multimedia benchmark applications• PFA probability of false alarm
• Average pre-processing: 46 hours
Experiments for HLS Scheduling
Application Suspected IP P FA CPU time
Code Size Procedures DetectionJPEG encoding 391 24 3.3E-07 1.8sJPEG decoding 379 24 1.8E-08 1.2sPGP encryption 443 36 2.1E-09 3.2sMPEG decoding 114 17 5.2E-11 2.9sG.721 encoding 26 4 9.1E-05 0.04sGSM encoding 98 8 8.1E-07 0.7s
patterns all ,patterns all
)1(i ijj
jiFA ppatppatP
Experiments for Gate-Level Netlists
A B C D E FA 100% 7.99% 2.90% 4.19% 2.84% 2.84%B 2.89% 100% 1.27% 2.12% 1.26% 1.26%C 0.77% 0.76% 100% 1.20% 0.72% 0.73%D 2.69% 2.79% 0.42% 100% 0.33% 0.33%E 0.25% 0.36% 0.25% 0.24% 100% 30.3%F 0.16% 0.27% 0.16% 0.15% 28.7% 100%
Weighted Matching Between Full Designs
• 6 design testcases (from 3k to 118k cells)• Matching between full designs
• Possible copy has high percentage for matching
• Test cases E & F from the same company
Experiments for Gate-Level Netlists
• Matching of partial designs against full designs• A’ A, B’ B, C’ C, etc.
• CPU for 118k: 13 hours (setup) 0.21 sec (detect)
A B C D E FA' 32.6% 8.24% 6.41% 7.21% 6.28% 6.28%B' 5.95% 14.6% 4.80% 6.46% 4.59% 4.59%C' 4.03% 4.03% 19.3% 4.40% 3.98% 3.98%D' 11.2% 12.7% 10.8% 23.6% 10.6% 10.6%E' 6.46% 6.50% 6.43% 6.41% 13.6% 10.1%F' 5.49% 5.63% 5.45% 5.44% 7.13% 15.8%
Full Designs
Pa
rtia
l De
sig
ns
Outline
• Motivations• General Copy Detection Methodology• Specific Copy Detection Techniques
– Scheduling in High-Level Synthesis– Gate-Level Netlist
• Experimental Confirmations• Conclusions
Conclusions
• Generic copy detection methodology for VLSI CAD• Specific copy detection techniques
– Scheduling in High-Level Synthesis– Gate-Level Netlist
• Sensitive detection for partial copy of IP• Current research:
– complementary interaction with watermarking– stronger techniques immune to topological change– automated techniques for tracing ancestors
• Thank You !
Copy Detection (Pre-Processing)
• Select a set B of rare instructions (0 < pbj < ),pbjoccurrence probability for bj , bj B
• Identify locations of all bj in B in all Pi P– use dynamic execution order
...mov AX, BXaddl AX, #BF04subl BX, ESjnz AXxor ES, ESaddl ES, BX...
203020342038203CC304C308
...mov AX, BXaddl AX, #BF04subl BX, ESjnz AXaddl BX, CX...xor ES, ESaddl ES, BX...
Actualorder
Dynamic execution order