# Sandip Ray's research while affiliated with University of Florida and other places

## Publications (136)

Article
Cooperative Adaptive Cruise Control (CACC) is a fundamental connected vehicle application that extends Adaptive Cruise Control by exploiting vehicle-to-vehicle (V2V) communication. CACC is a crucial ingredient for numerous autonomous vehicle functionalities including platooning, distributed route management, etc. Unfortunately, malicious V2V commun...
Article
Full-text available
We present CAD framework and EDA tool, $\mathrm{S{\scriptstyle O}CC{\scriptstyle OM}}$ , for automated synthesis of optimized SoC architectures. We delineate a disciplined and streamlined methodology to enable automated IP integration and design optimization. $\mathrm{S{\scriptstyle O}CC{\scriptstyle OM}}$ supports generation of a wide variety...
Article
Modern System-on-Chip (SoC) designs include a variety of Network-on-Chip (NoC) fabrics to implement coordination and communication of integrated hardware intellectual Property (IP) blocks. An important class of security vulnerabilities involves a rogue hardware IP interfering with this communication to compromise the integrity of the system. Such i...
Article
Full-text available
Multi-agent systems are becoming increasingly popular due to their successful implementation in several sectors. However, there are a variety of threats that might undermine the agent’s security and imperil system security. As a result, security concerns should be addressed during the design of multi-agent systems. This survey reviews different mod...
Article
Information leakage via timing side-channel analysis can compromise embedded systems used in diverse applications that are otherwise secure. Most state-of-the-art timing side-channel detection techniques focus on analyzing the software code while paying little to no attention to the underlying hardware. This limits the ability of such techniques in...
Preprint
Full-text available
Cooperative Adaptive Cruise Control (CACC) is a fundamental connected vehicle application that extends Adaptive Cruise Control by exploiting vehicle-to-vehicle (V2V) communication. CACC is a crucial ingredient for numerous autonomous vehicle functionalities including platooning, distributed route management, etc. Unfortunately, malicious V2V commun...
Conference Paper
Full-text available
Preprint
Reconstructing system-level behavior from silicon traces is a critical problem in post-silicon validation of System-on-Chip designs. Current industrial practice in this area is primarily manual, depending on collaborative insights of the architects, designers, and validators. This paper presents a trace analysis approach that exploits architectural...
Article
Full-text available
Chapter
Emergent vehicles will support a variety of connected applications, where a vehicle communicates with other vehicles or with the infrastructure to make a variety of decisions. Cooperative connected applications provide a critical foundational pillar for autonomous driving, and hold the promise of improving road safety, efficiency and environmental...
Article
bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Modern and Emergent automotive systems are highly complex, dominated by a large number of integrated electronics and software components. The electronic and software components include a diversity of device functionality, ranging across infotainment, dri...
Article
Automotive systems are dominated by electronic and software components. A modern car includes hundreds of Electronic Control Units connected to a variety of diverse sensors and actuators, controlled by several hundred megabytes of software code and coordinated through several in-vehicle networks implementing disparate protocols. Given this complexi...
Preprint
Reconstruction of how components communicate with each other during system execution is crucial for debugging system-on-chip designs. However, limited observability is the major obstacle to the efficient and accurate reconstruction in the post-silicon validation stage. This paper addresses that problem by proposing several communication event selec...
Article
Full-text available
The advent of quantum computing threatens to break many classical cryptographic schemes, leading to innovations in public key cryptography that focus on post-quantum cryptography primitives and protocols resistant to quantum computing threats. Lattice-based cryptography is a promising post-quantum cryptography family, both in terms of foundational...
Chapter
Systematic implementation of System-on-Chip (SoC) security policies typically involves smart wrappers extracting local security-critical events of interest from Intellectual Property (IP) blocks, together with a control engine that communicates with the wrappers to analyze the events for policy adherence. However, developing customized wrappers at...
Chapter
Verification of security policies represents one of the most critical, complex, and expensive steps of modern SoC design validation. SoC security policies are typically implemented as part of functional design flow, with a diverse set of protection mechanisms sprinkled across various IP blocks. An obvious upshot is that their verification requires...
Chapter
Effective post-silicon validation of modern SoC designs requires careful upfront planning. This activity, referred to as post-silicon readiness, is one of the most elaborate and time-consuming components of post-silicon validation. This chapter discusses various facets of readiness activities performed in current industrial practice. We delve speci...
Chapter
With the increasing design and validation complexities of an SoC coupled with reduced time-to-market constraints, designers have typically integrated pre-qualified third-party Intellectual Property (IP) cores to achieve necessary design productivity. However, many of these IP blocks are designed at different parts of the world in relatively less tr...
Chapter
System-on-Chip (SoC) security architectures targeted towards diverse applications including Internet of Things (IoT) and automotive systems enforce two critical design requirements: in-field configurability and low overhead. To simultaneously address these constraints, in this paper, we present a novel, flexible, and adaptable SoC security architec...
Chapter
Modern-day System-on-Chip (SoC) security architectures designed for smart connected devices, such as Internet of Things (IoT) and automotive applications, are often confined by two crucial design aspects: in-field configuration and low overhead. Due to the restrictions posed by these design aspects, it is extremely difficult to develop a robust and...
Book
This book offers readers comprehensive coverage of security policy specification using new policy languages, implementation of security policies in Systems-on-Chip (SoC) – current industrial practice, as well as emerging approaches to architecting SoC security policies and security policy verification. The authors focus on a promising security arch...
Chapter
This chapter introduces a new security architecture, called E-IIPS, for enforcing SoC security policies. E-IIPS includes a centralized policy control engine (SPC) in which policies can be programmed, as well as smart “wrappers” on each IP to facilitate communication with SPC. We discuss the architecture in detail, demonstrate its application on imp...
Chapter
Implementation and verification of security policies represent a critical, vexing, and time-consuming component of a modern System-on-Chip design. We have discussed one promising approach to doing so, but a lot remains to be done.
Chapter
Security assurance is a highly complex and crucial component of modern System-on-Chip (SoC) designs. In particular, SoC designs include significant sensitive information that must be protected for unauthorized access. Security policies specify the protection requirements for each asset at different stages in system execution or system life cycle. T...
Conference Paper
Full-text available
Abstract—Veriﬁcation of security policies represents one of the most critical, complex, and expensive steps of modern SoC design validation. SoC security policies are typically implemented as part of functional design ﬂow, with a diverse set of protection mechanisms sprinkled across various IP blocks. An obvious upshot is that their veriﬁcation req...
Conference Paper
We present a method for selecting trace messages for post-silicon validation of Systems-on-a-Chips (SoCs) with diverse usage scenarios. We model specifications of interacting flows in typical applications. Our method optimizes trace buffer utilization and flow specification coverage. We present debugging and root cause analysis of subtle bugs in th...
Conference Paper
Modern automotive systems and IoT devices are designed through a highly complex, globalized, and potentially untrustworthy supply chain. Each player in this supply chain may (1) introduce sensitive information and data (collectively termed "assets") that must be protected from other players in the supply chain, and (2) have controlled access to ass...
Article
Full-text available
Recent years have seen rapid development and deployment of Internet-of-Things (IoT) applications in a diversity of application domains. This has resulted in creation of new applications (e.g., vehicle networking, smart grid, and wearables) as well as advancement, consolidation, and transformation of various traditional domains (e.g., medical and au...
Chapter
Ensuring trustworthiness of modern computing systems is a critical and inherently complex problem. Trust assurance techniques today span the entire design life cycle, require highly diverse expertise and skill set for each technique, and are overall grossly inadequate. This chapter provides a glimpse of some of the trust assurance techniques used i...
Technical Report
Full-text available
Advances in computing steadily erode computer security at its foundation, and call for fundamental innovations to strengthen current practices in computer security, specifically in applied cryptography, from theory to standardization to actual implementations. At the same time, the emergence of new computing paradigms, such as cloud computing, soft...
Article
ON 21 OCTOBER OF LAST YEAR, a variety of major websites—including those of Twitter, PayPal, Spotify, Netflix, The New York Times, and The Wall Street Journal—stopped working. The cause was a distributed denial-of-service attack, not on these websites themselves but on the provider they and many others used to support the Domain Name System, or DNS,...
Article
Full-text available
In spite of decades of work, design verification remains a highly expensive and time-consuming component of electronic system development. With the advent of Systemon- Chip (SoC) architectures, verification has morphed into an activity that spans the entire life-cycle, making use of diverse platforms, tools, and technologies. This paper provides a...
Article
Modern system-on-chip (SoC) designs include a wide variety of highly sensitive assets which must be protected from unauthorized access. A significant aspect of SoC design involves exploration, analysis, and evaluation of resiliency mechanisms against attacks to such assets. These attacks may arise from a number of sources, including malicious intel...
Conference Paper
A modern automotive design contains over a hundred microprocessors, several cyber-physical modules, connectivity to a variety of networks, and several hundred megabytes of software. The future is anticipated to see an even sharper rise in complexity of this electronics, with the imminence of driverless vehicles, the potential of connected automobil...
Article
Post-silicon validation is widely acknowledged as a major bottleneck in System-on-Chip (SoC) design methodology. Recent studies suggest that post-silicon validation consumes more than 50% of an SoCs overall design effort. Due to increasing SoC design complexity coupled with shrinking time-to-market constraints, it is not possible to detect all desi...
Article
Modern System-on-Chip (SoC) designs involve integration of a large number of Intellectual Property (IP) blocks, many of which are acquired from untrusted third-party vendors. An IP containing a security vulnerability — whether inadvertent or malicious — may compromise the trustworthiness of the entire SoC. Existing functional validation approaches,...
Chapter
It has been almost a decade since the number of smart, connected computing devices has exceeded the human population, ushering in the regime of the Internet of things [1]. Today, we live in an environment containing tens of billions of computing devices of diverse variety and form factors, performing a range of applications often including some of...
Chapter
Modern SoC designs include a large number of sensitive data and collateral that must be protected against unauthorized or malicious access. Unauthorized access can happen in the design/integration supply chain as well as on-field through exploitation of system and platform errors, physical access, malicious software execution, etc. Validation entai...
Chapter
In this chapter we provide a summary of coverage on SoC security issues and countermeasures presented in this book and describe important research needs of the future.
Article
A key problem in postsilicon validation is to identify a small set of traceable signals that are effective for debug during silicon execution. Structural analysis used by traditional signal selection techniques leads to a poor restoration quality. In contrast, simulation-based selection techniques provide superior restorability but incur significan...
Conference Paper
Systematic implementation of System-on-Chip (SoC) security policies typically involves smart wrappers extracting local security critical events of interest from Intellectual Property (IP) blocks, together with a control engine that communicates with the wrappers to analyze the events for policy adherence. However, developing customized wrappers at...
Article
The proliferation of wearable and implantable computing devices in the recent years, and the emergence of the Internet of Things, have ushered in an era of computing characterized by an explosion in growth and diversification of computing platforms. Unfortunately, the traditional research silos in computing science and engineering appear inadequate...
Article
This Tutorial paper is about the Internet of Things, its applications, challenges, and how it may change the way of computing. Besides a comprehensive introduction, it focuses on two major design constraints, namely, security and power management.
Conference Paper
Article
We consider the conflicts between requirements from security and post-silicon validation in SoC designs. Post-silicon validation requires hardware instrumentations to provide observability and controllability during on-field execution; this in turn makes the system prone to security vulnerabilities, resulting in potentially subtle security exploits...
Article
The papers in this special section explore wearable computers, biomedical implants, and the Internet of things. Specifically, examines recent progress in this challenging research area. Note that the area is vast, touching almost every subject in computing and electrical engineering with a large variety of tools, techniques, and applications. Cover...
Conference Paper
Although concolic testing is increasingly being explored as a viable software verification technique, its adoption in mainstream software development and testing in the industry is not yet extensive. In this paper, we discuss challenges to widespread adoption of concolic testing in an industrial setting and highlight further opportunities where con...
Conference Paper
We describe our ongoing effort using theorem proving to certify loop pipelining, a critical and complex transformation employed by behavioral synthesis. Our approach is mechanized in the ACL2 theorem prover. We discuss some formalization and proof challenges and our early attempts at addressing them.
Article
Full-text available
Behavioral synthesis involves compiling an Electronic System-Level (ESL) design into its Register-Transfer Level (RTL) implementation. Loop pipelining is one of the most critical and complex transformations employed in behavioral synthesis. Certifying the loop pipelining algorithm is challenging because there is a huge semantic gap between the inpu...
Article
Full-text available
Behavioral synthesis entails application of a sequence of trans- formations to compile a high-level description of a hardware design (e.g., in C/C++/SystemC) into a register-transfer level (RTL) implementation. In this paper, we present a scalable equivalence checking framework to validate the correctness of compiler transformations employed by beh...
Conference Paper
A key problem in post-silicon validation is to identify a small set of traceable signals that are effective for debug during silicon execution. Most signal selection techniques rely on a metric based on circuit structure. Simulation-based signal selection is promising but have major drawbacks in computation overhead and restoration quality. In this...
Conference Paper
Function pipelining is a key transformation in behavioral synthesis. However, synthesizing the complex pipeline logic is an error-prone process. Sequential equivalence checking (SEC) support is highly desired to provide confidence in the correctness of synthesized pipelines. However, SEC for function pipelining is challenging due to the significant...
Article
Full-text available
Eliminating the excessive test power for integrated circuits is a strict challenge within the nanometer era. This method combines test pattern generation with the scan chain disabling technique to achieve low capture power testing under the single stuck-at ...
Article
We present a framework for the specification and verification of reactive concurrent programs using general-purpose mechanical theorem proving. We define specifications for concurrent programs by formalizing a notion of refinements analogous to stuttering trace containment. The formalization supports the definition of intuitive specifications of th...
Conference Paper
Full-text available
Behavioral synthesis entails application of a sequence of transformations to compile a high-level description of a hardware design (e.g., in C/C++/SystemC) into a Register-Transfer Level (RTL) implementation. We present a scalable equivalence checking framework to validate the correctness of compiler transformations employed by behavioral synthesis...
Conference Paper
A key problem in post-silicon validation is to identify a small set of traceable signals that are effective for debug during silicon execution. Structural analysis used by traditional signal selection techniques leads to poor restoration quality. In contrast, simulation-based selection techniques provide superior restorability but incur significant...
Conference Paper
Full-text available
Behavioral synthesis involves generating hardware design via compilation of its Electronic System Level (ESL) description to an RTL implementation. Equivalence checking is critical to ensure that the synthesized RTL conforms to its ESL specification. Such equivalence checking must effectively handle design and implementation optimizations. We ident...
Article
Full-text available
Loop pipelining is a critical transformation in behavioral synthesis. It is crucial to producing hardware designs with acceptable latency and throughput. However, it is a complex transformation involving aggressive scheduling strategies for high throughput and careful control generation to eliminate hazards. We present an equivalence checking appro...
Article
Multicore Register Transfer Level (RTL) model simulations are indispensable in exposing subtle memory subsystem bugs. Validating memory consistency, coherency, and atomicity is a crucial design verification task. Random MultiProcessor (MP) test generators play critical roles in pre- and post-silicon validation. The Advanced Configuration and Power...
Conference Paper
We develop a formal tool for speed-path analysis and debug. We encode speed-path requirements in a formal hardware description language providing the semantics of both the functional behavior and timing constraints, and the disciplined use of an SMT solver to analyze speed-path requirements. We are applying our framework for speed-path analysis of...
Article
We present a case study illustrating how to exploit the expressive power of higher-order logic to complete a proof whose main lemma is already proved in a first-order theorem prover. Our proof exploits a link between the HOL4 and ACL2 proof systems to show correctness of a cone of influence reduction algorithm, implemented in ACL2, with respect to...
Conference Paper
We present a method to abstract, formalize, and verify industrial flash memory implementations. Flash memories contain specialized transistors, e.g., floating gate and split gate devices, which preclude the use of traditional switch-level abstractions for their verification. We circumvent this problem through behavioral abstractions, which allow fo...
Article
We present a predicate abstraction and discovery procedure for proving invariants of reactive systems using a combination of theorem proving and model checking. Our method makes use of term rewriting on the definition of the target system to reduce an invariant proof of the target system to reachability analysis on a finite predicate abstraction, w...
Chapter
ACL2 is the name for (1)~a programming language based on a subset of Common Lisp, (2)~a logic, and (3)~a mechanical theorem prover for the logic. ACL2 is an industrial-strength theorem prover that has been used successfully in a number of formal verification projects both in the industry and academia. We present the logic of ACL2 and briefly touch...
Article
In this chapter, we discuss models of sequential programs, formalize the statement of correctness that we want to prove, and present the standard deductive approaches to derive such a correctness statement. We then discuss some deficiencies in the standard approaches.
Article
We present a framework for the specification and verification of reactive concurrent programs using general-purpose mechanical theorem proving. We show how to use (fair) stuttering trace containment to verify diverse concurrent protocols. We present a collection of proof rules that can be effectively orchestrated by a theorem prover to reason about...
Article
We outline an approach to verify pipelined machines with stuttering trace containment. Pipelined machines are complicated to reason about since they involve simultaneous overlapped execution of different instructions. Nevertheless, we show that if the logic used is sufficiently expressive, then it is possible to relate the executions of the pipelin...
Article
Theorem proving and decision procedures have orthogonal advantages in scaling up formal verification to solve complex verification problems. In this chapter, we explore the general problem of using theorem proving with decision procedures in a sound and efficient manner.
Chapter
We present an interface connecting the ACL2 theorem prover with external deduction tools. The structuring mechanisms of ACL2 make the design of the interface challenging. We discuss some of the challenges and develop a precise specification of the requirements on the external tools for a sound connection with ACL2.
Article
We consider the problem of formalizing a compositional model checking procedure with the ACL2 theorem prover. The algorithm uses conjunctive and cone of influence reductions to reduce a large model checking problem into a collection of smaller problems, and we prove the soundness of the composition of these reductions. The algorithm checks properti...