Hardware Trojan attacks in embedded memory

摘要

Embedded memory, typically implemented with Static Random Access Memory (SRAM) technology, is an integral part of modern processors and System-on-Chips (SoCs). The reliability and integrity of embedded SRAM arrays are essential to ensure dependable and trustworthy computing. In the past, significant research has been conducted to develop automated test algorithms aimed at comprehensively detecting SRAM faults. While such tests have advanced our ability to detect manufacturing imperfection induced faults, they cannot ensure detection of deliberately implemented design modifications, also known as hardware Trojans, in an SRAM array by untrusted entities in the design and fabrication flow. Indeed, these attacks constitute an emerging concern, since they can affect the integrity of fabricated ICs and cause severe consequences in the field. While a growing body of research addresses Trojan attacks in logic circuits, little to no research has explored these attacks in embedded memory arrays. In this paper, for the first time to our knowledge, we propose a new class of hardware Trojans targeting embedded SRAM arrays. The Trojans are designed to evade industry standard post-manufacturing memory tests (e.g. March test) while enabling targeted data tampering after deployment. We demonstrate various forms of Trojan circuits in SRAM that cause diverse malicious effects and have diverse activation conditions while incurring minimal overhead in power, performance, and stability. Further, the proposed layouts preserve the SRAM cell footprint and incur negligible silicon area overhead.