What Would Joe Do?
Peggy Aycinena is a freelance journalist and Editor of EDA Confidential at www.aycinena.com. She can be reached at peggy at aycinena dot com.
Tortuga Logic: Expect the Unexpected
May 26th, 2015 by Peggy Aycinena
If you’re a Spanish speaker, the first image that comes to mind when someone says tortuga is a slow-moving animal in a shell. Alternatively, if you’re a kid at heart and love pirates, the first image that comes to mind when someone says Tortuga is Johnny Depp sashaying around the Caribbean channeling Keith Richards.
If you work in EDA and/or use EDA tools, however, now a new image should come to mind when someone says tortuga: The image of a secure, buttoned-down design that’s impervious to harm, malicious intent, or even too much eye-liner (for the Depp/Richards fans out there).
Because a new company has just come up over the horizon: Tortuga Logic.
Built on IP developed by like-minded thinkers at U.C. San Diego and Santa Barbara, Tortuga hopes to change the way the world deals with security issues — which, by the way, is an even bigger problem today than it was back when Captain Jack Sparrow was wreaking havoc on the Spanish Main.
Last week, I had a totally engaging conversation with two of the company co-founders: Jason Oberg [PhD, UCSD] and Jonathan Valamehr [PhD, UCSB]. They outlined the company’s focus on security and verification, noting that little distinction exists between designs that harbor malicious intent and designs that harbor engineering error. Tortuga’s technology helps check for security holes and assists in the validation process at the same time.
We started our conversation with the name, however, and they both chuckled
Jason: Our group came out of U.C. San Diego and U.C. Santa Barbara, places by the ocean, so we were thinking aquatic. Plus, turtles use shells to block out danger, which is a great reference for a company that’s providing security solutions.
WWJD: Did the technology at Tortuga come out of both schools?
Jason: Yes, Jonathan and I were both undergrads at Santa Barbara before doing our PhDs. We have two other co-founders, Tim Sherwood [PhD, UCSD] who teaches at Santa Barbara and Ryan Kastner [PhD, UCLA] who teaches at San Diego. All of us have been working in the hardware security space for the last 10 years, but over the last 5 years we’ve seen the work become more and more interesting to industry.
Then we attended an NSF-sponsored innovation course, 10 weeks long with about 150 other people. At that point, we were awarded $50,000 to work on this stuff and following that, we shrink-wrapped the technology and incorporated the company.
WWJD: You’re working on security such that nothing malware-ish can be designed into the chip, or so nothing malware-ish can run on the chip?
Jason: We’re looking at both. Either the mechanics in the hardware, or you can use our software to validate a design. We don’t add any hardware [to the design], but we make sure that what you have is checked for vulnerabilities.
WWJD: Security is such a hot topic these days. So many sessions at various conferences, and so many different areas of concern.
Jason: Yeah, there is a lot of worry about trojans in hardware. People in academia and industry are all working on it, and we’re well-connected with most those guys and their research. Particularly with people working on [countering invasive] strategies that use power measurements on a chip to extract information. We know each other, because we’re all attending the same conferences.
WWJD: Security seems like a very large and complex space. How do you keep track?
Jason: There are several general classes of security problems. One is checking encryption. Another is checking that a critical core on your SoC is working in isolation from other cores that you don’t trust as much. We can verify those types of things for you.
WWJD: Wait. I’m designing cores into my chip that I don’t trust? Why? Isn’t that a complete negation of arguments in favor of using third-party IP?
Jason: The reality is that people are buying cores from different vendors based on tradeoffs between better features and better cost, and some of those cores they trust more than others. I’ve heard first-hand from the SoC guys that they’re not always trusting the RTL they’re buying.
WWJD: So why not do everything in-house and stop the worry?
Jonathan: Using [third-party] cores is a matter of time to market. A lot of new chips today are being developed in 6 months or less, often with 100 cores on the chip, and then shipped off to the factory. We need to provide a way to secure that chip.
Jason: As an analogy, consider Windows. Imagine that it was comprised of code from a hundred different vendors. We certainly know that would be a disaster. Yet in hardware it’s so much more complex, with so many more stake holders — and 100 cores on the chip.
WWJD: Okay, so I’m a chip builder. How can you help me?
Jason: Your company has a security requirement to validate on every design, and that process is currently very error prone. At semiconductor companies, they’re still doing a lot of manual code review via spreadsheets, which is a very bad way to go from a security perspective.
However, by our making the process a lot more automated, checking the main hardware design flow, we’re helping save you time and a lot of money.
WWJD: You use the word validate. Are you addressing validation issues for your customers, or security issues. Are you looking for erroneous parts of a design or malicious parts of a design?
Jason: There’s actually a large overlap between checking security and validation, because really it’s all a security problem. When the hardware-design flow checks for functionality, it looking for unspecified functionality. That functional difference [between the spec and the design] can lead to a security hole, and those are the things the security guys are looking for in the RTL. We’re helping them with that search by automating the process.
WWJD: So your software tool is scanning the design vulnerabilities that the security guys have identified. Right?
Jonathan: Consider another analogy. Imagine you were given a book and asked to find a word in that book. To do it manually would be almost impossible. But if you went into a PDF of the book and used <control F>, you would find all instances of the word quickly and easily. We’re offering security teams that [same kind of automation]. They identify the vulnerabilities, and we offer them a tool to find it in the code.
WWJD: But what’s your search handle, how do you know what to <control F> for?
Jason: The security guys have a book of requirements that they’re working to.
WWJD: And they sleep better at night knowing they’ve thoroughly scanned the design using an automated tool?
Jason: Yes, because we’re giving them a better way to identify an ‘attacker’. Right now in hardware design, they have to climb a wall to find the vulnerabilities. We’re changing that wall to a low bar that’s [far easier to step over].
WWJD: What are two or three things a security team might be looking for in a design?
Jonathan: First, there are a lot of issues related to access. Certain cores shouldn’t be able to access other cores. Then there are issues related to security key management, managing keys in an appropriate way. And in general, there are issues related to trust across the whole system.
WWJD: If this is just about scanning RTL, why wasn’t this process automated 10 years ago?
Jason: [laughing] Many companies bridge hardware and software [in their products], but historically the security professionals were all in software. And there are still a lot of security individuals looking at software. But the trend today is toward more complex hardware, more connected hardware. We have to pay more attention to the hardware itself, because this is where the attackers are now looking.
WWJD: Given the lack of attention to hardware security up to this point, is it basically open season on hardware?
Jason: Yep, and I’m honestly quite scared. We’re working hard trying to solve the problem and there are a lot of other companies who are proactive here, particularly in encryption, but there’s still a lot of work to be done. It’s all very worrying, but we are among those working on the first steps toward [a solution].
WWJD: Who are your competitors?
Jason: Actually, the biggest one is Mentor Graphics, but Jasper also had an app before they were acquired Cadence that could be seen as a competitor. Also, Cryptography Research was bought by Rambus, but they were looking at a different class of attacks. They do have a tool, however, targeted at somewhat the same customers as ours.
WWJD: And who are your customers?
Jason: I can’t name any names, but it’s the semiconductor companies, the SoC guys and the FPGA guys.
WWJD: And your exit strategy? It seems like your technology could be very valuable if brought in-house.
Jason: [laughing] At this point, we’re not looking at being acquired. We’re working to get traction and paying customers. We want to solve problems for our customers, we want to offer technology that will insure basic security, and we want to stop attacks before they happen.