FPGAs are used pervasively throughout DoD systems. Representing 33% of DoD microelectronics expenditures FPGAs are devices, whose creation is overseen by fabless semi-conductor companies, who use a global ecosystem to create, manufacture, and supply them. Modern FPGA complexity continues to increase with each new generation as vendors add new and/or more complex ‘hard’ IP cores to satisfy demands for greater compute capabilities (BRAM, DSP, Transceivers, AI). To mitigate fabrication risks within ‘hard’ IP, it is common for FPGA vendors to include functionality that is not disclosed to the end user for self-test, advanced proto-typing, cost savings, and to hide errata.

However, these undocumented features can be exploited as hardware trojans during either design or runtime. Undocumented functionalities are not included in current security models and breaks fundamental assumptions of security tools. Existing SOTA design integrity tools only check for hardware trojans in the bitstream design. Hardware imaging techniques (i.e. those created during DARPA Trust and IRIS programs) do not capture the effects of bitstream configuration.

BRACE seeks to assure undocumented IP features in FPGAs are not active within a design by identifying undocumented operating modes and preventing their activation during design time and runtime after deployment. BRACE performs independent static bitstream checks prior to bitstream loading and monitors IP control inputs to assure that undocumented features are not activated during runtime. BRACE provides algorithms to translate vendor functionality into a database of undocumented states for each device creating an intelligent rule set capturing dependencies of undocumented states between control signals and configuration bits.  Lightweight static checking is performed either during design time or during device load and advanced reporting capabilities provide complete traceability from illegal bits to the design level instances and attributes which originally invoked the setting.