EDMD

In an era where technology permeates every aspect of our lives, the semiconductor industry serves as the backbone of innovation. From IoT devices to data centers, every piece of technology relies on integrated circuits (ICs) such as intellectual property (IP) cores and system on chips (SoCs). As these technologies become increasingly pervasive, the importance of hardware security assurance in the design and development of IP and SoCs cannot be overstated. Evolving cyber threats and sophisticated attacks make it essential for vendors to integrate advanced security measures into their workflows.Market Pressures Driving Demand for Enhanced Hardware Security The semiconductor market is projected to reach $1 trillion by 2030. At the same time, semiconductor devices and system designs are becoming increasingly complex. With that complexity comes the added difficulty and effort required to conduct thorough security analyses. Additionally, competitive pressure to reduce time-to-market means that vulnerabilities can be more easily overlooked or exploited, making it crucial for the industry to adopt automated security solutions. As more products are deployed in critical systems, from consumer electronics to national infrastructure, the stakes become even higher, underscoring the necessity for robust security measures.According to the SEMI Electronic Design Market Data (EDMD) report, in 2023, the electronic design automation (EDA), semiconductor IP, and related services market reached $17.1 billion, fueled by the increasing complexity of semiconductor designs and the growing emphasis on security. While the overall EDA market is growing at a 7.4% compound annual growth rate (CAGR), the semiconductor IP segment is expanding at 9.7%, and in comparison, the logic verification tools market alone is surging ahead at 24.2%. Deeper verification processes and tools are needed to not only handle the rising complexity of semiconductor designs, but also to support the growing emphasis on secure-by-design principles to ensure robust and reliable products in an evolving technological, security, and threat landscape. As a result, the market for logic verification tools — a key component of the EDA market — is surging. The Rising Cost of Cyber Threats from Data Breaches and Architectural Flaws Pavani Jella, Silicon AssuranceThe average cost of a data breach is $4.88 million1, encompassing lost business, regulatory fines, legal fees, and damage to brand reputation. As the semiconductor market grows, the potential financial impact of security breaches due to hardware vulnerabilities also escalates. Companies must invest in robust security measures to mitigate these risks and protect their financial health.Cyber threats from the exploitation of architectural flaws are another threat. Plundervolt is one example of an architectural flaw that could lead to hardware exploitation. Discovered by ethical hackers, Plundervolt is the name of an attack that exploited voltage fault injection to compromise the security of Intel processors. By manipulating the voltage supplied to the CPU cores, attackers could induce errors in the SGX enclave, allowing them to leak sensitive data or even bypass security protections intended by the enclave. This flaw was particularly concerning because it operated at the hardware level, making traditional software security measures ineffective. The attack leveraged the SoCs’ power management features, specifically dynamic voltage and frequency scaling (DVFS), to achieve its malicious objectives.Exploiting such a vulnerability could lead to the exposure of sensitive data, such as cryptographic keys and proprietary information, compromising the confidentiality of secure enclaves. This breach could erode trust in an IP or SoC provider’s security features, particularly in environments that rely on using the IP or SoC for protecting critical data. In cloud environments, a successful exploit could result in multi-tenant data breaches, impacting numerous users.The vulnerability also poses risks to secure applications, potentially leading to manipulated outcomes and decrypted communications. Businesses could face significant financial losses, operational disruptions, and regulatory consequences due to such an attack. It is a stark reminder of how architectural flaws in SoCs can be exploited, leading to severe security breaches that are challenging to mitigate without hardware-level fixes.Industry Believes Hardware Security Assurance Is a Key Priority A majority of security professionals from a diverse group across industry, defense, government, and academia rate hardware Trojan detection, IP piracy protection, and SoC vulnerability assessment as high priorities. This prioritization reflects the industry's awareness of the critical importance of security measures in maintaining the integrity and reliability of semiconductor products.As a result of this awareness, investments in cybersecurity are expected to reach $345.4 billion by 2026, growing at a CAGR of 9.7%2. This substantial investment demonstrates the global commitment to enhancing security measures across all industries, including semiconductors, to combat the escalating threat landscape.New EDA Tools and Investments Needed to Combat Cyber Threats The adoption of new EDA solutions is essential, despite the initial costs. Costs can range from $100,000 to $1 million per license for general EDA design and verification tools, depending on the complexity and capabilities of the software. Pre-silicon security EDA tools can detect vulnerabilities early in the design phase, significantly reducing the risk of exploitation and the need for costly post-production fixes while enhancing product reliability. Secure-by-design principles ensure that security measures are integrated throughout the development process, rather than added as afterthoughts.Integrating these new tools also requires investment in training and potential adjustments to existing workflows. However, the improved security and efficiency provided by these tools can offset these initial costs.While the costs of acquiring advanced EDA tools and deploying them in the workflow is significant, the investment is justified by the long-term benefits of enhanced security and reduced risk of costly breaches. Secure-by-design practices can prevent significant financial losses from security breaches, offering substantial long-term savings. Companies that invest in robust security measures are better positioned to demonstrate market leadership and build customer trust and loyalty, while avoiding the reputational and financial damage associated with breaches.ConclusionThe semiconductor industry is at a critical juncture where the application of advanced EDA solutions for hardware security is not just beneficial, but essential. The time to act is now.The increasing sophistication of cyber threats and the financial repercussions of security breaches make it imperative for IP and SoC vendors to adopt advanced EDA security assurance solutions to secure their designs. By investing in cutting-edge EDA tools and prioritizing security from the earliest stages of design, vendors can safeguard their products, maintain market competitiveness, and protect against the ever-evolving landscape of cyber threats.References1. IBM Cost of a Data Breach Report 20242. KPMG 2024 Global Semiconductor Industry OutlookPavani Jella is the Vice President of Business Development at Silicon Assurance, a member of the Electronic System Design Alliance (ESDA) a SEMI Technology Community. Silicon Assurance specializes in hardware security assurance solutions. With a strong background in the semiconductor and EDA industries, Pavani plays a pivotal role in driving strategic growth and fostering innovative partnerships. Passionate about the intersection of technology and security, she helps organizations adopt state-of-the-art solutions that ensure the resilience and trustworthiness of their hardware systems.

Executive Advisor Jeff Lewis held the position of Vice President of Marketing and Business Development for Artisan Components, one of the early companies developing blocks of intellectual property. Lewis, who worked at Artisan from 1996-2000, and his colleagues were members of an elite group who built the mega-successful IP market, estimated today at $7.48 billion. Arm acquired Artisan Components in 2004 for $913 million.In my role as Executive Director of ESD Alliance and publisher of the quarterly Electronic Design Market Data (EDMD) report that includes IP, I recently talked with Lewis about what he remembers from the early days of IP.Smith: You were part of the IP revolution. What were the high points and low points that you most remember? Lewis: The high point was starting with a relatively blank slate and innovating. Some things worked, some didn't. We kept trying different things and seeing what would work with plenty of failed tries, successes, and repeats. We got a chance to be on the ground floor of a new industry. Another high point was watching this nascent industry emerge into a powerhouse. In the ‘90s, EDAC (Electronic Design Automation Consortium, the predecessor to the ESD Alliance) wasn't interested in tracking IP. As the IP market started growing, EDAC was all over it because it helped pump up the size of the electronic design automation (EDA) industry. Suddenly, IP had become a big enough industry that people were starting to care. And of course, there were successful public companies like Arm, Rambus, Artisan, and others licensing IP. It was fun being part of that.The low points were the hard part. While everything was new for us, it was also new for customers. They had intense resistance to licensing IP that many viewed as product development. They would want the IP company to develop something under a consulting or NRE contract, and then they would own the product and all the IP around it. They wanted to own everything. Many companies had that mentality in the early days and were resistant to licensing or paying royalties.As a side note, Gary Smith, former analyst for Dataquest, now Gartner Group, who died in 2015, and I had an ongoing debate. We went to lunch quite frequently and he would say, “IP is great, but you aren't IP. You are a standard cell, and it is not IP.” It was one of his standard statements.He would make various presentations, and I would argue: “You can't think of it as a cell, think of it as an entire library. It's an entire library with all the design views, layouts, test and qualification data, and everything else. That’s intellectual property. Plenty of intellectual property goes into developing it.”He eventually changed his mind and agreed when he saw the revenue and the value –– IP companies do it better and cheaper than in-house development.A final high point was getting the idea and value of IP across to customers. Smith: At what point did people start to believe IP was a real market and they could trust a vendor? Lewis: I don't know if there was an inflection point. More and more people started getting used to the idea that IP was an industry. Arm was probably the major catalyst. Artisan had two different engagement models. One was the integrated device manufacturer (IDM) model. Mark Templeton, co-founder and CEO of Artisan who died in 2016, and Lucio Lanza, Managing Partner of Lanza techVentures and Artisan’s Chairman, are credited with developing the royalty model and the intellectual property category. They drove it with the IDM model. Executive Advisor Jeff LewisCustomers knew they were paying for a license, understood the terms and became both the licenser and the user of this technology. It was different when Artisan went to the foundry model, which extended the IDM model to the rapidly growing foundry space. In this model, Artisan had the ability to widely disseminate its IP to all the foundry customers for free. However, calling it a “free library” is a misnomer, because often overlooked in this process is that the foundry paid up front for every one of those libraries, and it also paid a royalty on each design that used them. Artisan was profitable from day one by building a library or memory compiler. The engagement model was one where Artisan could proliferate these to the foundry’s users. They would get the library, and the royalty would come from the foundry. Users were beneficiaries – they had a simple license agreement, but unless they needed some customization, they weren't writing checks to Artisan.From the user’s perspective, it was great. They got free libraries and IP. That helped open people’s eyes to the model that could be a good thing. Artisan had 1,000 users at one point, and it helped drive the proliferation of IP use in the industry.Smith: Is that foundry model still in place? Lewis: Largely, yes, with some exceptions because foundries have a standard library that can be used. They have some specialized IP that customers license. While there are variations, foundries provide libraries to their customers. TSMC has engineers developing libraries for its own processes. For a long time, Artisan was the standard IP provider for most of the foundries. Smith: How did companies overcome verifying and testing IP? Were engineers skeptical about buying from an unknown/unproven company? Lewis: This is an important and critical question. Engineers were skeptical about buying from an unknown or unproven company. Artisan’s library quality was our biggest selling point, and it was the same with Arm and Rambus. Size and reputation were a huge advantage.The key was to have a major win that demonstrated your bona fides, and our biggest early win was our work on the Sony PlayStation. At that time, LSI Logic was developing the chips for the PlayStation, but was looking to outsource some of the critical blocks, such as the embedded SRAMs. Sony engineers were nervous and wanted to meet the IP companies to see what they were doing, because the fate of their chip was resting on these little companies. Artisan developed high-performance embedded SRAMs that replaced the existing LSI SRAMs. Our memories were about half the size of the LSI SRAMs, higher performance, and worked the first time.What’s instructive is how Artisan later got the foundry relationships going and sold libraries. Enabling first-time success is a quality argument, because the design would work the first time. At that time, almost every foundry library had bugs in them that caused silicon failures after tape-out. Our primary argument to engage foundries was our impeccable QA story. We had customer testimonials confirming that the foundries would not have library-related failures. When foundries scheduled a volume like a PlayStation ramp, they couldn’t afford a production “bubble” or “hole” in their production schedule from a library bug causing a chip not to work and requiring a re-spin.That's why the argument on quality and first-time success was critical to TSMC.One more thing on quality, and this ties specifically to Artisan and almost all IP companies. Any company that focuses on a mass proliferation model must ensure their product has no quality problems. Mass proliferation needs to be as low touch as possible, so engineers can use it without constantly calling for support. Quality is an absolute fundamental before mass distribution, because the fastest way to go bankrupt is to massively proliferate a faulty product. Smith: According to the EDMD report two years ago, IP surpassed front-end EDA tools as the highest category. Are we now shifting into a world where IP in the form of chiplets may become the dominant player? Lewis: I think the shift is coming. These are different incarnations of Moore's Law and the Carver Mead-structured VLSI. Sometimes the structure may be a chiplet, or the structure may be embedded.Is it virtual or is it actual? Engineers will make tradeoffs with pros and cons of embedding it or keeping it separate. The deciding factor is which silicon process is best and how it will be implemented. The SEMI EDMD report’s tracking of the Semiconductor Intellectual Property (SIP) and its rise to one of the market’s leading category. Smith: You worked for several IP companies that were offering process-related IP. That's a completely different type of market selling cycle, correct? Lewis: It is, because I focused on technology licenses for manufacturing processes, as opposed to the much more understood design IP that was developed for the existing manufacturing processes. Getting inserted into a company’s manufacturing process is much more difficult and challenging.If a company is licensing a technology that modifies the front-end process, then the process parameters will change, presumably for the better. The re-optimization can be like whack-a-mole. While some parameters get better, some may get worse, and further re-optimization can be required. This can go through several cycles until the process converges. This also means that all existing IP must be recharacterized and/or redesigned, which is why it is best to insert a new technology at the beginning of the node development rather than as a retrofit.Adding new process technologies is inherently difficult unless it’s a separable piece. For example, many new memories such as ReRAM or MRAM are licensed technology and separable, because they are set up separately in the metal stack. They don't touch the transistors.For a long time now, companies have been able to pick and choose whether to do in-house development or procure design IP from a third party. We're now starting to see the same thing in process development, because they are getting so complex, and no one can be an expert in all areas. I see process IP as paralleling the early days of design IP, but with a 30-year delay. Back then, most customers were reluctant to procure design IP because they felt: “We can do it all in-house.” Almost no one says that today, and I think this gradual acceptance will apply to process IP as well.Smith: Should Mark Templeton be considered the innovator and creator of the IP industry? Lewis: I’m not sure there’s anything I can say about him that hasn’t been said already. He was a great guy and an important thinker. I credit him for doing an excellent job crafting a successful company. And, of course, Lucio Lanza was absolutely instrumental as well. He pushed Artisan to do royalties, and Mark helped drive it to fruition.About Jeff LewisJeff Lewis is one of the pioneers of the semiconductor IP industry, participating since its inception in the mid-1990s. Lewis is currently Executive Advisor for senior management and investors for semiconductor and AI companies. He was previously an operating executive serving as Senior Vice President of Business Development and Marketing at Atomera Incorporated, Spin Transfer Technologies, SuVolta Inc., and Innovative Silicon Technologies, and held operating roles at Synopsys, VLSI Technology, and HP. Lewis earned an MBA from the UC Berkeley Haas School of Business, and has a bachelor’s degree in electrical engineering, and a bachelor’s degree in economics from UC Berkeley.Robert (Bob) Smith is Executive Director of the ESD Alliance, a SEMI Technology Community.