Security issues relating to computer systems have become an ever increasing problem. Viruses, malware, and the like are common threats. Antivirus and other security software are used to address such security attacks, which are targeted at the software level. Although less common, security attacks can also be made at the hardware level. However, there is no equivalent to security software to prevent access to system-level hardware resources and assets, such as configuration registers, range registers, and the like. As a result, system architects design in various hardware- and firmware-based security measures for controlling access to important system resources. This is typically done on a per-system basis, leading to replication of design, debug, and validation work and inconsistent management of security across system designs.
Ever increasing numbers of semiconductor chips are formed as system-on-chips (SoCs). Logic blocks, often referred to as an intellectual property (IP) block, developed for SoCs are built such that they can be reused in multiple products. Access control requirements for protecting assets within the IP block are determined when that IP block is integrated into a particular SoC. For example, the access control requirements vary depending on whether the SoC is incorporated into a smartphone or a netbook platform.
Supporting access control in an IP logic block dictates that the block be able to evaluate security attributes in an incoming transaction and enforce the specified access control policy to permit or deny access to assets within the IP block. For an IP block having a simple interface, access control policy may be implemented as a wrapper external to the IP block. However, for more complex IP blocks, e.g., according to a credit-based interface that tracks requests and responses, incorporating such a wrapper can be non-trivial.