It can be highly challenging to validate a system against security policies, or to update system-level security requirements during operation in field e.g., in response to changing customer needs. To exacerbate the issue, security policies are rarely specified in any formal, analyzable form. Some policies are described in natural language in different architecture documents, and many remain undocumented. Implementing, updating, and analyzing diverse SoC security policies can be daunting. Traditional implementations are often ad-hoc, lack a systematic process, and can impose a significant costs, energy, and area overhead, and do not provide system-on-chip (SoC) security architectures with built-in resilience against unauthorized access to diverse security-critical assets inside SoC (e.g., keys for cryptographic operations, digital right management keys, programmable fuses, sensitive user data etc.).