1. Field of the Invention
The present invention relates generally to the field of electronic and logic circuits, in particular integrated electronic circuits such as application-specific integrated circuits (ASICs) or field programmable gate arrays (FPGAs) and, more specifically, to a method and circuit arrangement for protecting integrated circuits, such as ASICs, FPGAs, particularly in the form of system-on-chip devices, against scanning of an address space, which integrated circuit comprises at least one master device, at least one slave device and a bus system for a connection between master device and slave device where accesses between the master device and slave device occur via the bus system using an address from the address space, and where the address space is allocated or used in accordance with the intended functions of the integrated circuit.
2. Description of the Related Art
Today, particularly in computer technology, every kind of electronic system is based on logic circuits or electronic circuits, which are often implemented as what are known as integrated (electronic) circuits (ICs). Integrated electronic circuits consist of an electronic circuit composed of interconnected electronic components and accommodated on a single substrate, usually a semiconductor substrate. An integrated electronic circuit generally comprises a large number of different components and connecting conductor tracks on/in a semiconductor substrate or single-crystal substrate, i.e., the chip. This integration has made it possible to provide and implement technically a large range of applications and functions in a small space and, hence, to reduce the size of the circuits considerably for use in, for instance, mobile devices, Subscriber Identity Module (SIM) cards, Radio Frequency Identification (RFIDs), smartphones and many other electrical and/or electronic devices.
If such integrated electronic circuits are created for specific applications, then they are known as application-specific integrated circuits (ASICs). The functions of an ASIC are explicitly specified during design, development and fabrication and hence permanently defined. In other words, it should no longer be possible to modify the specified functions. There are, however, numerous ASICs in which microprocessors, signal processors etc. are integrated, thereby allowing a certain amount of flexibility to be achieved by applications running therein in the form of software.
Field programmable gate arrays (FPGAs) are another form in which integrated electronic circuits are used. In these devices, a logic circuit can be programmed by defining function structures and, by specifying configuration rules. This involves using a hardware description language or circuit diagrams, for instance, to create circuit structures in an FPGA and then downloading this data for configuring the FPGA to the chip. Unlike ASICs, this programming allows different circuits to be implemented in one FPGA, i.e., the circuit in an FPGA, for instance, can also be modified by a user, or implemented functions can be changed, improved or expanded at a later point in time. FPGAs are used, for example, to implement devices ranging from simple synchronous counters to highly complex circuits, such as microprocessors. Thus, the function of the FPGA is defined by the particular configuration downloaded to the chip.
Thanks to continued miniaturization and a constantly increasing level of integration, entire systems comprising, for instance, processors, controllers, memory modules (e.g., ROMs, or RAMs) power management and other components, are now accommodated on one chip or die. Such systems are also referred to as a system on chip (SoC). These system-on-chip devices are mainly used in applications in which small dimensions are required together with relatively high performance and a range of functions (e.g., mobile communications sector, smartphones, or embedded computers). With a system on chip, all or most of the functions of the system, for instance in the form of hardware components (e.g., physical components, processor units, memory devices, or input/output devices) and/or software components (e.g., software applications, or programs), are accommodated in an integrated electronic circuit on one chip, with the system components being connected via mostly hierarchical or at least segmented bus systems.
What is known as the master/slave model is often used for organizing and distributing functions, such as accesses and tasks, between the functional units or components in complex integrated circuits, in particular in a system on chip. In this model, the various tasks are distributed between higher-level components, the “master” devices, devices such as processor units, or controllers, and lower-level components, the “slave” devices, (e.g., memory devices, input/output devices, or special processors), and accesses to shared resources (e.g., bus systems, or memory devices) are organized in a controlled manner. A master/slave model is used, for example, when one or more components or master devices assume control of other components or slave devices, or when accesses, such as access to the bus system or memory devices, need to be controlled.
With integrated electronic circuits such as ASICs, or FPGAs, and, in particular, with system-on-chip devices, there is frequently a large dependency between the data to be processed, allocation of address areas in an address space, by which, for instance, accesses to memory devices and thereby to hardware and/or software components are defined, and the functions and applications implemented in the circuit. By knowing this information (e.g., where, in the address space, e.g., data or software components such as program codes, are located which address areas of the address space are unused for instance, etc.), it is possible to infer, for instance, the functions and the configuration of the circuit and hence, for example, to perform targeted hacker attacks to compromise and/or tamper with the circuit or to gain access to required and/or protected data.
Integrated electronic circuits may have, for example, safety and/or security functions as software components, which protect the circuit concerned from unauthorized accesses, or tampering, for instance, in particular during operation. These functions, however, are not enabled for ongoing operation until a start-up procedure or boot-up stage for the circuit. The integrated electronic circuit, itself as an electronic chip normally, is not equipped with functions for protecting the circuit from attacks, such as attacks made by programs loaded externally onto the circuit chip (e.g., malware), or from spying or scanning of the address space (e.g., of processors embedded in the circuit, or address mappings in the bus system). Here, an address space of the circuit denotes a set of addresses, such as for accesses between components of the circuit (e.g., master devices, or slave devices), which can each be addressed explicitly and in a standard manner. Knowledge of used and unused addresses in the address space of the circuit, for instance, can thus be employed for what is known as reverse engineering. When scanning the address space of the circuit, successive write and/or read accesses to consecutive addresses are used, for example, in an attempt to draw conclusions about an inner life, i.e., about the configuration and functions, of the circuit. The information gathered from the scan, such as information about the usage of the address space, can then be used, for example, for targeted hacker attacks, for unauthorized reverse engineering of the existing circuit and/or for gaining access to sensitive data in the circuit.