2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) 2020
DOI: 10.1109/host45689.2020.9300272
|View full text |Cite
|
Sign up to set email alerts
|

ReGDS: A Reverse Engineering Framework from GDSII to Gate-level Netlist

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
14
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
7
1
1

Relationship

0
9

Authors

Journals

citations
Cited by 33 publications
(14 citation statements)
references
References 21 publications
0
14
0
Order By: Relevance
“…To obtain a flat netlist, the wires between standard cells are identified by connecting overlapping conductive patterns (i.e. VIAs, wires, and contacts) [12]. The rerouted flat netlist is the final step of the physical RE process RR FN .…”
Section: B Physical Re -Packaged Ic To Netlistmentioning
confidence: 99%
“…To obtain a flat netlist, the wires between standard cells are identified by connecting overlapping conductive patterns (i.e. VIAs, wires, and contacts) [12]. The rerouted flat netlist is the final step of the physical RE process RR FN .…”
Section: B Physical Re -Packaged Ic To Netlistmentioning
confidence: 99%
“…Even if all EDA tool computations were to be performed in such a trusted environment, the result of the hardware design flow is either a bitstream file that configures an FPGA or a layout description for an ASIC. Crucially, both a bitstream [53, 56,59] and a layout [47] contain all information about an IP core as they are simply a different gate-level netlist representation. A determined adversary can extract the high-level functionality of an IP core through netlist analysis [2,39,40,52].…”
Section: B Thoughts On Ip Protection In Practicementioning
confidence: 99%
“…The adversary already possesses the first two, but must generate the third and estimate the fourth input. A gate-level netlist can be extracted from the victim's layout [22], while the timing constraint can be estimated to a certain degree. Our proposed trojan insertion framework is shown in Fig.…”
Section: Threat Model and Attacker Capabilitiesmentioning
confidence: 99%
“…Netlist extraction: since the attacker only holds the layout, a gate-level netlist has to be extracted. Such effort is considered a trivial task for an expert IC designer, demonstrated in [22]. Frequency estimation: the attacker has to estimate the operating frequency of the target circuit by performing static timing analysis on the extracted gate-level netlist.…”
Section: A Side-channel Trojan Designmentioning
confidence: 99%