Three-dimensional (3D) integration is a promising technology for designing high-performance, low-power systems by stacking multiple integrated circuit dies and connecting them at the circuit level with conductive posts. Most current efforts are at the electromechanical level of getting 3D to work efficiently and cost effectively.

Circuit-level 3D integration is a promising technology for manufacturing integrated circuits. Two or more chip dies are manufactured separately and then bonded together in a vertical stack. Posts, which can be created before or after bonding, provide connections between selected points in the two circuits and carry power and data between them at high bandwidth and ultra-low latency. “Going vertical” reduces the distance between two points of the combined circuit, allowing more transistors to be placed closer to each other. The reduced global interconnect length, and the option to parallelize communication through the use of parallel posts, provides the means to increase the performance and energy efficiency of the design. In addition, the manufacturing technology of each layer can be optimized for different requirements, e.g., in terms of feature size and verification techniques.

In this work, “computation plane” refers to a commodity processor die, and “control plane” refers to an additional die, containing customized security functions, that is joined to the computation plane. Since the computation plane must be able to function correctly in the absence of the control plane, circuit-level primitives are used in conjunction with the posts for communication between the planes.

The control plane can be fabricated separately from the commodity computation plane, offering several advantages. A different lithography process can be used, depending on performance and economic factors. The control plane can be subjected to more rigorous design and control practices, based on the customer’s needs, than the commodity design of the computation plane. Subsequent security evaluation of the control plane can be independent of the security evaluation of the computation plane. Finally, implementing services in the control plane supports a “layering” design discipline as a way of assuring correct dependencies.

These 3D advantages are leveraged to offer enhanced security in commodity hardware. The basic approach is to slightly modify the design of an existing integrated circuit so that it can accept connections from the control plane, without significantly increasing the complexity or cost of the computation plane. This provides the framework with which the functions, economics, and complexity of security features can be isolated from the underlying computing hardware, and can be managed as customer-selectable fabrication options.

Similar to co-processors, the lineage and developmental assurance of the control plane are also separated from the computation plane. The interface between a processor and a traditional coprocessor is limited to the established I/O buses and ports, and the long distance severely limits bandwidth and latency. On the other hand, with 3D integration, the control plane can observe and modify any element in the computation plane at its native granularity, effectively creating interfaces to the computation plane at the selected points in the circuitry, and the physical proximity can provide much higher bandwidth and throughput to the computation plane than can co-processors.

Five circuit-level primitives are defined for utilizing the conductive posts between the stacked dies. These primitives form the lower-level building blocks of trustworthy 3D design: disabling, tapping, rerouting, inserting, and overriding.

• The disabling circuit can stop a signal in the computation plane from flowing, based on the control plane’s command, which is sent through a dedicated post. • The tapping circuit copies a signal from the computation plane to the control plane. Two posts are needed: one to carry the signal to the control plane and another for the command to connect the signal. • The rerouting circuit combines tapping and disabling so that the original signal only goes to the control plane. Three posts are needed: two for the tapping and one for the disabling. • The inserting circuit carries a signal from the control plane to a circuit on the computation plane. Two posts are needed: one for the signal itself and another for the command to connect the signal. • The overriding circuit combines inserting and disabling, first disabling the original signal in the computation plane and then introducing a new signal from the control plane. Three posts are needed: one for the disabling and two for the inserting.

A component can be no more trusted than the components upon which it depends since the dependency might be unfulfilled at any time. The design paradigm of dependency layering is used in complex systems to prevent looping and to ensure that the most trustworthy components are not undermined through dependence on less trustworthy components, which in the worst case, can reduce the trustworthiness of the entire system to that of the weakest element.

This work was done by Ted Huffmire, Timothy Levin, Michael Bilzor, and Cynthia E. Irvine of the Naval Postgraduate School; Jonathan Valamehr, Mohit Tiwari, and Timothy Sherwood of the University of California, Santa Barbara; and Ryan Kastner of the University of California, San Diego. NRL-0049

Defense Tech Briefs Magazine

This article first appeared in the October, 2011 issue of Defense Tech Briefs Magazine.

Read more articles from this issue here.

Read more articles from the archives here.