Alumni-led company Tortuga Logic releases toolkit to transform hardware systems developers' approach to security
From left: Tortuga Logic co-founders Jason Oberg, UC San Diego computer science professor Ryan Kastner and Jonathan Valamehr.
San Diego, Calif., May 18, 2015 -- Tortuga Logic, a company co-founded by Ryan Kastner, a professor of computer science at the University of California, San Diego, computer science Ph.D. alumnus Jason Oberg and former postdoctoral researcher Jonathan Valamehr, released May 14 a comprehensive toolkit aiming to transform the way hardware designers and system architects test the security of hardware designs.
"The semiconductor industry needs to redirect its attention from only analyzing software vulnerabilities to identifying ways to detect security issues in hardware designs," says Oberg, co-founder and chief executive officer of Tortuga Logic. "As more and more devices are designed to be Internet enabled, the more we need to be concerned about hardware security. Hackers are focusing now on hardware."
Tortuga Logic is part of the emerging Design-for-Security market. Its goal is to solve security-specific problems, minimizing security breaches in hardware and systems by automating the process of verifying their security properties. The toolkit, called the Prospect Hardware Security Design and Analysis Toolkit, is able to uncover hidden bugs and prove the absence of vulnerabilities in hardware designs.
The Security Market
Cisco predicts that 50 billion devices, such as automobiles, consumer electronics, medical devices and wearables, will be connected to the Internet by 2020, many potentially susceptible to cyberattacks.
Current security analysis software tests embedded software, assuming the hardware is secure. But it may not be. Typical security practices for hardware design consist of manual code review, where security engineers sift through thousands of lines of code written by a separate hardware design team to find security vulnerabilities. If a security issue is found, the hardware design team makes changes and the cycle repeats, an unreliable design and review process that does not scale.
Without building security into the hardware from the beginning, it is not possible to build a secure system. Moreover, many of the security properties built into the hardware eliminate an enormous class of software-based attacks.
How it Works
The Tortuga Logic toolkit performs hardware security analysis, automating the process and enabling it to scale. The result is hardware that is safer and less vulnerable to cyberattacks.
The toolkit’s patented technology defends against specific types of hardware attacks that other software does not. It analyzes security vulnerabilities of hardware designs written in hardware description languages (HDL) such as SystemVerilog, Verilog and VHDL. It checks the design and ensures that confidentiality and integrity properties are being enforced.
It proves that sensitive information, including passwords, encryption keys and biometric data such as fingerprints, will only travel to parts of the system designated as "trusted," preserving confidentiality. It can prove functional isolation from critical and non-critical components to ensure integrity and safety.
The toolkit reads an HDL description of the design and performs a thorough analysis to uncover a broad range of vulnerabilities. It does so by automatically generating System Verilog assertions and instrumentation from a high-level description of the security properties. This information is passed to an integrated formal verification platform, included as part of the toolkit, which performs an exhaustive proof evaluation. Issues can be debugged using a specialized graphical user interface and generated counter examples.
The toolkit leverages 360(TM) DV Verify from OneSpin Solutions as its formal platform, and is versatile and able to operate with other formal tools. Prospect is shipping now. Pricing is available upon request.
Introducing Tortuga Logic and its Founders
Tortuga Logic, founded in 2013 and headquartered in San Diego, Calif., derives its name from the Spanish word for turtle, Tortuga. A turtle has a hard, impenetrable shell, which is what hardware should have in today's world, Oberg and his co-founders believe.
In addition to Kastner, Oberg and Valamehr, founders also include Tim Sherwood, a professor in the department of Computer Science at UC Santa Barbara, specializing in the development of novel computer architectures for security, monitoring, and control.
Kastner is a professor in the Jacobs School of Engineering at UC San Diego. His research focuses on computer system design with a focus on critical and real-time applications.
Oberg developed much of the company's intellectual property as part of his Ph.D. thesis at UC San Diego. He holds a bachelor’s of Science degree in Computer Engineering from UC Santa Barbara, and master’s of Science and Ph.D. degrees in Computer Science and Engineering from UC San Diego.
Valamehr was formerly a computer architect, and leveraged emerging technologies and cross-disciplinary tools to build secure, high-speed microprocessors. He received Ph.D., Master’s and bachelor’s degrees in Electrical and Computer Engineering from UC Santa Barbara.
Tortuga Logic is a member of the EvoNexus technology startup incubator founded in 2009 by former Peregrine Semiconductor's Rory Moore. Tortuga Logic's funding comes from angel investors and the National Science Foundation's Small Business Innovation Research (SBIR) program.
Tortuga Logic acknowledges trademarks or registered trademarks of other organizations for their respective products and services.