Transactions on Cryptographic Hardware and Embedded Systems 2025
BASTION:
A Framework for Secure Third-Party IP Integration in NoC-based SoC Platforms
Francesco Restuccia
University of California San Diego, La Jolla, California, USA
Zhenghua Ma
University of California San Diego, La Jolla, California, USA
Joseph Zuckerman
Columbia University, New York City, New York, USA
Andres Meza
University of California San Diego, La Jolla, California, USA
Biruk Seyoum
Columbia University, New York City, New York, USA
Luca Carloni
Columbia University, New York City, New York, USA
Ryan Kastner
University of California San Diego, La Jolla, California, USA
Keywords: System-on-Chip, NoC-based platforms, Access Control Systems
Abstract
Modern System-on-Chip (SoC) architectures are a complex mix of processors, accelerators, memories, and I/O controllers interconnected by on-chip communication networks. Given the complexity of the computation and the requirements mandated in modern applications, several of these IPs are often outsourced as third-party modules. The integration of third-party modules, however, has been demonstrated to raise severe system-level security concerns – undiscovered vulnerabilities, incorrect firmware configurations, malicious code, and hardware trojans undetected in such IPs can produce leaks of confidential information and compromise the integrity of critical components. These challenges are further intensified when the communication infrastructure lacks robust mechanisms to supervise and monitor the interactions of third-party IPs with the rest of the system. Thus, runtime monitoring and supervising of third-party IPs is a crucial aspect for the system-level security of the entire SoC – the computing modules integrated in the SoC and their communication must behave securely. This paper presents Bastion, an open-source framework designed to support the secure integration of third-party IP modules into SoC architectures based on network-on-chip (NoC) communications, with a focus on providing robust security guarantees for NoC-based open-source hardware platforms. Unlike most previous works, which either focus on design or verification, we address the challenge of securely integrating third-party IPs in NoC-based platforms through a holistic design and verification framework based on three pillars: (i) a high-performance security socket that can be seamlessly integrated into NoC tiles; (ii) secure configuration and management of the security sockets via a Hardware Root of Trust; and (iii) an ad-hoc property-based security verification framework to ensure secure system operation. Bastion is integrated on the popular open-source ESP framework and validated through simulations and FPGA emulation of realistic SoCs. By explicitly targeting open-source platforms and releasing the entire project as open-source, we aim to democratize access to robustly secure application-specific SoC platforms for critical applications and foster further advancements in this domain.
Publication
IACR Transactions on Cryptographic Hardware and Embedded Systems, Volume 2025, Issue 4
PaperArtifact
Artifact number
tches/2025/a54
Artifact published
January 30, 2026
Badge
✅ IACR CHES Artifacts Functional
Some files in this archive are licensed under a different license. See the contents of this archive for more information.
Note that license information is supplied by the authors and has not been confirmed by the IACR.
BibTeX How to cite
Francesco Restuccia, Zhenghua Ma, Joseph Zuckerman, Andres Meza, Biruk Seyoum, Luca Carloni, Ryan Kastner. (2025). BASTION: A Framework for Secure Third-Party IP Integration in NoC-based SoC Platforms. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2025(4), 317–340. https://doi.org/10.46586/tches.v2025.i4.317-340. Artifact at https://artifacts.iacr.org/tches/2025/a54.