International Association for Cryptologic Research

International Association
for Cryptologic Research

Transactions on Cryptographic Hardware and Embedded Systems 2025

BASTION:

A Framework for Secure Third-Party IP Integration in NoC-based SoC Platforms


Francesco Restuccia
University of California San Diego, La Jolla, California, USA

Zhenghua Ma
University of California San Diego, La Jolla, California, USA

Joseph Zuckerman
Columbia University, New York City, New York, USA

Andres Meza
University of California San Diego, La Jolla, California, USA

Biruk Seyoum
Columbia University, New York City, New York, USA

Luca Carloni
Columbia University, New York City, New York, USA

Ryan Kastner
University of California San Diego, La Jolla, California, USA


Keywords: System-on-Chip, NoC-based platforms, Access Control Systems


Abstract

Modern System-on-Chip (SoC) architectures are a complex mix of processors, accelerators, memories, and I/O controllers interconnected by on-chip communication networks. Given the complexity of the computation and the requirements mandated in modern applications, several of these IPs are often outsourced as third-party modules. The integration of third-party modules, however, has been demonstrated to raise severe system-level security concerns – undiscovered vulnerabilities, incorrect firmware configurations, malicious code, and hardware trojans undetected in such IPs can produce leaks of confidential information and compromise the integrity of critical components. These challenges are further intensified when the communication infrastructure lacks robust mechanisms to supervise and monitor the interactions of third-party IPs with the rest of the system. Thus, runtime monitoring and supervising of third-party IPs is a crucial aspect for the system-level security of the entire SoC – the computing modules integrated in the SoC and their communication must behave securely. This paper presents Bastion, an open-source framework designed to support the secure integration of third-party IP modules into SoC architectures based on network-on-chip (NoC) communications, with a focus on providing robust security guarantees for NoC-based open-source hardware platforms. Unlike most previous works, which either focus on design or verification, we address the challenge of securely integrating third-party IPs in NoC-based platforms through a holistic design and verification framework based on three pillars: (i) a high-performance security socket that can be seamlessly integrated into NoC tiles; (ii) secure configuration and management of the security sockets via a Hardware Root of Trust; and (iii) an ad-hoc property-based security verification framework to ensure secure system operation. Bastion is integrated on the popular open-source ESP framework and validated through simulations and FPGA emulation of realistic SoCs. By explicitly targeting open-source platforms and releasing the entire project as open-source, we aim to democratize access to robustly secure application-specific SoC platforms for critical applications and foster further advancements in this domain.

Publication

IACR Transactions on Cryptographic Hardware and Embedded Systems, Volume 2025, Issue 4

Paper

Artifact

Artifact number
tches/2025/a54

Artifact published
January 30, 2026

Badge
IACR CHES Artifacts Functional

README

ZIP (21473466 bytes)  

View on Github

License

Some files in this archive are licensed under a different license. See the contents of this archive for more information.

Note that license information is supplied by the authors and has not been confirmed by the IACR.


BibTeX How to cite

Francesco Restuccia, Zhenghua Ma, Joseph Zuckerman, Andres Meza, Biruk Seyoum, Luca Carloni, Ryan Kastner. (2025). BASTION: A Framework for Secure Third-Party IP Integration in NoC-based SoC Platforms. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2025(4), 317–340. https://doi.org/10.46586/tches.v2025.i4.317-340. Artifact at https://artifacts.iacr.org/tches/2025/a54.