ISPD22 Contest: Security Closure of Physical Layouts
====================================================

This benchmark folder is part of the ISPD22 contest. Please see https://wp.nyu.edu/ispd_22_contest/ for more details.

Use of a Linux OS is highly recommended, as this benchmark folder is part of a ZIP file that makes use of symbolic
links as generated by Linux. In case you are using some different OS, these links might well be broken.

Type of benchmark:
------------------
Final-round benchmark -- same benchmark as used in alpha round

Scoring:
--------
- In general, see details at https://wp.nyu.edu/ispd_22_contest/evaluation/#scoring
- See reports/scores.rpt for the metrics and score details.
	- Note that these are baseline scores, i.e., any submission with the very same layout implementation as the
	original benchmark would achieve the same scores.
	- The overall score is listed toward the end, labelled as ``OVERALL''. All intermediate score components as
	well as the underlying metrics' values are also listed.
	-Also note that the overall scores differ across benchmarks; depending on the metrics' values, overall scores
	may be 1 or <1. In any case, again, these are the baseline or reference scores.

Design parameters:
------------------
- Timing:
	- Constraint: 10ns
	- Other parameters as provided in specific design.sdc and generic mmmc.tcl files
- Library:
	- Nangate 45nm Open Cell Library
	- Metal stack limited to metal1--metal6
	- Slow corner
	- Make sure to use the provided Nangate files:
		- NangateOpenCellLibrary.lef -> ../__Nangate/NangateOpenCellLibrary_metal1--metal6.lef
		- NangateOpenCellLibrary.lib -> ../__Nangate/NangateOpenCellLibrary_slow_ccs.lib
- Design quality:
	- See related reports/*.rpt files.

Security:
---------
- Reports
	- See reports/exploit_regions.rpt for details on placement sites and routing resources for exploitable
	regions.
	- See reports/cells_ea.rpt and reports/nets_ea.rpt for details on exposed areas of cell and net assets.

- Cell assets
	- 1886 (out of 12682 cells in total; ratio of 14.87%)
	- All cell assets relate to the DEF file.
	- See cells.assets for full list.
	- See snapshots/cells_assets.gif for an overview on cells assets highlighted (using Cadence Innovus 17.12).

- Net assets
	- 1919 (out of 13050 nets in total; ratio of 14.70%)
	- All net assets relate to the DEF file.
	- See nets.assets for full list.
	- See snapshots/nets_assets_wo_routing.gif for nets assets highlighted w/o metal layers (using Cadence Innovus
	17.12).
	- See snapshots/nets_assets_w_routing.gif for net assets highlighted w/ metal layers (using Cadence Innovus
	17.12).
	- See reports/cells_ea.rpt and reports/nets_ea.rpt for details on exposed areas of cell and net assets.

- See snapshots/exploit_regions.{svg|png} for detailed plots of the cell assets (in blue), regular cells (in grey),
and placement sites of exploitable regions (in red).

	- Recall that exploitable regions are of interest to an attacker for both Trojan insertion and Trojan routing.
	The criteria to derive regions is based on hypothetical insertion of a most simple NAND-gate Trojan such that
	timing (considering wire and pin cap approximations) would still be met for all the paths related to the cell
	asset on which the exploitable region is centered. However, these details are not illustrated here. See also
	https://wp.nyu.edu/ispd_22_contest/evaluation/#scoring for details on exploitable regions.

	- Placement sites may be part of multiple exploitable regions. Thus, for visualization, the darker the red
	shade of some sites, the more often these sites are included in the exploitable region of some assets (and the
	more interesting these sites are potentially for an attacker, and the more relevant some closure efforts would
	be for these sites).

	- Note that, by definition, each region must contain at least consecutive 20 sites in horizontal and/or
	vertical direction. Such assumption is practical (as an attacker needs at least some sites for placement and
	routing) but also simplified as follows.
		- Depending on the layout, these 20+ sites may be largely arranged vertically, i.e., across rows,
		which would be more difficult to exploit for Trojan insertion, but is still relevant, e.g., for
		routing of Trojans. These 20+ sites may also be arranged in any other polygon shape.
		- The selection of continuous sites is strictly related to the current layout -- it does not account
		for the fact that an attacker might easily shift or rearrange nearby cells to further extend the
		number of continuous sites. However, once such shift/rearrangement occurs (during your closure
		efforts), a subsequent re-evaluation would, of course, account for those larger regions -- you want to
		be aware of that for your closure efforts.

	- See reports/exploit_regions.rpt for the underlying data as well as snapshots/gnuplot_exploit_regions.sh and
	snapshots/exploit_regions.gp for the helper script and the gnuplot script used to generate the plot. The
	helper script is provided as is. It is rather slow and makes certain assumptions about the structure of the
	LEF, DEF files -- in case of an error when running this script on your DEF files, see ``here be dragons''
	comments first. Please reach out with any bugfixes you might come up with.

Other infos:
------------
- Source of RTL:
	- http://www.aoki.ecei.tohoku.ac.jp/crypto/web/cores.html
	- T. Sugawara, N. Homma, T. Aoki and A. Satoh, "ASIC Performance Comparison for the ISO Standard Block
	Ciphers," The 2nd Joint Workshop on Information Security (JWIS2007), August 2007.
- Contest organizers:
	Johann Knechtel (NYUAD), Jayanth Gopinath (NYU), Jitendra Bhandari (NYU), Mohammed Ashraf (NYUAD),
	Ozgur Sinanoglu (NYUAD), Ramesh Karri (NYU)
- Contact email:
	ispd22contest@nyu.edu
