CAD-base: An attack vector into the electronics supply chain

Kanad Basu, Samah Mohamed Saeed, Christian Pilato, Mohammed Ashraf, Mohammed Thari Nabeel, Krishnendu Chakrabarty, Ramesh Karri

Research output: Contribution to journalArticlepeer-review


Fabless semiconductor companies design system-on-chips (SoC) by using third-party intellectual property (IP) cores and fabricate them in offshore, potentially untrustworthy foundries. Owing to the globally distributed electronics supply chain, security has emerged as a serious concern. In this article, we explore electronics computer-aided design (CAD) software as a threat vector that can be exploited to introduce vulnerabilities into the SoC. We show that all electronics CAD tools-high-level synthesis, logic synthesis, physical design, verification, test, and post-silicon validation-are potential threat vectors to different degrees. We have demonstrated CAD-based attacks on several benchmarks, including the commercial ARM Cortex M0 processor [1].

Original languageEnglish (US)
Article number38
JournalACM Transactions on Design Automation of Electronic Systems
Issue number4
StatePublished - 2019


  • Computer-aided design
  • Electronic design automation
  • Hardware security

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering


Dive into the research topics of 'CAD-base: An attack vector into the electronics supply chain'. Together they form a unique fingerprint.

Cite this