feature article
Subscribe Now

Burning the Secret Sauce

When Paranoia Impedes Progress

“Our new RuleBuster DRC tool has successfully verified a one billion transistor 65nm design for… uh… a very large semiconductor company.”  The presenter blushes a bit, looks annoyed, and then continues with his next PowerPoint slide.  The six people in the audience all know who he’s talking about, and they’re dutifully impressed.  He’s met the letter of the law on the agreement his company signed, although he is now far from the spirit of it.

When you make your living designing and selling electronic design automation (EDA) tools, issues of confidentiality and paranoia fly at you from all directions.  Some of the world’s largest semiconductor companies (Can we say Intel’s name here?  Whoops, there it goes!) have long-standing policies of not allowing suppliers to admit that their products were used by that company.  Apparently the “Intel Inside” marketing campaign style doesn’t apply both ways.  You won’t find a lot of chips from these manufacturers with “Synopsys Inside, Magma Inside, Cadence Inside, Mentor Inside, etc.” stamped on the top, even though products from all four of these companies (and likely more) were likely involved in getting that chip into the socket.

We don’t mean to single out Intel here – a lot of semiconductor and systems companies have similar policies and similar motivations.  They feel that the tools, services, and IP that go into bringing their products to life all become part of their “Secret Sauce” and that withholding that information keeps their rivals at a competitive disadvantage.

Yeah, right.

Let’s say hypothetically that you work for a competitive semiconductor company (Oh, it looks from our subscriber rolls like many of you do.  Welcome!), and you’re dealing with the problem of layout verification.  Let’s have a quick show of hands as to how many of you wouldn’t know to check some of the four companies listed above?  Oh, not too many hands in the air.  OK, you two – go Google “layout verification” – yep, Mentor, Synopsys, CDN (that’s stock-market-ese for Cadence), a bunch of academic references…  Whew! That big trade secret took us awhile to crack.

Nonetheless, EDA and IP companies often have their hands tied by their customers, protecting the identities of users of the same products they’re spending millions to advertise.  Every member of the marketing and field team that works with the customer in question must be briefed and warned, PowerPoint presentations must be scrubbed, and press releases are audited to make sure that word doesn’t leak out that they have happy, successful customers using their products.  When they go to meet with a new prospective customer, the question will inevitably arise –

“Do you have other customers using this product?”

“Definitely.”

“Who are they?”

“Can’t say, but trust me, they love it.”

“Gee, thanks.  That’s very helpful.”

It would be easy to stop the blame with the systems and semiconductor companies, but this virus runs much deeper than that.  The EDA companies themselves are similarly afflicted.  Go to any tradeshow, like, say, the Design Automation Conference (to choose a random example), and look at what’s in the booths on the show floor.  The answer is… “Fluff.”  You’ll see lots of signage about how each company is “The Leader in Franistan Reticulation,” accompanied by pitches from paid actors who rattle off technology terms without a clue as to their meaning and sixty-inch plasma monitors showing slick flash videos of animated characters rollerblading along metal traces and falling victim to evil electro-migration.

Not exactly what we need to get our jobs done.

If you want any real information, you need to sign up for access to the sacred suites.  This is a process that ranges in difficulty – we’d estimate somewhat harder than getting through airline security, but easier than escaping from a federal detention facility.  Once inside, of course, you’ll be greeted by the Good catered food and lots of other potential customers wearing their badges backward and trying to look inconspicuous.  You’ll slide into a seat in the back of a mini-meeting room, and, when the presenter pauses briefly from pushing power optimization to a new level of abstraction, you quietly ask “Do you have any customers using this product?” Oh, wait.  We’ve been there already.

I once worked on a giant software development project at an EDA company, and my team was hamstrung by complex security requirements mandated to keep our archrivals from guessing what we were up to.  Our engineers jumped through hoops and ran through virtual obstacle courses trying to get their jobs done while protecting the secret sauce.  It often seemed like we spent more time babysitting our security measures than we did developing code. 

Of course, two of the members of the team were married to employees of competitive companies, our own company had a massive marketing campaign designed to create a buzz about the new technology we were developing, we had filed patent applications that made it perfectly clear what we were working on, and some of our engineers were presenting papers at technical conferences explaining details of the algorithms.  Nonetheless, our source code was safe.  So safe, in fact, that the folks that wrote it couldn’t often get it to compile successfully.  We wondered aloud whether the best defense against our unseen industrial spies might be to just tar-up the source code and send it to them.  They’d probably be tied up for years just getting the make files set up right.

The kind of proprietary paranoia that causes these misguided company behaviors is not without foundation.  There are well publicized cases of EDA company engineers defecting with entire product lines and trying (with varying degrees of success) to sell them to competitive companies.  For the most part, large technology companies are too smart to take advantage of these unethical and illegal offers.  On the rare occasion when they’re not, prison terms are not unheard of. 

On the semiconductor side, there are well-established companies that make their living doing nothing but reverse-engineering high-profile devices.  Once the buffing compounds and scanning electron microscopes start to work, no secret is safe for long.  Competitors can purchase detailed reports for a small fortune, but the insight gained is seldom profound. 

Particularly in these days of domination by fabless companies, few people have any real process advantage.  Everybody starts from the same “go” square with the same semiconductor processes available to them, the same third-party IP to speed up their design cycle, and the same array of EDA tools to stitch it all together and make sure it works.  Real competitive advantage is typically gained by the tiny percentage of software and hardware in the design that’s truly original and by the novel application of all those standard ingredients to make something that solves an important customer problem well.

However, the mapping between the security measures and the actual threats faced by these companies trying to protect their intellectual property and competitive advantage is tenuous at best.  The real reason that trade secrets migrate around the industry is the incessant turnover of engineering talent and the constant migration of key technologists from one company to another.  Perhaps if companies focused more on keeping their key talent in place, they’d have far fewer leaks of critical technology to the competition.  After all, if it wasn’t easier for us as engineers to get a bigger salary, a better title, a faster promotion, or more recognition by changing companies than it is to stay where we are, we wouldn’t often go through the trauma of a job change.  All too often, however, companies skimp on these things with their loyal, long-term employees while simultaneously pulling out the stops to recruit that seemingly indispensable engineer that’s leaving their competitor.  Unfortunately, you almost always get the behavior you reward.

Leave a Reply

featured blogs
Jan 27, 2023
Wow, it's already the last Friday in January, so time for one of my monthly update posts where I cover anything that doesn't justify its own full post or which is an update to something I wrote about earlier. Automotive Security I have written about automotive secur...
Jan 26, 2023
By Slava Zhuchenya Software migration can be a dreaded endeavor, especially for electronic design automation (EDA) tools that design companies… ...
Jan 24, 2023
We explain embedded magnetoresistive random access memory (eMRAM) and its low-power SoC design applications as a non-volatile memory alternative to SRAM & Flash. The post Why Embedded MRAMs Are the Future for Advanced-Node SoCs appeared first on From Silicon To Software...
Jan 19, 2023
Are you having problems adjusting your watch strap or swapping out your watch battery? If so, I am the bearer of glad tidings....

featured video

Synopsys 224G & 112G Ethernet PHY IP OIF Interop at ECOC 2022

Sponsored by Synopsys

This Featured Video shows four demonstrations of the Synopsys 224G and 112G Ethernet PHY IP long and medium reach performance, interoperating with third-party channels and SerDes.

Learn More

featured chalk talk

EdgeLock® Secure Element & Secure Authenticator

Sponsored by Mouser Electronics and NXP Semiconductors

Today’s IoT designs demand comprehensive security implementation, but incorporating a robust security solution in your design can be a complicated and time-consuming process. In this episode of Chalk Talk, Amelia Dalton and Antje Schutz from NXP explore NXP’s EdgeLock Secure Element and Secure Authenticator Solution. They examine how this flexible, future-proof and easy to deploy solution can be a great fit for a variety of IoT designs.

Click here for more information about NXP Semiconductors EdgeLock® SE050 Plug & Trust Secure Element Family