Semiconductor equipment security virus and intellectual property protection guidelines l.jpg
Advertisement
This presentation is the property of its rightful owner.
1 / 15

Semiconductor Equipment Security: Virus and Intellectual Property Protection Guidelines PowerPoint PPT Presentation

Semiconductor Equipment Security: Virus and Intellectual Property Protection Guidelines Anant Raman anant.raman intel.com Harvey Wohlwend harvey.wohlwend ismi.sematech.org

Related searches for Semiconductor Equipment Security: Virus and Intellectual Property Protection Guidelines

Download Presentation

Semiconductor Equipment Security: Virus and Intellectual Property Protection Guidelines

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Semiconductor equipment security virus and intellectual property protection guidelines l.jpg

Semiconductor Equipment Security: Virus and Intellectual Property Protection Guidelines

Anant Raman

anant.raman intel.com

Harvey Wohlwend

harvey.wohlwend ismi.sematech.org

Advanced Materials Research Center, AMRC, International SEMATECH Manufacturing Initiative, and ISMI are servicemarks of SEMATECH, Inc. SEMATECH, the SEMATECH logo, Advanced Technology Development Facility, ATDF, and the ATDF logo are registered servicemarks of SEMATECH, Inc. All other servicemarks and trademarks are the property of their respective owners.


Two key elements of security l.jpg

Vendor Systems

  • Automation Apps

  • Direct to Tool

  • Removable Media

  • Office PC

  • Remote Diagnostics

  • Utility PC

Two Key Elements of Security

  • System Integrity due to:

    • Network integration of equipment is required

    • Highly integrated network likely to get cyber attacks

    • Cyber attacks are growing

  • Intellectual Property (IP) due to:

    • Business integration of various roles – process, yield, equipment engineering, industrial engineering, field service, equipment design, factory automation, etc.

    • Joint Development – OEMs and IC Makers working in “compensatory” environments

Sources ofVulnerability


Shrinking time to vulnerabilities l.jpg

Shrinking Time to Vulnerabilities

Vulnerability

reported; Patch in progress

Bulleting andpatch available;

No exploit

Exploit code in

public

Worm in the world

Days between patch and exploit

“… there is no more patch window," wrote Johannes Ullrich, Chief Research Officer at the SANS Internet Storm Center. "Defense in depth is your only chance to survive the early release of malware."

331

180

151

25

Zero Day Attack: Vulnerability exploited before it was reported to the rest of the security community

0

Blaster

ZoToB

Welchia/ Nachi

Nimda

SQL Slammer


Virus protection guidelines l.jpg

Virus Protection Guidelines

  • ISMI and Member Company Working Group reviewed the issues and requirements and established guidelines to address semiconductor equipment security for IC Makers and Equipment suppliers

    • Established guidelines at factory network and equipment level

  • Describe capabilities to successfully integrate equipment into an IC Maker’s intranet, including:

    • Guidelines based on standard capabilities

    • Configuration guidelines for the IT personnel for components such as network equipment, computers, operating systems, and products

    • Security design guidelines for equipment application architects and designers


Ic maker guidelines l.jpg

IC Maker Guidelines

  • Use firewalls in the IC Maker factory network to control access

  • Provide proxies for communications between equipment and factory

    • Proxies provide virus protection capabilities

  • Institute business process for local equipment users

    • Backup and recovery procedures

    • Scanning of removable media (memory sticks, floppies, CDs, etc.)

    • Security requirements for mobile devices (laptops, PDA, Tablets, etc.)

    • Infrastructure for anti-virus protection


Equipment supplier guidance l.jpg

Equipment Supplier Guidance

  • Institute business process

    • Backup and recovery procedures

    • Procedures and training for field service engineers

  • Hardened computer configurations

    • Strong password, non-blank password, etc.

    • No public network shares

    • Avoid installing or enabling unnecessary programs and services on equipment (e.g., telnet, ICMP, FTP)

    • Support applications running with minimum privileges

    • Wherever applicable, equipment runs independently of each other from network perspective

    • Support logging and audit of security related configuration changes

    • Record all security related errors


Equipment supplier guidance cont d l.jpg

Equipment Supplier Guidance (cont’d)

  • For new equipment, provide operating systems and anti-virus capabilities that are in the currently supported phase of their life cycle

  • Security software upgrade support for equipment is optional and provided as a service for interested IC Makers

    • The service details include qualification and support for operating system, applications, and anti-virus capabilities

    • The IC Maker and the equipment supplier shall agree upon the frequency of security updates

  • Network security layer 3 device for equipment (optional)

    • Allow only controlled access to / from equipment

    • Additional packet filtering and firewall technology for equipment

  • Wireless: Not Allowed

    • Equipment internal wireless networks / LAN replacements

    • Wireless networks between equipment

  • Wireless: Allowed

    • Factory components (e.g., ID readers) and equipment


2007 virus protection guidelines update l.jpg

2007 Virus Protection Guidelines Update

  • Best Known Methods

    • Network Security

      • Create equipment security model

      • Create mapping of security to equipment groups, …

    • Port Security

      • New equipment installation

      • Move equipment to a known location, …

    • Virus Management

      • Support network segmentation (links to network BKMs)

      • Shut down unneeded network ports at the tool, …

    • Patch Management

      • Identify patching candidates

      • Create software upgrade plan, …


Slide9 l.jpg

Virus Protection Vis-à-vis System Integrity

2007 update includes IC Maker Best Known Methods for cyber security, shows greater IC Maker synergy and sharing

Documentation shows that IC Makers have significantly matured in handling cyber attacks on equipment

Most IC Makers are using two or more methods to handle cyber security for equipment

Factory with 100s of tools

Vulnerability Paths

System Integrity

Field service

laptops

Removable

media

HSMS enabled

Process tool

Remote

diagnostics

Automation

apps

Direct to

tool

Time to move on to other challenges

Utility

PC

Office

PC


Equipment security roadmap l.jpg

Equipment Security Roadmap

2004-2007

2007 Onwards

2007 ITRS Update

We are at an inflection point


Ongoing equipment security needs l.jpg

Ongoing Equipment Security Needs

  • R&D is a key element of business and operating strategy in semiconductor industry

    • IC Maker focus on the process and end products

    • OEM focus on the equipment for the process

  • Collaboration is a mega trend

    • Moving to a new technology node, shared cost model

    • Results in more sharing of data, e.g., design data, recipe data, test data, equipment data, wafer characterization, contamination data, yield data, cycle time, etc.

  • Operational challenges

    • Environmental: System Integrity due to cyber attacks

    • Manufacturing: IP sharing due to defects, yield, throughput and reliability issues

    • Financial: IP sharing due to joint development

  • Challenge: How can IC Makers and OEMs create a balance between protecting their investments and sharing IP for operations?


Equipment ip protection l.jpg

IP Protection

Requirements for member companies have been collected and jointly analyzed

Key observations from requirements:

IP protection currently enforced by business process such as NDAs with scant technology support

Only a few objects need to be protected (limited depth-scope)

Role-based security needed for specific IP-laden objects

Don’t focus on tool operations (limited breadth-scope)

Some areas are more applicable than others

Some timeframes are more applicable than others

There are many Use Cases – Tool Down/Repair, ICM–ICM Collaboration, ICM to foundry, ICM Nth & N+1th Gen separation

Approach: To create a multi-faceted security framework using

e-Diagnostics security architecture

Tiered architecture provides rich set of comprehensive security capabilities

Status: Revision 0 guidelines created

Equipment IP Protection

IP protection guidelines are based on business requirements


Equipment ip protection strategy l.jpg

Equipment IP Protection Strategy

  • Key Concept: IP protection needs to be part of equipment software and not only a business process

  • Identify key software security technologies such as role-based security

  • Leverage existing software security architecture in equipment area (e-Diagnostics lineage)

  • Identify Use Cases for different business models, e.g.,

    • IC Maker-IC Maker collaborations

    • IC Maker-Supplier collaborations

    • IC Maker (N+1)th & Nth process generation handling

    • IC Maker- Foundry collaborations

    • Tool end-of-life

  • Identify functional areas and times where IP protection is not relevant

  • Pilot IP protection guidelines via OEM implementation

  • Educate and reinforce industry needs for IP protection and current risks

  • Supplier implications:

    • Incremental change required to the equipment controls software to add role-based security to a small set of files and directories

    • User / Group access to IP based on “Need to Know”

    • Sharing / Control of IP is automated through software (as opposed to manual) and can be dynamic depending upon business conditions

    • Automatic software-based user accounting and auditing

    • Ability to turn off security when not needed, but in controlled manner

Technology is available today to solve equipment IP problems!


2007 equipment security summary l.jpg

Vendor Systems

  • Automation Apps

  • Direct to Tool

  • Removable Media

  • Office PC

  • Remote Diagnostics

  • Utility PC

2007 Equipment Security Summary

Objective:

  • Strengthen the Equipment Virus Protection Guidelines due to complex network connectivity requirements

  • Drive the need to protect IP within equipment amongst IC Makers and create industry-level guidelines

    Benefits:

  • Protects stakeholder financial investments in the technology

  • Enables factory-wide standardized IP protection and cyber security

  • Strengthen the enforcement of NDA through technology

  • Provides clear operating procedures for IP protection and cyber security for situations such as troubleshooting, joint design, technology transfer, sub-contracting, etc.

Need for Equipment IP Protection

Need for Cyber Security

ISMI Guidelines Provided!

Current Project Focus


Summary l.jpg

Summary

  • e-Manufacturing and Collaboration era brings need for enhanced security

    • Interface A standards define equipment-level security

    • Interface C defines moving data securely from the factory to supporting organizations

    • ISMI Virus Protection Guidelines published

      • Gives guidance to equipment suppliers on expectations and requirements

      • Provides IC Maker Best Known Methods

    • ISMI IP Protection Guidelines being developed

  • Development of security framework is central to the solution space

  • Use Case development critical to overall success

  • Need collaboration from all – ICMs and OEMs


  • Login