A flexible ‘wrapper’ enables secure IP sharing
08/01/2005
The growing need for collaboration in the semiconductor industry has created an additional challenge: protection of intellectual property (IP) while sharing capabilities in wafer fabs. Concern over IP protection in today’s partnerships has inhibited improvements in overall factory effectiveness. To address this problem, a new approach to IP protection has been developed using distributed object-based software that associates security with data content rather than data transmission or storage. The net effect is the ability to integrate security directly into software and manufacturing tools - opening up access, when needed, while protecting IP.
Partnerships in semiconductor manufacturing have become an absolute requirement to keep pace with Moore’s Law for higher levels of device integration and lower costs per function. Significant changes in materials and process technologies are driving greater collaboration between suppliers, device manufacturers, and research groups worldwide. The cost of manufacturing alone is forcing alliances that previously were unimaginable. While cooperation is increasing, companies face the growing challenge of protecting IP in multiparty alliances. Often, the ability to provide real-time exchange of data is essential for the success of technology and manufacturing partnerships.
Development work to address this crucial industry need has focused on a distributed object-based open software architecture that associates security with data content rather than data transmission or storage. This approach, called the Flexible Security Wrapper (FSW), enables the integration of security directly into software and manufacturing tools. Development of the FSW software security architecture was funded under a NIST Advanced Technology Program involving ILS Technology, Advanced Micro Devices Inc., and Oceana Sensor Technologies Inc. FSW is in the final stages of its initial application in manufacturing, with initial software evaluations showing the concept working as expected.
Dealing with dysfunctional partnerships
At the outset of the NIST project in 2001, there was a perception that relationships between equipment suppliers and wafer fabs were increasingly dysfunctional due to the trend of advanced process control (APC), e-manufacturing, and e-diagnostics becoming entangled in collaborative efforts.
Program participants recognized that a perceived lack of trust inhibited the sharing of expertise and technologies needed to optimize manufacturing productivity. So they set out to create an underlying security framework that would allow all parties to control exactly what information was shared along with the conditions for exchange between multiple parties. E-diagnostics was selected as a “stepping stone” to build trust in the security framework, which would be necessary to reach full e-manufacturing capabilities.
The development project assumed encryption, authentication via the Internet, and other basic capabilities were in place for overall protection of data and IP. Building on top of existing secure connections, the FSW development efforts placed emphasis on the “who and when” aspects of sharing process recipes, yield management data, equipment algorithms, and other potentially sensitive IP.
The FSW software has now been validated in e-diagnostics and e-manufacturing applications. Foremost to this process is a security reference model that allows an enterprise to specify a detailed formal security policy precisely describing under what conditions partner firms can access data. The model reflects the way users really make decisions about granting or denying access rather than traditional procedural approaches to security. The model takes into account persons wanting to access data, why they want access, the state of the equipment and factory when data is requested, authorization and approval processes, and many other variables.
The level of data security depends on its context and the situation when access is being attempted (Fig. 1). For example, a process variable from an etch tool might by itself be safe to disclose, but the information could become highly sensitive when correlated with data from a metrology tool used downstream in the production process.
The software’s model layers a company’s security policy from general principles down to specific tools. For an application, a company develops a default security policy. Individual factories, stations, and tools contain their own policies, which can implement the general policy or modify it. Figure 1 shows how the model partitions a tool’s data space depending upon who or what application is accessing the data. Other abstractions are outlined in the table.
 |
In essence, the model specifies the basis for human judgments in setting security policy so that software can initiate and automate the process of making decisions. The model’s framework captures existing practices and anticipates situations that will arise in a fully networked collaborative environment, when manufacturers and suppliers develop trust. The reference model itself is not software, nor is it a process. It is a logical scheme that allows a company to describe, systematically and deterministically, its policies on data sharing and security. Software that implements the model cannot replace human judgment. Instead, security management software automates routine decisions and refers difficult ones to people while providing the context and information they need to reach a decision efficiently.
The software objects used to implement the abstract security reference model are known as the security object base. Therefore, configuration software tools play an essential role in making the FSW framework practical. They present the security policy to the IT manager through a graphical user interface, identify permutations of overlapping and interacting rules to prevent unintended consequences, compare practices across the factory and the company, and flag potential inconsistencies and security breaches.
The flexible firewall
At the core of FSW is a flexible firewall, a novel distributed architecture that can protect any accessible device - from a factory server down to an embedded sensor. The flexible firewall enforces the security policies of the wafer fab and equipment suppliers as described in the model. The flexible firewall is not a monolithic sentry that sits between the company and the outside world (this continues to be the role of a conventional firewall). Instead, it is a distributed architecture that implements the firm’s security policies at the level of individual pieces of equipment and data sets. The flexible firewall draws different boundaries around data depending on circumstances defined by the security framework. Different machines (on-site and off-site) will automatically negotiate the exchange of data or call the attention of a human operator to grant permission.
 |
Figure 2. Example of a distributed flexible firewall. 1) Rule configuration tool creates rules based on tool data model, users
oles, and factory context. 2) Rules engine evaluates rules as true, false, or conditional (transform). 3) Filter manages client sessions, active/defined plans, and reports. 4) Authenticator validates users. 5) Filter audits all responses and requests for audit trail. 6) Tool data can be accessed via portal application or Interface A. 7) Virtual factory facade interfaces to the virtual factory to distribute factory context requests
esponses. 8) Factory MES manages factory context extracted from the MES.
The flexible firewall permeates the factory from the manufacturing execution system (MES) to individual tools and autonomous embedded sensors (see Fig. 2). The flexible firewall resides as an application program running on top of an object model of a tool. It runs separately above every tool (or station controller) allowing external electronic access. The flexible firewall performs the following operations:
- translates the security reference model into executable software objects (instances of the security object base) that represent the people or software applications (role-objects) seeking access to data;
- evaluates conditions in the factory together with the permissions of a role-object and decides whether to allow a data request or an equipment state change;
- queries the tool-object for the requested data or instructs the tool-object to make requested changes;
- determines an appropriate method for transferring data (e.g., selects from among various encryption and authentication methods); and
- returns results to the requester.
Every wafer fab tool, server, wireless PDA, and application that attempts to communicate through the security framework must run a flexible firewall application. Other types of messages - such as the legacy serial channel between a station controller and a tool - will bypass the flexible firewall and continue to function as before.
The flexible firewall leverages and supports existing industry standards (e.g., IPsec, VPN, SSL, etc.) to ensure the secure transport of data over the network. It will choose the appropriate mechanisms based on data sensitivity, the availability of protocols to applications it is mediating, and security policy specifications.
Other attributes
Beyond the model and firewall, many other attributes of FSW have proven valuable in initial wafer fab tests. These include support for wireless communications to enable data exchange that does not conform to conventional IT infrastructure topology. For example, based on the security model, a supplier’s technician might have access to certain parameters on a tool (e.g., filament current and run time on an ion implanter) from a workstation outside the cleanroom, but no access from any workstation on the fab floor while the tool is running. However, a Bluetooth PDA could give the technician access to key parameters while standing next to a running tool under the same restrictions that apply to his office workstation.
FSW also includes support for firmware-level implementations so that the security framework can embrace not only complete tools, but also intelligent (and possibly autonomous) components. These components also hold proprietary data and algorithms, yet need data transparency to enable condition-based maintenance. The computational power embedded in intelligent sensors has reached the point that they can run complex algorithms, process data on-board, make high-level decisions, and communicate directly to other tools.
Also integrated within FSW are e-diagnostics applications that enable collaborative, remote diagnostics of manufacturing tools by expert engineers. The software occupies a neutral position between equipment vendor and user, allowing each party to grow comfortable with simple, controlled data exchange before cautiously venturing toward greater levels of data exchange without compromising proprietary data. Both parties can trace their data and audit all exchanges. IC manufacturers, fab equipment suppliers, and third-party software vendors can freely develop their own applications to run within the security framework.
Conclusion
FSW’s e-manufacturing applications can react to problems and enable proactive improvements in manufacturing productivity. These applications run autonomously and exchange data between tools and parties continuously without direct supervision. Examples include predictive maintenance scheduling, automatic sensor calibration, APC across multiple tool suppliers, correlation of statistical operating data across multiple IC manufacturers to improve tool design, aggregation of corrective measures to improve knowledge databases, and supply chain management.
The FSW architecture has demonstrated the ability to solve the “dysfunctional” relationship between equipment suppliers and semiconductor manufacturers. The next step is to embed this capability in other manufacturing partnerships. The FSW architecture could be applicable beyond wafer fabs to mask manufacturing, fabless design shops, materials suppliers, technology clusters, and academic R&D labs. The concept also has the potential to address other industries that rely on valuable proprietary recipes, such as pharmaceutical, aerospace, and automotive applications.
Bill Ramus is senior VP of commercial management at ILS Technology, 5300 Broken Sound Blvd., Boca Raton, FL 44487; ph 561/807-0060, e-mail [email protected].