Draft:Structural Analysis For Microelectronics Security & Trust

Submission declined on 17 June 2025 by Tarlby (talk). This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources. This submission reads more like an essay than an encyclopedia article. Submissions should summarise information in secondary, reliable sources and not contain opinions or original research. Please write about the topic from a neutral point of view in an encyclopedic manner. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by Tarlby 4 days ago. Last edited by Citation bot 3 days ago. Reviewer: Inform author. Resubmit Please note that if the issues are not fixed, the draft will be declined again.

• Comment: Whether or not this article is considered notable (I did not check, but please make sure it is!), this draft reads more like an essay than an encyclopedic article. It is best if you research how Wikipedia articles must be structured and written and read through our various policies and guidelines such as the manual of style.
  Not only that, but most of the draft isn't cited to any source. This fails WP:V and calls into question the notability of the subject.
  Good luck! Tarlby ^{(t) (c)} 22:32, 17 June 2025 (UTC)

Today's "Global Semiconductor Supply Chain" is a highly partitioned, globe-spanning workflow. Many fabless firms concentrate solely on chip architecture and circuit design, outsourcing the manufacturing process to specialized foundries typically located in key semiconductor hubs around the world (known as Fabless Manufacturing). In the foundry model, design houses, pure-play foundries, and traditional integrated-device manufacturers (IDMs) function as separate commercial entities, effectively dividing the responsibilities of intellectual property creation and wafer fabrication. After wafer fabrication is complete, the individual dies are typically shipped to Outsourced Semiconductor Assembly and Test (OSAT) providers in a different region, where back-end processes such as packaging, marking, and final testing are carried out separately from the front-end fabrication. Throughout the design process, engineers often integrate "third-party IP cores" (pre-verified logic blocks licensed from external sources) to speed up the development of systems-on-chip and ASICs. As a result, the circuitry within a single die may be sourced from multiple independent entities. This distributed, multi-entity ecosystem helps reduce costs and accelerate innovation, but it also brings significant security and trust challenges.

Modern economies, defense systems, and critical infrastructure all rely on custom silicon. A single compromised chip can endanger lives or leak highly sensitive data. The present-time microelectronic/digital designs often involve global supply chains and third-party components, raising concerns about hardware security and trust. "Microelectronics Security and Trust" is a discipline that discusses about the safeguards of integrate circuits (ICs) and their supporting design, manufacturing ecosystem against potential risk and threats e.g., malicious modification, intellectual property (IP) theft, unauthorized use/Counterfeiting and secret information leakage. It provides complementary assurance that every component in that ecosystem from register-transfer-level (RTL) code to packaged silicon deployed in the field, behaves exactly as its legitimate owner intends and nothing more.

"Structural Analysis" in hardware security involves examining the circuit's design structure such as gate-level netlists or physical layouts to detect anomalies or vulnerabilities rather than relying solely on functional testing or runtime monitoring. This analysis has become essential as every stage of the pre-silicon design flow modifies the circuit's physical structure. For example, logic synthesis and optimization tools like Synopsys Design Compiler or Cadence Genus or other CAD/EDA tools like these reshape and optimize the design. Similarly, security hardening techniques such as logic locking or insertion of masking gates/logic constructs to mitigate power side-channel attacks introduce new cells and interconnections that preserve the functional equivalence but alter the structure. Malicious actors exploit these same transformation points, injecting stealthy trigger logic, redundant interconnects directly into the netlist. Structural analysis is inherently oracle-less (does not require golden design), enabling the detection of anomalous topological deviations without requiring a trusted output vector. Once suspicious regions are identified, targeted functional tests/properties (e.g., fan in/out, PIs/POs, etc.) can be employed to significantly reduce the search space. Leveraging this property, researchers have developed numerous frameworks; both threat-oriented and mitigation-oriented in nature.

Structural information (from digital circuits) is now mostly employed with the modern AI for microelectronics security and generally the analysis can be seen from two perspective:

• Local feature (Entire graph into small structured subgraph): Microelectronic designs are naturally represented as hypergraphs, with logic units serving as vertices and their interconnections forming hyperedges. Local feature approaches focus on a small neighborhood around each gate or logic unit: the nearest cells are gathered with a breadth-first search (BFS), their interconnections are encoded as an adjacency matrix, and each gate type/logic unit is one-hot encoded, yielding a fixed-length vector that captures the placement and connectivity of that locality/neighborhood. These local signatures highlight subtle structural changes, such as added security constructs (e.g., key gates) or malicious modifications (e.g., Trojan triggers, payloads) that blend into functional behavior.
• Entire graph into neural frame: Graph-level approaches, by contrast, treat the entire netlist (or a sampled subgraph) as a single mathematical graph and feed it to a graph-neural network (GNN) so that connectivity patterns directly can be captured. In practice, both views is combined: local vectors excel at spotting predictable whereas graph neural methods shows scaling to overall designs and together providing a robust, oracle-free lens on a circuit's hidden structure.

Several notable studies have employed structural analysis (also shown in the overview table) as a core component in achieving their respective goals or frameworks, as outlined below:

1. SAIL (Structural Analysis using Machine Learning):.^[1][2] SAIL is a pioneering reverse engineering attack that demonstrates the vulnerability of logic locking/hardware obfuscation schemes to structural pattern recognition. Unlike traditional attacks such as SAT-based deobfuscation, which require access to a functional "oracle" (i.e., a functionally working chip to observe outputs), SAIL operates purely on the gate-level netlist without needing any functional outputs or golden references. This oracle-less approach makes it highly applicable in scenarios where only the locked/obfuscated design is accessible. SAIL leverages supervised machine learning models to infer the original circuit structure from an obfuscated netlist. The attack is based on the observation that logic locking despite aiming to conceal the design which introduces structural artifacts that often follow predictable synthesis rules. SAIL extracts structural features from the circuit graph, such as connectivity types and patterns of local neighborhood around inserted key-gates, and trains models to learn how locking perturbs these patterns. The trained model is then used to reconstruct the likely original (unlocked) structure. Overall, SAIL highlights the urgent necessity for obfuscation methods that resist both functional and structural inference. To know more about SAIL, visit^[2]
2. SnapShot:.^[3] SnapShot is also an oracle-less, machine-learning based logic locking attack that predicts the secret key of locked/obfuscated integrated circuits purely from structure, without any functional "golden" reference. From the gate-level netlist it extracts localities (bounded subgraphs around each key-gate) using bidirectional BFS with fixed depth and fan in/out limits almost like SAIL. SnapShot shows the first how multilayer perceptron and convolution networks optimized by genetic algorithms can be used for structural analysis of logic locking. To know more about SnapShot, visit^[3]
3. OMLA (Oracle-Less Machine Learning Attack):.^[4] OMLA, also is an oracle-less logic locking attack which leaks the secret key. It pinpoints every key-gate in the obfuscated gate-level netlist and copies the "neighborhood" of gates and wires that surrounds each one. Each neighborhood is turned into a graph whose nodes store simple tags like what kind of logic gate they are, whether they carry a primary input or output, and how many steps (distance) they are from the key-gate; so the overall connection pattern is captured. These graphs are then fed to a GNN (graph neural network), which learns to label each neighborhood as key-bit 0 or 1. To know more about OMLA, visit^[4]
4. X-DFS (Explainable Design-for-Security):.^[5] X-DFS is a mitigation-oriented framework that learns, from a circuit's own design structure, where to plant security constructs and shows an application/study against reverse-engineering attacks (logic locking attacks, discussed earlier) fail. It begins with a knowledge-extraction loop: candidate locking primitives (e.g., XOR/XNOR key-gates) are dropped at random gates or nets in the synthesized design, the design is challenged by a logic locking attack and each insertion is labelled "good (if not discovered by the attack)" or "vulnerable (if discovered)." For every trial the tool captures a structural fingerprint, an adjacency matrix (see Figure 1)slice of the locality encoded with one-hot gate encoding with functional features like static signal and transition probability. These information are learned by the XAI models to apply on unseen microelectronic design (e.g., gate level netlist) to make it secured against popular reverse engineering attacks while giving domain experts clear rationales for each secure modification. To know more about X-DFS, visit^[5]
5. SALTY (Structural AI for Explainable Trojan Analysis):.^[6] SALTY is a hardware-Trojan detection method that works on a gate level netlist. Using structural features like X-DFS, it tracks through the neighborhood information around each wire/logic and feeds those locality encodings into GNN with Jumping Knowledge aggregation to learn trojan's structural pattern (subtle changes). After the GNN flags suspicious nets, SALTY uses Explainable AI (XAI) methods to analyze structural feature importance value to filter out false positives/negatives; authors call this term as "dynamic post processing", first AI based automatic post processing to reduce AI hallucinations for detecting malicious modifications in netlist. To know more about SALTY, visit^[6]
6. TrojanSAINT:.^[7] TrojanSAINT is a hardware Trojan detection scheme that employs also GNN on the gate-level netlist. It treats each logic gate as a graph node and each wire as an edge, then attaches to every node a compact feature vector that records the gate's Boolean type, its fan-in/fan-out counts, and its shortest distance to the primary inputs and outputs. Instead of processing the whole graph at once, it draws many sub-graph units, letting the GNN observe diverse connectivity patterns from those subgraph internal structures. To know more about TrojanSAINT, visit^[7]