# Expanding Explainability: From Explainable Artificial Intelligence to Explainable Hardware

TIMO SPEITH, University of Bayreuth, Germany and Center for Perspicuous Computing, Germany JULIAN SPEITH, Max Planck Institute for Security and Privacy, Germany STEFFEN BECKER, Ruhr University Bochum, Germany and Max Planck Institute for Security and Privacy, Germany YIXIN ZOU, ASIA BIEGA, and CHRISTOF PAAR, Max Planck Institute for Security and Privacy, Germany

The increasing opaqueness of Artificial Intelligence (AI) and its growing influence on our digital society highlight the necessity for AI-based systems that are trustworthy, accountable, and fair. Previous research emphasizes explainability as a means to achieve these properties. In this paper, we argue that system explainability cannot be achieved without accounting for the underlying hardware on which all digital systems—including AI applications—are realized. As a remedy, we propose the concept of *explainable hardware*, and focus on chips—which are particularly relevant to current geopolitical discussions on (trustworthy) semiconductors. Inspired by previous work on Explainable AI (XAI), we develop a hardware explainability framework by identifying relevant stakeholders, unifying existing approaches form hardware manufacturing under the notion of explainability, and discussing their usefulness to satisfy different stakeholders' needs. Our work lays the foundation for future work and structured debates on explainable hardware.

CCS Concepts: • Hardware  $\rightarrow$  Integrated circuits; • Security and privacy  $\rightarrow$  Human and societal aspects of security and privacy; • Computing methodologies  $\rightarrow$  Philosophical/theoretical foundations of artificial intelligence.

Additional Key Words and Phrases: explainability, explainable hardware, explainable systems, explainable artificial intelligence, trustworthiness, stakeholders, desiderata, technical approaches

## 1 INTRODUCTION

In recent years, researchers have started questioning the ethical implications of digital technologies. In particular, software incorporating opaque Artificial Intelligence (AI) algorithms has led to intense discussions about fairness and accountability [60, 69, 79] in a wide range of technical systems, from autonomous vehicles to social networks. A common criticism of AI algorithms is that they are inscrutable black boxes—many people do not understand how these algorithms make decisions, despite their consequential impact on human life and well-being. This has led to the emergence of the rapidly growing field of Explainable AI (XAI), which is described by Langer et al. as being "concerned with developing approaches to explain and make artificial systems understandable to human stakeholders" [58, p. 1].

Explainability provides many benefits, one of the most often cited is its contribution to people's trust in a system [49]. However, if our objective is to increase people's trust in technical systems through explainability, the current discussions focusing only on algorithms appear too narrow. No algorithm, including every AI implementation, is in practice computed as a mere mathematical construct—it must actually run on a physical computer, that is, on a piece of *hardware*. This observation has important implications for explainability, especially as it relates to trust. If we are to trust algorithms, we must also necessarily trust the underlying hardware on which they are executed.

When it comes to hardware trust, consequential initiatives about Integrated Circuit (IC) manufacturing capabilities are currently taking shape around the world, e.g., the European Chips Act [32] and the US CHIPS and Science Act [92].

Authors' addresses: Timo Speith, timo.speith@uni-bayreuth.de, University of Bayreuth, Germany, Center for Perspicuous Computing, Germany; Julian Speith, julian.speith@mpi-sp.org, Max Planck Institute for Security and Privacy, Germany; Steffen Becker, steffen.becker@rub.de, Ruhr University Bochum, Germany, Max Planck Institute for Security and Privacy, Germany; Yixin Zou, yixin.zou@mpi-sp.org; Asia Biega, asia.biega@mpi-sp.org; Christof Paar, christof.paar@mpi-sp.org, Max Planck Institute for Security and Privacy, Germany.

Through these multi-billion dollar investments, the governments behind them seek to gain more control over the production and supply of ICs and become less dependent on foreign manufacturers. Another prominent example is the ban of certain 5G communication systems from foreign manufacturers in the USA [104]. The underlying concern is that adversarial actors can modify hardware in such a way that the algorithms running on top of it can be manipulated at will. Indeed, scientific studies have demonstrated that malicious hardware manipulations can have catastrophic consequences, potentially leading to a complete loss of security or incorrect algorithmic decisions. Such manipulations include the insertion of a kill switch to render military hardware inoperable under specifiable conditions [2], manipulation of Machine Learning (ML) accelerators [26, 61, 65], or the compromising of hardware security primitives [14].

Motivated by hardware trust, we focus on the explainability of the very foundation of digital hardware, namely the ICs from which every computer system is built. Just as XAI seeks to make AI models comprehensible to various stakeholders [9, 22, 58], the goal of hardware explainability is to make the hardware being used comprehensible.

From the XAI literature, we know that AI explainability can even provide a range of other benefits beyond trust, such as accountability, safety, legal compliance, and verifiability [9, 22, 58, 64]. The same might hold for hardware explainability, as illustrated by the following examples: First, the engine manipulations in the Volkswagen diesel emissions scandal revealed that the behavior of complex systems can be extremely difficult—if not practically impossible—to verify even for experts, making it hard to attribute accountability [12, 13, 31]. Second, the two fatal accidents involving the Boeing 737 MAX [30] resulting from erroneous sensor responses have shown that people have a valid concern about the safety and legal compliance of everyday systems like airplanes. Third, end users exhibit a lack of awareness of hardware-based camera indicators on laptops and smartphones; these indicators should serve as privacy safeguards in theory but fail to ensure users' feelings of safety against webcam spying in reality [83]. In all three cases, explainability might help.

However, achieving hardware explainability is no easy feat. Similar to the opacity of AI systems [21], modern ICs are mostly opaque and thus difficult to explain. ICs have become increasingly complex, culminating, e.g., in the Apple M1 Ultra with 114 *billion* transistors [93]. In parallel to the probabilistic training processes of AI systems, non-deterministic design tools automate vast parts of the hardware design process, sometimes even relying on AI themselves. Meanwhile, IC supply chains are globally distributed and subject to increasing geopolitical tensions [70], resulting in opaque manufacturing processes. The resulting non-explainability affects not only downstream stakeholders, such as end users (i. e., consumers or system operators) who interact with the systems but also experts who design them. As a remedy, we take the first step towards a hardware explainability framework. Our main contributions are:

- Explainability for Hardware and Systems (Section 3). We transfer the notion of explainability to the hardware domain and motivate the need for *hardware explainability* through legislation related to the trustworthiness of modern hardware components. We argue that hardware explainability is an essential component to achieve explainability on a system level, building on existing models for AI explainability.
- A Comprehensive Framework for Hardware Explainability (Section 4). We conceive a *framework* for hardware explainability that unites *stakeholders*, their explainability needs (i. e., *desiderata*), and *approaches* from hardware manufacturing to achieve a more comprehensive understanding of hardware-based systems.
- Applying the Framework (Section 5). By analyzing real-world scenarios (i. e., the three examples from above) and transferring concepts from XAI, we illustrate how our framework can be used to address the explainability needs of specific stakeholders and identify directions for developing novel explainability approaches.

## 2 WORKING DEFINITIONS

To lay a common ground for this work, we introduce relevant terms and processes of the hardware ecosystem.

A Broad System Definition. In this work, we refer to a system as something that consists of different hardware and software components to serve a dedicated purpose. In other words, a system can be anything from a smartphone, a car, or a PC. A system may also incorporate smaller subsystems, thereby introducing a hierarchy of systems. We define hardware as physical electronic components such as chips (i. e., ICs). Software is executed on hardware and includes drivers, operating systems, user applications, and algorithms such as AI.

A Rough Sketch of Hardware Design and Manufacturing. Modern hardware is specified and designed using high-level Hardware Description Languages (HDLs). The resulting schematics are mapped to a technology library that describes all circuit elements available for realizing the design. This process is known as *synthesis*. The technology libraries used in this process are typically provided by large (contract) manufacturers, also called *foundries*.

The implemented design, stripped of all high-level information like hierarchy, labels, and comments, is passed on to the manufacturer. They produce the actual chip using the chosen manufacturing technology in one of their production facilities, i. e., a semiconductor manufacturing plant also referred to as *fab* [36]. In the last step, the fabricated chip can be integrated into various systems that are then employed in diverse areas of our digital society, such as telecommunications, goods and passenger transport, public infrastructure, or military and space applications.

#### 3 THE NECESSITY FOR HARDWARE EXPLAINABILITY

The design and manufacturing of high-end semiconductors has increasingly become a political issue. Both the United States of America (USA) [92] and the European Union (EU) [32] have pledged 52 billion USD and 43 billion EUR, respectively, to invest in domestic semiconductor manufacturing and reduce reliance on foreign chip manufacturers [25].

One primary concern with reliance on foreign-made semiconductors is implanted backdoors especially in secure hardware components used by the military or in space [17, 32, 76]. Therefore, trustworthy hardware requires built-in security and safety, even if it comes at the cost of higher complexity and power consumption [32, p. 44]. According to the European Chips Act, this requires "a solid understanding of a chip's architecture" [32, p. 44].

Towards meeting these political demands, we explore ways to transfer the notion of explainability to the hardware domain. We first explore the root causes for the opaqueness of contemporary hardware. This opaqueness makes the hardware susceptible to malicious modifications that are hard to detect after manufacturing due to the complexity of the chips and the manufacturing processes involved. Thereby, we derive the necessity of hardware explainability to achieve explainability on the system level. To represent this necessity most clearly, we make use of a model [43, 58] that makes explicit how explainability can help satisfy peoples' different goals or interests. This model serves as a foundation for a hardware explainability framework that we introduce in Section 4.

## 3.1 Causes of Hardware Opaqueness

To understand why hardware is largely opaque today, it is worth taking a brief look at the history of hardware design. Since the invention of the transistor by Jack Kilby in 1958, technological progress has led to a steady increase in efficiency of ICs. While in the 1970s, hardware developers often had to design circuits by hand, today sophisticated Electronic Design Automation (EDA) toolchains take over [105]. In particular, the introduction of HDLs starting in the 1980s simplified the hardware design process, as they decouple logical design from the actual circuit, allowing for modular hardware designs. At the same time, shrinking transistor sizes enabled more complex and deeply integrated hardware systems, e. g., Systems on a Chip (SoCs), which are also less expensive to manufacture.

As another factor, vertical integration and globalization of the supply chain have fostered innovation in each step of the complex manufacturing processes. Meanwhile, these efforts have led to an oligopoly of a very few, highly specialized companies. In particular, the production of the most advanced ICs requires investments in the double-digit billions [88], which can only be raised by a few manufacturing companies such as Taiwan Semiconductor Manufacturing Company (TSMC) or Samsung that are typically subsidized by governments.

Over time, the players making up the globally distributed supply chain have built up know-how that gives them considerable advantages over new competitors. For example, Advanced Semiconductor Materials Lithography (ASML) Holding N.V. is the only company in the world that manufactures the machines needed for making leading-edge ICs. Designing and manufacturing a modern IC using such machines, which can cost up to 150 million USD a piece, requires up to 1500 processing steps and takes more than six months [32, p. 11].

While disruptive innovations in hardware manufacturing are shaping our everyday life, ICs are largely opaque to everyone involved today. This opaqueness or un-explainability is caused by the very same innovations which enabled the technological progress in the first place. Adopting the three types of opacity for ML algorithms suggested by Burrell [21], we now explore these causes for hardware opaqueness.

First, hardware is opaque to most people due to *technical illiteracy* [21], even to some experts. The ever-growing complexity and shrinking feature sizes make physical inspection and verification of manufactured integrated circuits a challenging task, mastered by only a few highly specialized companies or government agencies worldwide.

Second, modern synthesizers are based on efficient heuristic or even AI-based algorithms, which (for complex circuits) leads to different results for every synthesis run. This correlates to what Burrell calls *opacity characteristic of ML* [21].

Third, developers and manufacturers use obfuscation to protect their Intellectual Property (IP) and thus their investments, which relates to opacity as intentional *corporate secrecy* [21]. The situation is further complicated by conflicting interests of nation states: they demand openness of foreign hardware while striving to protect domestic systems from unauthorized access to the highest extent [17, 32].

#### 3.2 From System Explainability to a Definition of Hardware Explainability

In Section 3.1, we identified a diverse set of factors that make contemporary hardware mostly opaque. Interestingly, there have been parallel ongoing discussions in the AI community: modern AI systems are also considered opaque, despite the consequential societal impacts these systems could generate. Consequently, in recent years there have been growing discussions on Explainable AI (XAI), aiming to open up the black box of modern AI and make it understandable to different addressees [58, 78] to ensure properties like trust, accountability, and safety. The question now is to what extent the concept of explainability can be transferred to the hardware domain, with the analogous goal of making hardware understandable, to ensure similar properties.

If we consider hardware as part of a system, this transfer can take place quite straightforwardly. In fact, recent work has extended explainability from AI to software or even systems *holistically* [19, 20, 22, 55]. AI can exhibit a high degree of opacity—the same is true for the increasingly complex computing systems used today. Accordingly, researchers have emphasized the connection between explainability and understanding not only AI, but more general aspects of a system. Chazette et al. [22] cast this connection into a definition:

DEFINITION 1 (SYSTEM EXPLAINABILITY). A system S is explainable with respect to an aspect X of S relative to an addressee A in context C if and only if there is an entity E (the explainer) who, by giving a corpus of information I (the explanation of X), enables A to understand X of S in C.

In the definition above, the aspect X to be explained may well be the hardware, since it is a constituent—and, thus, certainly also an aspect—of a system S. With this finding, a glaring gap in prior research becomes apparent: To make a system *truly* explainable, its hardware components must be made explainable as well. Merely making an AI—or the software that implements it—explainable is not sufficient.

To the best of our knowledge, however, there is no prior research on the explainability of hardware, despite it being an essential constituent of systems. Furthermore, stakeholders' interests cannot be fully met if we only focus on explainability at the algorithmic level. To see why this is the case, let us consider *trustworthiness* again as one of the goals of explainability. Kästner et al. propose the following operationalization of trustworthiness for systems [49]:

DEFINITION 2 (TRUSTWORTHINESS). A system S is trustworthy to a stakeholder H in a context C if and only if

- (a) S works properly in C, and
- (b) H would be justified to believe that (a) if H came to believe that (a).

For a system to work properly and thus be trustworthy, we have to factor in all its constituents—software *and* hardware. Furthermore, to find out whether the hardware works properly—and be justified in believing that it does so—we need to understand how the hardware is composed and how it operates. That is where explainability comes into play according to Kästner et al. [49]: by means of explaining a certain aspect of the system (e.g., its hardware), the understanding of a stakeholder is facilitated, letting them justifiably judge whether this aspect works properly.

Against this background, we can define hardware explainability building on Definition 1:

DEFINITION 3 (HARDWARE EXPLAINABILITY). A piece of hardware W is explainable with respect to an aspect X of W relative to an addressee A in context C if and only if there is an entity E (the explainer) who, by giving a corpus of information I (the explanation of X), enables A to understand X of W in C.

#### 3.3 A Model of Explainability

As we have seen in the previous section, explainability promises to help facilitate trustworthiness. The same is true for various other desirable properties of systems, be it their debuggability, safety, security or the like. These desirable properties to be achieved by explainability are often referred to as *desiderata* [58, 64].

Coming back to the definition of explainability in the context of systems (see Definition 1), all desiderata are *downstream* goals. In other words, gaining an understanding of a system through explainability facilitates the satisfaction of a desideratum for a stakeholder. Langer et al. [58] and Hoffman et al. [43] propose similar models of this process (see Figure 1 for a simplified depiction). Founded in these models, we develop our framework for hardware explainability.



Fig. 1. A simplified version of the explainability models that Langer et al. [58] and Hofmann et al. [43] have proposed.

Roughly speaking, the models propose that explainability approaches (i. e., ways of achieving explainability) provide explanatory information to facilitate a stakeholder's understanding. This understanding, in turn, affects the satisfaction of certain desiderata, either directly or indirectly.

On the one hand, the relation is direct, when the satisfaction of a desideratum, by obtaining the explanatory information, is facilitated. On the other hand, the relation is indirect, when, with the help of the obtained explanatory information, the stakeholder can judge whether a desideratum is satisfied. In case the desideratum is not satisfied, the stakeholder can optimally initiate steps to counter this state. For example, when a system is not safe, more information about how it works, on its own, will not make the system safer. However, this information can be presented to stakeholders who can then improve the system such that it becomes safer (e.g., in the case of system designers) or steer away from unsafe systems (e.g., in the case of end users).

## 4 A FRAMEWORK FOR HARDWARE EXPLAINABILITY

Based on the model for explainability introduced in Section 3.3, we developed a framework of hardware explainability. The framework highlights the individual desiderata of the stakeholders interacting with a hardware-based system and how to achieve them using existing approaches from the hardware domain (see Figure 2 for a high-level illustration).



Fig. 2. Stakeholders want 1 desiderata and can use 2 explainability approaches that contribute to 3 them.

Through literature review, we identify relevant stakeholders (Section 4.1), desiderata (Section 4.2), and—in absence of established approaches to hardware explainability—unify existing methods and techniques from the hardware design and manufacturing domain under the notion of explainability (Section 4.3). Figure 3 presents an overview of the components included in our framework.

## 4.1 Stakeholder Ecosystem

Various stakeholders interact with a hardware-based system throughout its lifetime. Depending on their background, these stakeholders have individual desiderata concerning the explainability of hardware. To address these individual desiderata, we introduce stakeholder categories to classify entities that interact with the hardware by developing, manufacturing, integrating, regulating, or using it. These categories are adapted from existing work by Langer et al. [58] and Tomlinson et al. [99]: (*i*) designers, (*ii*) manufacturers, (*iii*) system integrators, (*iv*) policymakers and watchdogs, and (*v*) end users.<sup>1</sup> Below, we outline each stakeholder category as well as the interactions between the stakeholders and the system (see Figure 4). Having a clear understanding of the stakeholders, their relationships, and desiderata is a prerequisite for our analysis of existing methods and how they contribute to the explainability of hardware.

Designers. Hardware is specified and conceptualized by designers who describe the desired functionality in a highlevel language. A designer commonly has a good understanding of the hardware components they have worked on and

<sup>&</sup>lt;sup>1</sup>An entity (a person, company, organization, or government agency) may belong to multiple stakeholder categories at the same time.



Fig. 3. A compact overview of all stakeholder categories, explainability approaches, and desiderata considered in our framework.



Fig. 4. Stakeholder interactions among each other, with the hardware, and with the system as a whole.

the ones that their components are interacting with. However, especially for large designs, they have limited insights into the components that they have not been working on. Once completed, the design is passed on to the manufacturer that produces the actual hardware (i. e., the IC).

*Manufacturers*. Following design, the hardware must be produced using highly specialized tools and equipment. This step is performed by the *manufacturers*. A manufacturer may, for instance, be a fab run by TSMC or Samsung, two of the most advanced foundries world-wide. Manufacturers rarely have access to high-level descriptions of the hardware they produce—they only receive data such as circuit diagrams of already synthesized hardware designs.

System Integrators. An integrator takes hardware such as an IC and integrates it into a complete system together with other hardware and software components. Depending on the complexity of the final product, there may be different tiers of integrators along the value chain, each building upon the (sub)systems of the others to create increasingly complex systems such as cars or airplanes. Through data sheets and user manuals, system integrators have access to the specification of hardware components or subsystems, especially in terms of their functionality and connectivity. However, they usually do not know implementation details. This is because to compose a system, the integrator must primarily establish interactions between different hardware components and subsystems, which only requires a superficial understanding of these components.

Policymakers & Watchdogs. Policymakers set the legal framework in which a system operates by introducing laws and standards to which designers, manufacturers, and system integrators must adhere. While the legal framework is created by legislators in parliaments and governments, standards are commonly set by industry bodies and government agencies such as the Institute of Electrical and Electronics Engineers (IEEE), the National Institute of Standards and Technology (NIST) in the USA, or the Bundesamt für Sicherheit in der Informationstechnik (BSI) in Germany. Policymakers receive demands and concerns about existing or future legislation from industry and consumer groups, but have virtually no insight into the actual hardware or system. In addition, they must protect national interests, e. g., by introducing export control measures and securing critical infrastructure against foreign interference.

*Watchdogs* can be certification bodies that attest adherence to specific standards and norms. They also include government agencies with enforcement capabilities regarding non-conformity to existing legislation and patent or IP infringements. Therefore, such watchdogs may run their own analysis laboratories to conduct extensive analyses on a given hardware component or system. Watchdogs can, in addition, request detailed information on a device from the designers, manufacturers, or system integrators.

*End Users.* Following Tomlinson et al. [99], we define *end users* as *consumers* or *operators* of a system. A consumer directly uses the system such as a car or a smartphone. An operator (also called "deployer") offers a service that is directly dependent on the system. Examples of operators are railway operators and telecommunication providers.

Commonly, consumers know little about technical details of the system—including its hardware and software—and do not understand the relationships between its individual components. For example, an average consumer may know how to download and use apps for a smartphone, but they are unlikely to know about the existence of the ICs featured in their phone. An operator potentially has more insights into the general architecture as they need to be able to maintain and service the system, but still only on a high abstraction level.

## 4.2 Desiderata

The goals and purposes of explainability—also referred to as desiderata—strongly depend on the perspectives and requirements of the stakeholders involved. Depending on each stakeholder's viewpoint, some aspects of explainability may be more relevant than others. Below, we give a concise overview of the desiderata most relevant in the context of hardware explainability by adapting existing work on XAI and explainable software by Chazette et al. [22] and Langer et al. [58]. Our selection of desiderata is based on a literature review as well as expert knowledge.

*Safety.* Reliable and safe operation of hardware-based systems is crucial to prevent harm to people and businesses [37, 46, 101]. Failure of such systems can impact revenue or even lead to loss of life. Explainability can help identify and address physical safety hazards, by facilitating the understanding of how to operate a system in the right way.

Accountability. In the event of a system failure, attributing responsibility [56, 74] is crucial not only for legal reasons, but also to identify the failure's root cause and who is in charge of repairs. However, as systems become more complex, a responsibility gap has emerged [68, 86] as it becomes more difficult to assign responsibility. Explainability can restore responsibility by helping to understand an error, facilitating the assignment of fault to the parties involved.

*Debuggability.* Due to its growing complexity, modern hardware is increasingly hard to design and maintain. Hence, debuggability [87] of hardware is desirable to, e.g., identify, trace, and correct bugs in order to prevent potential hardware malfunction [97]. Explainability improves debuggability as additional information on a component or a system help developers identify and fix mistakes [1].

Legal Compliance. Laws and regulations provide a framework for all stakeholders to operate within [32]. An ever more versatile hardware market, increasing opaqueness of systems, and accelerating development cycles complicate verifying compliance with existing legislation. Explainability contributes to legal compliance by enabling stakeholders to investigate whether a system or hardware component meets legal requirements and standards.

*Security.* Given our society's increasing reliance on digital systems, exploitation of security vulnerabilities can undermine confidentiality, integrity, and availability of data [32, 48, 52, 62]. Therefore, it is critical to ensure security on all system levels, particularly hardware [97]. Explainability bridges the gap between perceived and actual security [82], helping users understand the actual security mechanisms in systems and adjust their behavior accordingly. Furthermore, explainability helps assess the security of hardware designs as well as products and warrant appropriate certifications.

*Verifiability.* In the presence of a globally distributed—and thereby opaque—hardware supply chain, verification of (parts of) a system is vital to check for the absence of unintended bugs or faults, test correct operations, and rule out targeted manipulations [41, 47, 63]. Explainability aids verifiability by making the inner workings of hardware components more comprehensible, making it easier to judge whether a system is working properly.

*Trustworthiness.* In the hardware domain, trustworthiness [32] is described as "the degree to which the security behavior of the [hardware] component is demonstrably compliant with its stated functionality" [16]. This aligns with the definition of trustworthy systems by Kästner et al. [49], see Definition 2: the hardware must (a) work properly and (b) come with the means to demonstrate that it is doing so. For the latter in particular, explainability is paramount as it provides stakeholders with the appropriate tools and resources to show that the hardware is functioning as intended.

*Trust.* While trustworthiness describes a property of a hardware-based system, trust is "the degree to which the user or a component depends on the trustworthiness of another component" [16]. Undertrust can result in users' interference with the system, thereby degrading efficiency, and overtrust may result in inadequate or even insecure system usage [42, 59, 80, 81]. Explainability allows stakeholders to appropriately calibrate their trust [43].

## 4.3 Leveraging Approaches from Hardware Design and Manufacturing for Explainability

In this section, we examine approaches currently employed in the hardware design and manufacturing processes with regard to their potential for enhancing hardware explainability. The intended purpose of the individual approaches varies—some address trustworthiness and security, whereas others enhance debuggability and verifiability. Furthermore, we illustrate where these existing approaches have their own limitations.

*Trusted Manufacturing.* In 2005, the US Defense Advanced Research Projects Agency (DARPA) proposed *trusted manufacturing* to prevent targeted manipulations in military-grade ICs by a malicious foundry [17]. Trusted manufacturing aims to retain the necessary manufacturing capabilities at domestic companies.

A variant of trusted manufacturing is *split manufacturing*, in which the most complex and advanced Complementary Metal–Oxide–Semiconductor (CMOS) manufacturing steps are outsourced to untrusted high-end facilities. The remaining steps, primarily the interconnect wiring of an IC, are conducted by a trusted foundry using older technologies [45, 85, 102]. The idea behind split manufacturing is that the untrusted entity cannot reconstruct the hardware design given only the limited information it is provided with.

Trusted manufacturing can be viewed as a hardware explainability approach. With respect to Definition 3, the explained aspect X of the hardware is its manufacturing process, and the information provided is that critical steps of this process have not been subjected to malicious manipulation by third parties.

Unfortunately, trusted manufacturing is expensive, as the investment cost for a modern foundry is high, while only a few advanced foundries are in demand worldwide. In addition, techniques such as split manufacturing can be error-prone if production processes are not precisely aligned.

Standards & Certifications. The first standards for machines were established in the 19th century to ensure operator safety. While the standardization process was traditionally dominated by the largest economies, today institutions such as the International Organization for Standardization (ISO) define global standards. Ideally, a new hardware standard is developed, refined, and implemented in close collaboration with industry stakeholders. Over the past decades, numerous standards have been established in the hardware and semiconductor sector. These standards include product certifications at various stages of the supply chain as well as site certifications, specifically for (trusted) foundries.

Standards and certifications facilitate explainability as conformity with a standard provides additional information on the hardware. The nature of that information depends on the scope of the standard, but can include design and manufacturing best practices, implementation details, and safety as well as security assertions.

While the concept of standards appears to have many benefits, standardization processes can often be lengthy and require a great deal of resource commitment (e.g., time, expertise, willingness to compromise) from all involved stakeholders. It is possible that standards will end up at the lowest common denominator of industry and policymakers, will not be properly executed or even be flawed [24, 95], or in the worst case, contain maliciously built-in backdoors [23].

Open Hardware. Today's commercial hardware systems are based on closed and proprietary IP. In contrast, open hardware strives for transparency throughout the supply chain. Open hardware in the context of ICs includes open-source

HDL implementations (e. g., OpenTitan [66], OpenRISC [27], OpenCores [77], or LibreCores [34]), EDA tools [4, 106], and manufacturing techniques [7, 72], many of which are united under the umbrella of the Chips Alliance [98].

Open hardware can facilitate explainability, as it is designed transparently such that it already provides information to help at least hardware experts understand its architecture. Furthermore, it allows for verification of tools and manufacturing processes and thereby evokes trust in the manufactured hardware, e.g., by assuring its security.

Limitations of open hardware include a possible lack of long-term support and funding: successful open hardware projects are often supported by and dependent on major corporations. There are also potential quality issues due to the superiority of proven proprietary EDA tools and technologies, as well as liability and warranty issues.

*Testing & Verification.* To evaluate the correctness of a hardware design or manufactured IC, both testing and verification are extensively used throughout the entire manufacturing process [36]. Early identification of bugs, faults, and defects is attempted by simulation [51, 73], testing [36, 67], and formal verification [5, 50, 57]. Both simulation and testing target the dynamic execution of the hardware and hence facilitate an understanding beyond just a static circuit description. Formal verification can provide guarantees on the equivalence of an implementation and its specification.

Testing and verification support explainability by providing information on passed (or failed) tests or verification procedures. The explained aspects are the properties that were tested or verified.

However, such techniques are limited in their applicability. Simulation and testing can only take into account a small subset of all possible inputs, hence some circuit states may never be reached [50]. Formal verification is computationally expensive such that it can only be applied to smaller subcircuits [50], but not to more complex designs such as advanced Central Processing Units (CPUs) or SoCs.

*Physical Analysis.* Invasive or even destructive physical analysis is used to verify the correctness of an IC and check for undesired information leakage. To rule out malicious modifications, a specialist can check whether the fabricated chip matches specification, design, or implementation files by performing hardware reverse engineering [11, 35, 100]. Furthermore, side-channel evaluation [3, 53, 54] and fault injection [8, 44, 107] are leveraged to detect or even provoke unintended runtime behavior, e.g., the leakage of protected data like cryptographic keys.

As it aims to make (parts of) an IC understandable, reverse engineering promotes explainability. The extent of this understanding depends on the goals of the reverse engineering efforts, but can reach up to a full high-level description of the entire circuit. Side-channel and fault analysis provide insights into the runtime behavior of an IC, e. g., by analyzing power consumption or electromagnetic emissions, and thereby extract information that facilitates understanding.

Reverse engineering is limited in applicability due to the associated costs, the required effort, and the fact that the analyzed IC is destroyed in the process. Just the equipment required to perform such analyses, e.g., an ion mill and a special-purpose Scanning Electron Microscope (SEM), can easily cost multiple million USD, not even taking into account the know-how required to operate the machines and investigate their outputs. Furthermore, running side-channel or fault injection attacks is always only a best-effort approach as full coverage of the entire attack space is infeasible.

## 5 APPLICATION OF THE HARDWARE EXPLAINABILITY FRAMEWORK

Having presented our hardware explainability framework, we now discuss its possible applications. On the one hand, our framework is suitable to determine which explainability approach a stakeholder needs to satisfy a desideratum of their choice. On the other hand, the framework can help determine what kind of novel explainability approach is required if no suitable method is available. Below, we showcase these two applications.

#### 5.1 Applying the Framework to Analyze Real-World Scenarios

Our framework lays the foundation for determining which explainability approach a stakeholder needs to satisfy a specific desideratum. To illustrate this point, we discuss the three examples presented in Section 1, referring to approaches that (if applied) might have helped mitigate the issues at stake. We also reflect on limitations of the approaches, highlighting how they may fall short in addressing the desiderata for certain stakeholders. Our suggestions should be interpreted as preliminary ideas that need to be empirically verified in future work.

In the VW engine manipulation case, open hardware could have ensured accountability, legal compliance, and trust for policymakers and watchdogs. With information obtained by analyzing open hardware designs, members of this stakeholder class could have gained a sufficient understanding to notice and prevent malicious tampering. However, open hardware would most likely fail to address the need for explainability among end users as they generally do not have the expertise to understand the technical details of the system even when they are made transparent. Even worse, standards and certifications as well as testing and verification were actively circumvented and outsmarted by VW [28].

Concerning the crashes of two Boeing 737 MAX planes in 2019 and 2020, proper testing procedures and rigorous certification processes could have mitigated safety concerns and ensured legal compliance. If sufficient efforts of testing and verification had been performed in advance, the airplane operator could have obtained insights into the status of hardware components and assess the risks of malfunctioning. In this case, authorities did not enforce the required level of explainability, which ultimately resulted in fatalities. However, there seems to be an explainability gap for end users as well in this case: none of the existing approaches works to unpack the technical details of a complex system like an aircraft in a format suitable for end users, such that these can be (re-)assured of the aircraft's safety.

Lastly, in the case of hardware-based camera indicators, whether the indicator indeed fulfills its privacy promise (i. e., there is no covert data collection when the LED light is off) can be ensured through physical analysis by experts such as watchdogs or system integrators. Here, the recovery and analysis of circuit schematics facilitates an understanding of the employed hardware and thereby supports satisfaction of the respective desiderata. While end users lack the equipment and expertise to apply physical analysis, knowing that the hardware conforms with certifications can be a first step for them to get assurance and build trust.

A unifying theme among the examples above is that end users' need for explainability and the various associated desiderata are potentially not fulfilled in most cases. A possible reason is that the approaches we summarize in our framework—as techniques from hardware design and manufacturing—do not have end users as the target audience.

The second application of our framework is exactly for such cases, that is, to find out what kind of novel explainability approach is required if it turns out that there is no suitable method available. With this idea, we follow Langer et al. [58] and Belle and Papantonis [15], who assume that certain properties of explainability approaches can guide which approach is required for a specific aim. To use this idea, we transfer existing findings from XAI to hardware explainability.

#### 5.2 Transferring Basic Concepts From XAI to Hardware Explainability

In particular, we discuss how properties of XAI methods can be transferred to classify hardware explainability methods. For this, we leverage the comprehensive review by Speith [96], which classifies existing approaches and surveys the most relevant terminology in XAI. According to Speith, approaches that facilitate the understanding of AI systems can be classified by the *stage* at which they are applied, their *applicability* to different models, and their *scope*.

*Stage.* In XAI, there is a distinction between directly training explainable AI models (*ante-hoc explainability*) and explaining an opaque model after training (*post-hoc explainability*) [1, 9, 10, 15, 58, 94, 96]. We could similarly categorize

hardware explainability approaches. Those approaches that take explainability into account from the very beginning of the hardware design and manufacturing process facilitate *ante-hoc hardware explainability* (e.g., open hardware and trusted manufacturing). Approaches such as physical analysis strive to explain already manufactured hardware, hence attempting to achieve *post-hoc hardware explainability*. For other approaches such as standards and certifications or testing and verification, this distinction is not as clear. For example, standard and certification requirements may have ante-hoc effects on hardware explainability by influencing early design stages, but post-hoc effects as well due to the downstream certification process.

Applicability. Furthermore, explainability approaches for AI are distinguished by their applicability. Approaches that are specific only to certain kinds of AI models are referred to as *model-specific* while those that apply to AI models more generally, independent of their internal architecture, are called *model-agnostic* [38, 39, 58, 89, 94, 96]. In XAI, this differentiation is only applied to post-hoc explainability approaches. However, for hardware explainability it makes sense to consider the applicability of ante-hoc approaches as well. For example, trusted manufacturing (especially split manufacturing) may not be applicable to all hardware architectures and technologies and must thereby be considered *hardware-specific*, while open hardware is rather *hardware-agnostic*. Some post-hoc approaches such as testing and verification or physical analysis are largely dependent on the specific type of hardware and hence should be considered hardware-specific, while others such as standards and certifications can be applied independently of the hardware type and are therefore hardware-agnostic.

*Scope.* In XAI, explainability approaches can be applied *locally* or *globally*, i. e., only for a single prediction of a model or for the model in its entirety [39, 58, 89, 94, 96]. Again, this notion can be adapted to hardware explainability. Approaches facilitating the explainability of a single piece of hardware, e. g., a chip, can be considered local, while those that target the hardware architecture may be referred to as global. Local approaches include physical analysis as well as testing and verification, since their goal is to gain insights into a specific piece of hardware and are highly dependent on the properties of that target. Trusted manufacturing, open hardware, and standards and certifications are considered global as they influence the design and manufacturing process rather than the hardware itself and thereby affect not just a single piece of hardware.

## 5.3 Identifying Directions for Novel Approaches

With these concepts in place, we now illustrate our framework's second possible application by identifying directions for new approaches benefiting end users: if the goal is to make hardware understandable to end users (so that the potential explainability gaps identified in Section 5.1 are closed), what would new approaches look like?

Let us assume that safety is the primary desideratum of interest to end users. Drawing on the transferred concepts (Section 5.2), we anticipate that a hardware-agnostic, post-hoc, and global approach could be the best kind of explainability approach for end users. End users might struggle to make sense of a hardware component's architecture, thus ante-hoc approaches that aim to make them more accessible will likely miss their goal. For a similar reason, hardware-agnostic approaches may be more effective for end users, as they do not require expert knowledge and are not tied to specific hardware architectures. Finally, global approaches to hardware explainability are expected to be more useful for end users, who are typically not interested in the properties of individual components.

An explainability approach that fulfills these criteria could be hardware labels similar to those on foods and beverages. Inspiration for the criteria depicted on these labels could be drawn from standards and norms such as ISO 26262 [33] and IEC 61508 [18] for hardware safety, FIPS PUB 140-3 [75] for hardware security, and privacy and security labels for IoT devices [71] and smartphone apps [29]. These labels could provide end users with the necessary and comprehensible information to facilitate their understanding of a hardware-based system. This, in turn, affects the satisfaction of their safety desideratum by empowering end users to make justified decisions for or against a system's use.

## 6 LIMITATIONS AND FUTURE WORK

The exploration of hardware explainability offers great potential for rendering hardware more comprehensible to all stakeholders. However, it is a complex and multifaceted subject that cannot be fully addressed in a single publication. In this section, we discuss the limitations of our work and propose possible directions for future research.

*Choice of Framework Components.* While our framework (see Section 4) provides a novel and comprehensive approach to hardware explainability, the components we selected for stakeholders, desiderata, and explainability approaches may not encompass the entire hardware landscape. We leveraged prior work to cover a wide range of components, transferring and compiling ideas from various fields. For instance, many of the explainability approaches have their roots in the hardware manufacturing domain, but possess the potential to serve a wide range of explainability needs. As technology and explainability-related debates evolve, we anticipate the need for further refinement and expansion of our framework components, emphasizing the significance of continued research in this area.

*Evaluating the Framework's Effectiveness.* We applied our hardware explainability framework to three examples, discussing the promises as well as limitations for existing approaches to tackle the desiderata at stake, see Section 5.1. However, to truly understand each approach's practical effectiveness, empirical studies, such as surveys or stakeholder interviews, are needed. Such studies should evaluate the suitability of the selected explainability approaches in meeting the desiderata of each stakeholder. Additionally, the evaluation process may bring forth novel explainability approaches.

*Insights from XAI.* We focused on reviewing basic concepts in XAI and transferred them to explainable hardware, see Section 5.2. However, there are other advanced concepts and classifications that are discussed in XAI literature, e.g., in the work of Schwalbe and Finzel [91], Sokol and Flach [94], and Speith [96]. Future research could further evaluate and adapt existing XAI research to develop new explainability approaches.

*Trade-Offs.* Analogous to similar debates in XAI [103], disclosure of hardware designs and layouts may result in major revenue losses, as hardware Intellectual Property (IP) is a billion-dollar market. Open hardware, for example, may require companies to sacrifice profits in the interest of explainability. However, greater explainability does not necessarily require IP disclosure. Other options, such as trusted manufacturing or standards and certifications can provide explainability without revealing proprietary information.

The trade-off between performance and explainability is an intensely discussed challenge in the field of XAI [90]. In order for AI systems to become explainable, additional resources may be required, which can potentially reduce the overall performance of the system [6, 40]. In the context of hardware, this trade-off can even be more pronounced, as open-source hardware often lags behind the performance of proprietary ICs manufactured using state-of-the-art processes. Moreover, efforts to simplify hardware designs to enhance explainability can sometimes result in reduced performance, as evidenced by certain countermeasures for hardware security vulnerabilities [84]. However, it is important to note that explainability approaches such as physical analysis or testing and verification do not impact the performance of the hardware as they do not interfere with the design. Future versions of our framework could take such trade-offs into account and thus enable fine calibration of the approaches.

## 7 CONCLUSION

In this work, we introduced the concept of *explainable hardware*, which is crucial to achieve explainability on system level. Based on models from XAI, we have developed a framework for hardware explainability that considers the perspectives of different *stakeholders*, their *desiderata*, and existing *explainability approaches* from the hardware design and manufacturing domain. Finally, we reflected on limitations of our research and identified future research directions.

We present hardware explainability as a new and important area of research. Future work could draw on literature and empirical methods to refine existing approaches and develop novel approaches for hardware explainability, with an emphasis on addressing the needs of underrepresented stakeholders. Explainable hardware paves the way for holistically explainable systems that can become an important building block for a self-determined modern digital society.

#### ACKNOWLEDGMENTS

Work on this paper was funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy—EXC 2092 CASA—390781972, through the DFG grant 389792660 as part of TRR 248, and by the Volkswagen Foundation grants AZ 98509 and AZ 98514 "Explainable Intelligent Systems" (EIS). The Volkswagen Foundation and the DFG had no role in preparation, review, or approval of the manuscript; or the decision to submit the manuscript for publication. The authors declare no other financial interests.

#### REFERENCES

- Amina Adadi and Mohammed Berrada. 2018. Peeking Inside the Black-Box: A Survey on Explainable Artificial Intelligence (XAI). IEEE Access 6 (2018), 52138–52160. https://doi.org/10.1109/ACCESS.2018.2870052
- [2] Sally Adee. 2008. The Hunt For The Kill Switch. IEEE Spectrum 45, 5 (2008), 34-39. https://doi.org/10.1109/MSPEC.2008.4505310
- [3] Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi. 2002. The EM Side-Channel(s). In Cryptographic Hardware and Embedded Systems – 4th International Workshop (Redwood Shores, California, USA) (Lecture Notes in Computer Science, Vol. 2523), Burton S. Kaliski, Çetin K. Koç, and Christof Paar (Eds.). Springer, Berlin/Heidelberg, Germany, 29–45. https://doi.org/10.1007/3-540-36400-5\_4
- [4] Tutu Ajayi, David Blaauw, Tuck-Boon Chan, C.-K. Cheng, Viren Chhabria, D. K. Choo, M. Coltella, Ronald G. Dreslinski, Mateus Fogaça, S. Mehdi Hashemi, A. A. Ibrahim, Andrew B. Kahng, M. Kim, J. Li, Z. Liang, Uday Mallappa, Paul I. Pénzes, Geraldo Pradipta, Sherief Reda, Austin Rovinski, Kambiz Samadi, Sachin S. Sapatnekar, Lawrence Saul, Carl Sechen, Vaishnav Srinivas, William Swartz, Dennis Sylvester, D. Urquhart, L Wang, Mingyu Woo, and B. Xu. 2019. OpenROAD: Toward a Self-Driving, Open-Source Digital Layout Implementation Tool Chain. In *Proceedings of Government Microcircuit Applications and Critical Technology Conference* (Albuquerque, New Mexico, USA). National Science Foundation, Alexandria, VA, USA, 6 pages. https://par.nsf.gov/servlets/purl/10171024
- [5] Matthias Althoff, Soner Yaldiz, Akshay Rajhans, Xin Li, Bruce H. Krogh, and Larry T. Pileggi. 2011. Formal verification of phase-locked loops using reachability analysis and continuization. In 2011 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2011, San Jose, California, USA, November 7-10, 2011, Joel R. Phillips, Alan J. Hu, and Helmut Graeb (Eds.). IEEE, Piscataway, NJ, USA, 659–666. https://doi.org/10.1109/ ICCAD.2011.6105400
- [6] Plamen P. Angelov, Eduardo A. Soares, Richard Jiang, Nicholas I. Arnold, and Peter M. Atkinson. 2021. Explainable artificial intelligence: an analytical review. WIREs Data Mining Knowl. Discov. 11, 5, Article e1424 (2021), 13 pages. https://doi.org/10.1002/widm.1424
- [7] Tim Ansell. 2020. SkyWater Open Source PDK. https://github.com/google/skywater-pdk
- [8] Lörinc Antoni, Régis Leveugle, and Béla Fehér. 2000. Using Run-Time Reconfiguration for Fault Injection in Hardware Prototypes. In 15th IEEE International Symposium on Defect and Fault-Tolerance in VLSI Systems (DFT 2000), 25-27 October 2000, Yamanashi, Japan, Proceedings. IEEE, Piscataway, NJ, USA, 405–413. https://doi.org/10.1109/DFTVS.2000.887181
- [9] Alejandro Barredo Arrieta, Natalia Díaz Rodríguez, Javier Del Ser, Adrien Bennetot, Siham Tabik, Alberto Barbado, Salvador García, Sergio Gil-Lopez, Daniel Molina, Richard Benjamins, Raja Chatila, and Francisco Herrera. 2020. Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI. Inf. Fusion 58 (2020), 82–115. https://doi.org/10.1016/j.inffus.2019.12.012
- [10] Vijay Arya, Rachel K. E. Bellamy, Pin-Yu Chen, Amit Dhurandhar, Michael Hind, Samuel C. Hoffman, Stephanie Houde, Q. Vera Liao, Ronny Luss, Aleksandra Mojsilović, Sami Mourad, Pablo Pedemonte, Ramya Raghavendra, John T. Richards, Prasanna Sattigeri, Karthikeyan Shanmugam, Moninder Singh, Kush R. Varshney, Dennis Wei, and Yunfeng Zhang. 2019. One Explanation Does Not Fit All: A Toolkit and Taxonomy of AI Explainability Techniques. arXiv:1909.03012
- [11] Leonid Azriel, Julian Speith, Nils Albartus, Ran Ginosar, Avi Mendelson, and Christof Paar. 2021. A survey of algorithmic methods in IC reverse engineering. J. Cryptogr. Eng. 11, 3 (2021), 299–315. https://doi.org/10.1007/s13389-021-00268-5

- [12] Gilles Barthe, Pedro R. D'Argenio, Bernd Finkbeiner, and Holger Hermanns. 2016. Facets of Software Doping. In Proceedings of the 7th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (Lecture Notes in Computer Science, Vol. 9953), Tiziana Margaria and Bernhard Steffen (Eds.). Springer International Publishing, Cham, Switzerland, 601–608. https://doi.org/10.1007/978-3-319-47169-3\_46
- [13] Kevin Baum. 2016. What the Hack is Wrong with Software Doping?. In Proceedings of the 7th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (Lecture Notes in Computer Science, Vol. 9953), Tiziana Margaria and Bernhard Steffen (Eds.). Springer International Publishing, Cham, Switzerland, 633–647. https://doi.org/10.1007/978-3-319-47169-3\_49
- [14] Georg T. Becker, Francesco Regazzoni, Christof Paar, and Wayne P. Burleson. 2013. Stealthy Dopant-Level Hardware Trojans. In Cryptographic Hardware and Embedded Systems - CHES 2013 - 15th International Workshop, Santa Barbara, CA, USA, August 20-23, 2013. Proceedings (Lecture Notes in Computer Science, Vol. 8086), Guido Bertoni and Jean-Sébastien Coron (Eds.). Springer, Berlin/Heidelberg, Germany, 197–214. https: //doi.org/10.1007/978-3-642-40349-1\_12
- [15] Vaishak Belle and Ioannis Papantonis. 2021. Principles and Practice of Explainable Machine Learning. Frontiers Big Data 4 (2021), 688969. https://doi.org/10.3389/fdata.2021.688969
- [16] Terry V Benzel, Cynthia E Irvine, Timothy E Levin, Ganesha Bhaskara, Thuy D Nguyen, and Paul C Clark. 2005. Design principles for security. Technical Report. NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE.
- [17] Defense Science Board. 2005. Report of the Defense Science Board Task Force on High Performance Microchip Supply. Technical Report. Office of the Under Secretary of Defense. https://dsb.cto.mil/reports/2000s/ADA435563.pdf
- [18] Simon Brown. 2000. Overview of IEC 61508 Design of electrical/electronic/programmable electronic safety-related systems. Computing and Control Engineering Journal 11, 1 (2000), 6–12.
- [19] Wasja Brunotte, Larissa Chazette, Verena Klös, Eric Knauss, Timo Speith, and Andreas Vogelsang. 2021. Welcome to the First International Workshop on Requirements Engineering for Explainable Systems (RE4ES). In IEEE 29th International Requirements Engineering Conference Workshops (REW). IEEE, Piscataway, NJ, USA, 157–158.
- [20] Wasja Brunotte, Larissa Chazette, Verena Klös, and Timo Speith. 2022. Quo Vadis, Explainability? A Research Roadmap for Explainability Engineering. In *Requirements Engineering: Foundation for Software Quality*, Vincenzo Gervasi and Andreas Vogelsang (Eds.). Springer International Publishing, Cham, CH, 26–32. https://doi.org/10.1007/978-3-030-98464-9\_3
- [21] Jenna Burrell. 2016. How the machine 'thinks': Understanding opacity in machine learning algorithms. Big Data & Society 3, 1 (2016), 2053951715622512. https://doi.org/10.1177/2053951715622512
- [22] Larissa Chazette, Wasja Brunotte, and Timo Speith. 2021. Exploring Explainability: A Definition, a Model, and a Knowledge Catalogue. In Proceedings of the 29th IEEE International Requirements Engineering Conference (South Bend, Indiana, USA) (RE 2021), Jane Cleland-Huang, Ana Moreira, Kurt Schneider, and Michael Vierhauser (Eds.). IEEE, Piscataway, NJ, USA, 197–208. https://doi.org/10.1109/RE51729.2021.00025
- [23] Stephen Checkoway, Ruben Niederhagen, Adam Everspaugh, Matthew Green, Tanja Lange, Thomas Ristenpart, Daniel J. Bernstein, Jake Maskiewicz, Hovav Shacham, and Matthew Fredrikson. 2014. On the Practical Exploitability of Dual EC in TLS Implementations. In Proceedings of the 23rd USENIX Security Symposium (San Diego, CA, USA) (USENIX Security 2014), Kevin Fu and Jaeyeon Jung (Eds.). USENIX Association, Berkeley, CA, USA, 319–335. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/checkoway
- [24] Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic Forte, and Mark M. Tehranipoor. 2017. Standardizing Bad Cryptographic Practice: A Teardown of the IEEE Standard for Protecting Electronic-design Intellectual Property. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, Bhavani Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). Association for Computing Machinery, New York, NY, USA, 1533–1546. https://doi.org/10.1145/3133956.3134040
- [25] Don Clark. 2021. The Tech Cold War's 'Most Complicated Machine' That's Out of China's Reach. The New York Times. https://www.nytimes.com/ 2021/07/04/technology/tech-cold-war-chips.html
- [26] Joseph Clements and Yingjie Lao. 2018. Hardware Trojan Attacks on Neural Networks. arXiv:1806.05768
- [27] OpenRISC Community. 2018. OpenRISC. https://openrisc.io/
- [28] Moritz Contag, Vector Guo Li, Andre Pawlowski, Felix Domke, Kirill Levchenko, Thorsten Holz, and Stefan Savage. 2017. How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles. In 2017 IEEE Symposium on Security and Privacy, SP 2017. IEEE Computer Society, San Jose, CA, USA, 231–250. https://doi.org/10.1109/SP.2017.66
- [29] Lorrie Faith Cranor. 2022. Mobile-app privacy nutrition labels missing key ingredients for success. Commun. ACM 65, 11 (2022), 26–28. https://doi.org/10.1145/3563967
- [30] Bruno Silveira Cruz and Murillo de Oliveira Dias. 2020. Crashed boeing 737-Max: fatalities or malpractice. GSJ 8, 1 (2020), 2615–2624.
- [31] Pedro R. D'Argenio, Gilles Barthe, Sebastian Biewer, Bernd Finkbeiner, and Holger Hermanns. 2017. Is Your Software on Dope? Formal Analysis of Surreptitiously "Enhanced" Programs. In Proceedings of the 26th European Symposium on Programming (Lecture Notes in Computer Science, Vol. 10201). Springer, Berlin/Heidelberg, Germany, 83–110. https://doi.org/10.1007/978-3-662-54434-1\_4
- [32] European Comission. 2022. A Chips Act for Europe Comission Staff Working Document. https://digital-strategy.ec.europa.eu/en/library/europeanchips-act-staff-working-document
- [33] International Organization for Standardization. 2018. Road vehicles Functional safety Part 11: Guidelines on application of ISO 26262 to semiconductors. https://www.iso.org/obp/ui/#iso:std:iso:26262:-11:ed-1:v1:en
- [34] The Free and Open Source Silicon Foundation. 2018. LibreCores. https://www.librecores.org/

- [35] Marc Fyrbiak, Sebastian Strauss, Christian Kison, Sebastian Wallat, Malte Elson, Nikol Rummel, and Christof Paar. 2017. Hardware reverse engineering: Overview and open challenges. In IEEE 2nd International Verification and Security Workshop, IVSW 2017, Thessaloniki, Greece, July 3-5, 2017. IEEE, Piscataway, NJ, USA, 88–94. https://doi.org/10.1109/IVSW.2017.8031550
- [36] Randall L. Geiger, Phillip E. Allen, and Noel R. Strader. 1990. VLSI Design Techniques for Analog and Digital Circuits. McGraw-Hill Publishing Company, New York, NY, USA.
- [37] Tomás Grimm, Djones Lettnin, and Michael Hübner. 2018. A survey on formal verification techniques for safety-critical systems-on-chip. *Electronics* 7, 6 (2018), 81.
- [38] Riccardo Guidotti, Anna Monreale, Dino Pedreschi, and Fosca Giannotti. 2021. Principles of Explainable Artificial Intelligence. In Explainable AI Within the Digital Transformation and Cyber Physical Systems: XAI Methods and Applications, Moamar Sayed-Mouchaweh (Ed.). Springer International Publishing, Cham, CH, Chapter 2, 9–31. https://doi.org/10.1007/978-3-030-76409-8\_2
- [39] Riccardo Guidotti, Anna Monreale, Salvatore Ruggieri, Franco Turini, Fosca Giannotti, and Dino Pedreschi. 2019. A Survey of Methods for Explaining Black Box Models. Comput. Surveys 51, 5, Article 93 (2019), 42 pages. https://doi.org/10.1145/3236009
- [40] David Gunning and David W. Aha. 2019. DARPA's Explainable Artificial Intelligence (XAI) Program. AI Mag. 40, 2 (2019), 44–58. https: //doi.org/10.1609/aimag.v40i2.2850
- [41] Aarti Gupta. 1992. Formal Hardware Verification Methods: A Survey. Formal Methods Syst. Des. 1, 2/3 (1992), 151–238. https://doi.org/10.1007/ BF00121125
- [42] Kevin Anthony Hoff and Masooda Bashir. 2014. Trust in Automation. Human Factors 57, 3 (2014), 407–434. https://doi.org/10.1177/0018720814547570
- [43] Robert R. Hoffman, Shane T. Mueller, Gary Klein, and Jordan Litman. 2018. Metrics for Explainable AI: Challenges and Prospects. arXiv:1812.04608
  [44] Mei-Chen Hsueh, Timothy K. Tsai, and Ravishankar K. Iyer. 1997. Fault Injection Techniques and Tools. *Computer* 30, 4 (1997), 75–82. https:
- //doi.org/10.1109/2.585157
- [45] Frank Imeson, Ariq Emtenan, Siddharth Garg, and Mahesh V. Tripunitara. 2013. Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation. In *Proceedings of the 22nd USENIX Security Symposium* (Washington, District of Columbia, USA) (USENIX Security 2013), Samuel T. King (Ed.). USENIX Association, Berkeley, CA, USA, 495–510. https://www.usenix.org/conference/ usenixsecurity13/technical-sessions/presentation/imeson
- [46] Seo-Hyun Jeon, Jin-Hee Cho, Yangjae Jung, Sachoun Park, and Tae-Man Han. 2011. Automotive Hardware Development According to ISO 26262. In Proceedings of the 13th International Conference on Advanced Communication Technology (Gangwon, Republic of Korea). IEEE, 588–592.
- [47] Niraj K. Jha and Sandeep Gupta. 2002. Testing of Digital Systems. Cambridge University Press, USA.
- [48] Ramesh Karri, Jeyavijayan Rajendran, Kurt Rosenfeld, and Mohammad Tehranipoor. 2010. Trustworthy Hardware: Identifying and Classifying Hardware Trojans. Computer 43, 10 (2010), 39–46. https://doi.org/10.1109/MC.2010.299
- [49] Lena Kästner, Markus Langer, Veronika Lazar, Astrid Schomäcker, Timo Speith, and Sarah Sterz. 2021. On the Relation of Trust and Explainability: Why to Engineer for Trustworthiness. In Proceedings of the 29th IEEE International Requirements Engineering Conference Workshops (Notre Dame, Indiana, USA) (REW 2021), Tao Yue and Mehdi Mirakhorli (Eds.). IEEE, Piscataway, NJ, USA, 169–175. https://doi.org/10.1109/REW53955.2021.00031
- [50] Christoph Kern and Mark R. Greenstreet. 1999. Formal verification in hardware design: a survey. ACM Trans. Design Autom. Electr. Syst. 4, 2 (1999), 123–193. https://doi.org/10.1145/307988.307989
- [51] Jack P. C. Kleijnen. 1999. Validation of models: statistical techniques and data availability. In Proceedings of the 31st conference on Winter simulation: Simulation - a bridge to the future (Phoenix, Arizona, USA) (WSC 1999, Vol. 1), Phillip A. Farrington, Harriet Black Nembhard, David T. Sturrock, and Gerald W. Evans (Eds.). WSC, Geneva, CH, 647–654. https://doi.org/10.1109/WSC.1999.823147
- [52] Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19-23, 2019. IEEE, Piscataway, NJ, USA, 1–19. https://doi.org/10.1109/SP.2019.00002
- [53] Paul C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Advances in Cryptology CRYPTO '96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18-22, 1996, Proceedings (Lecture Notes in Computer Science, Vol. 1109), Neal Koblitz (Ed.). Springer, Berlin/Heidelberg, Germany, 104–113. https://doi.org/10.1007/3-540-68697-5\_9
- [54] Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In Advances in Cryptology CRYPTO '99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999, Proceedings (Lecture Notes in Computer Science, Vol. 1666), Michael J. Wiener (Ed.). Springer, Berlin/Heidelberg, Germany, 388–397. https://doi.org/10.1007/3-540-48405-1\_25
- [55] Maximilian A. Köhl, Kevin Baum, Dimitri Bohlender, Markus Langer, Daniel Oster, and Timo Speith. 2019. Explainability as a Non-Functional Requirement. In IEEE 27th International Requirements Engineering Conference (Jeju Island, Republic of Korea) (RE 2019), Daniela E. Damian, Anna Perini, and Seok-Won Lee (Eds.). IEEE, Piscataway, NJ, USA, 363–368. https://doi.org/10.1109/RE.2019.00046
- [56] Joshua A. Kroll. 2021. Outlining Traceability: A Principle for Operationalizing Accountability in Computing Systems. In FAccT '21: 2021 ACM Conference on Fairness, Accountability, and Transparency, Virtual Event / Toronto, Canada, March 3-10, 2021, Madeleine Clare Elish, William Isaac, and Richard S. Zemel (Eds.). Association for Computing Machinery, New York, NY, USA, 758–771. https://doi.org/10.1145/3442188.3445937
- [57] Andreas Kuehlmann, Arvind Srinivasan, and David P. LaPotin. 1995. Verity A formal verification program for custom CMOS circuits. IBM J. Res. Dev. 39, 1-2 (1995), 149–166. https://doi.org/10.1147/rd.391.0149
- [58] Markus Langer, Daniel Oster, Timo Speith, Holger Hermanns, Lena Kästner, Eva Schmidt, Andreas Sesing, and Kevin Baum. 2021. What Do We Want From Explainable Artificial Intelligence (XAI)? – A Stakeholder Perspective on XAI and a Conceptual Model Guiding Interdisciplinary XAI

Research. Articifial Intelligence 296, Article 103473 (2021), 24 pages. https://doi.org/10.1016/j.artint.2021.103473

- [59] John D. Lee and Katrina A. See. 2004. Trust in Automation: Designing for Appropriate Reliance. Human Factors 46, 1 (2004), 50–80. https: //doi.org/10.1518/hfes.46.1.50 30392
- [60] Bruno Lepri, Nuria Oliver, Emmanuel Letouzé, Alex Pentland, and Patrick Vinck. 2018. Fair, Transparent, and Accountable Algorithmic Decision-Making Processes. Philosophy & Technology 31, 4 (2018), 611–627. https://doi.org/10.1007/s13347-017-0279-x
- [61] Wenshuo Li, Jincheng Yu, Xuefei Ning, Pengjun Wang, Qi Wei, Yu Wang, and Huazhong Yang. 2018. Hu-Fu: Hardware and Software Collaborative Attack Framework Against Neural Networks. In 2018 IEEE Computer Society Annual Symposium on VLSI, ISVLSI 2018, Hong Kong, China, July 8-11, 2018. IEEE, Piscataway, NJ, USA, 482–487. https://doi.org/10.1109/ISVLSI.2018.00093
- [62] Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In Proceedings of the 27th USENIX Security Symposium (USENIX Security 2018), William Enck and Adrienne Porter Felt (Eds.). USENIX Association, Berkeley, CA, USA, 973–990. https://www.usenix.org/conference/usenixsecurity18/presentation/lipp
- [63] Bernhard Lippmann, Niklas Unverricht, Aayush Singla, Matthias Ludwig, Michael Werner, Peter Egger, Anja Dübotzky, Helmut Gräb, Horst A. Gieser, Martin Rasche, and Oliver Kellermann. 2020. Verification of physical designs using an integrated reverse engineering flow for nanoscale technologies. *Integr.* 71 (2020), 11–29. https://doi.org/10.1016/j.vlsi.2019.11.005
- [64] Zachary C. Lipton. 2018. The Mythos of Model Interpretability. ACM Queue 16, 3 (2018), 30. https://doi.org/10.1145/3236386.3241340
- [65] Yannan Liu, Lingxiao Wei, Bo Luo, and Qiang Xu. 2017. Fault injection attack on deep neural network. In 2017 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2017, Irvine, CA, USA, November 13-16, 2017, Sri Parameswaran (Ed.). IEEE, Piscataway, NJ, USA, 131–138. https://doi.org/10.1109/ICCAD.2017.8203770
- [66] lowRISC CIC. 2019. OpenTitan. https://opentitan.org/
- [67] Wojciech Maly. 1987. Realistic Fault Modeling for VLSI Testing. In Proceedings of the 24th ACM/IEEE Design Automation Conference. Miami Beach, FL, USA, June 28 - July 1, 1987, A. O'Neill and D. Thomas (Eds.). Association for Computing Machinery, New York, NY, USA, 173–180. https://doi.org/10.1145/37888.37914
- [68] Andreas Matthias. 2004. The responsibility gap: Ascribing responsibility for the actions of learning automata. Ethics and information technology 6, 3 (2004), 175–183. https://doi.org/10.1007/s10676-004-3422-1
- [69] Brent Daniel Mittelstadt, Patrick Allo, Mariarosaria Taddeo, Sandra Wachter, and Luciano Floridi. 2016. The Ethics of Algorithms: Mapping the Debate. Big Data & Society 3, 2 (2016), 1–21. https://doi.org/10.1177/2053951716679679
- [70] Paul Mozur, John Liu, and Raymond Zhong. 2022. 'The Eye of the Storm': Taiwan Is Caught in a Great Game Over Microchips. The New York Times. https://www.nytimes.com/2022/08/29/technology/taiwan-chips.html
- [71] Pardis Emami Naeini, Yuvraj Agarwal, Lorrie Faith Cranor, and Hanan Hibshi. 2020. Ask the Experts: What Should Be on an IoT Privacy and Security Label?. In 2020 IEEE Symposium on Security and Privacy, SP 2020. IEEE, San Francisco, CA, USA, 447–464. https://doi.org/10.1109/SP40000.2020.00043
- [72] Inc. Nangate. 2014. FreePDK15 Open Cell Library. https://si2.org/open-cell-library/
- [73] Nirupama Nayani and Mansooreh Mollaghasemi. 1998. Validation and Verification of the Simulation Model of a Photolithography Process in Semiconductor Manufacturing. In Proceedings of the 30th conference on Winter simulation, WSC 1998, Washington DC, USA, December 13-16, 1998, Deborah J. Medeiros, Edward F. Watson, John S. Carson II, and Mani S. Manivannan (Eds.). WSC, Geneva, CH, 1017–1022. https: //doi.org/10.1109/WSC.1998.745835
- [74] Helen Nissenbaum. 2020. Computing and accountability. In The Ethics of Information Technologies. Routledge, London, UK, 351-358.
- [75] National Institute of Standards and Technology. 2019. FIPS PUB 140-3 Security Requirements for Cryptographic Modules. https://doi.org/10. 6028/NIST.FIPS.140-3
- [76] United States District Court Southern District of Texas. 2010. United States of America vs. Ehab Ashoor. No. 10-20354 (5th Cir. Apr. 29, 2011). https://assets.bwbx.io/documents/users/iqjWHBFdfxIU/r9dKMMM0Gi5I/v0
- [77] Oliscience. 1999. OpenCores. https://opencores.org/
- [78] Andrés Páez. 2019. The Pragmatic Turn in Explainable Artificial Intelligence (XAI). Minds and Machines 29, 3 (2019), 441–459. https://doi.org/10. 1007/s11023-019-09502-w
- [79] Arjun Panesar. 2019. Ethics of Intelligence. In Machine Learning and AI for Healthcare: Big Data for Improved Health Outcomes. Apress, New York, NY, USA, 207–254. https://doi.org/10.1007/978-1-4842-3799-1\_6
- [80] Raja Parasuraman and Dietrich H. Manzey. 2010. Complacency and Bias in Human Use of Automation: An Attentional Integration. Human Factors 52, 3 (2010), 381–410. https://doi.org/10.1177/0018720810376055
- [81] Raja Parasuraman and Victor Riley. 1997. Humans and Automation: Use, Misuse, Disuse, Abuse. Human Factors: The Journal of the Human Factors and Ergonomics Society 39, 2 (1997), 230–253. https://doi.org/10.1518/001872097778543886
- [82] Wolter Pieters. 2011. Explanation and Trust: What to Tell the User in Security and AI? Ethics and Information Technology 13, 1 (2011), 53–64. https://doi.org/10.1007/s10676-010-9253-3
- [83] Rebecca S. Portnoff, Linda Naeun Lee, Serge Egelman, Pratyush Mishra, Derek Leung, and David A. Wagner. 2015. Somebody's Watching Me?: Assessing the Effectiveness of Webcam Indicator Lights. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, CHI 2015, Bo Begole, Jinwoo Kim, Kori Inkpen, and Woontack Woo (Eds.). ACM, Seoul, Republic of Korea, 1649–1658. https://doi.org/10.1145/ 2702123.2702164

- [84] Andrew Prout, William Arcand, David Bestor, Bill Bergeron, Chansup Byun, Vijay Gadepally, Michael Houle, Matthew Hubbell, Michael Jones, Anna Klein, Peter Michaleas, Lauren Milechin, Julie Mullen, Antonio Rosa, Siddharth Samsi, Charles Yee, Albert Reuther, and Jeremy Kepner. 2018. Measuring the Impact of Spectre and Meltdown. In 2018 IEEE High Performance Extreme Computing Conference, HPEC 2018, Waltham, MA, USA, September 25-27, 2018. IEEE, Piscataway, NJ, USA, 1–5. https://doi.org/10.1109/HPEC.2018.8547554
- [85] Jeyavijayan Rajendran, Ozgur Sinanoglu, and Ramesh Karri. 2013. Is Split Manufacturing Secure?. In Proceedings of the Design, Automation and Test in Europe Conference & Exhibition (Grenoble, France) (DATE 2013), Enrico Macii (Ed.). IEEE, Piscataway, NJ, USA, 1259–1264. https: //doi.org/10.7873/DATE.2013.261
- [86] Inioluwa Deborah Raji, Andrew Smart, Rebecca N. White, Margaret Mitchell, Timnit Gebru, Ben Hutchinson, Jamila Smith-Loud, Daniel Theron, and Parker Barnes. 2020. Closing the AI Accountability Gap: Defining an End-to-End Framework for Internal Algorithmic Auditing. In Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency (FAT\*). Association for Computing Machinery, New York, NY, USA, 33–44. https://doi.org/10.1145/3351095.3372873
- [87] Rath, Dominic. 2008. Open On-Chip Debugger. https://openocd.org
- [88] Reuters Staff. 2017. TSMC says latest chip plant will cost around \$20 bln. https://www.reuters.com/article/tsmc-investment-idUSL3N10737Z
- [89] Marco Túlio Ribeiro, Sameer Singh, and Carlos Guestrin. 2016. "Why Should I Trust You?": Explaining the Predictions of Any Classifier. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Balaji Krishnapuram, Mohak Shah, Alexander J. Smola, Charu C. Aggarwal, Dou Shen, and Rajeev Rastogi (Eds.). Association for Computing Machinery, New York, NY, USA, 1135–1144. https://doi.org/10.1145/2939672.2939778
- [90] Cynthia Rudin. 2019. Stop explaining black box machine learning models for high stakes decisions and use interpretable models instead. Nat. Mach. Intell. 1, 5 (2019), 206–215. https://doi.org/10.1038/s42256-019-0048-x
- [91] Gesina Schwalbe and Bettina Finzel. 2021. XAI Method Properties: A (Meta-)study. arXiv:2105.07190
- [92] Senate of the United States. 2022. CHIPS and Science Act 2022 (P.L. 117-167). https://science.house.gov/chipsandscienceact
- [93] Stephen Shankland. 2022. M1 Ultra: Apple Just Unveiled Its Most Powerful Mac Chip Yet. CNET. https://www.cnet.com/tech/computing/m1-ultraapple-just-unveiled-its-most-powerful-chip-yet/
- [94] Kacper Sokol and Peter A. Flach. 2020. Explainability fact sheets: a framework for systematic assessment of explainable approaches. In FAT\* '20: Conference on Fairness, Accountability, and Transparency, Barcelona, Spain, January 27-30, 2020, Mireille Hildebrandt, Carlos Castillo, L. Elisa Celis, Salvatore Ruggieri, Linnet Taylor, and Gabriela Zanfir-Fortuna (Eds.). Association for Computing Machinery, New York, NY, USA, 56–67. https://doi.org/10.1145/3351095.3372870
- [95] Julian Speith, Florian Schweins, Maik Ender, Marc Fyrbiak, Alexander May, and Christof Paar. 2022. How Not to Protect Your IP An Industry-Wide Break of IEEE 1735 Implementations. In 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE, Piscataway, NJ, USA, 1656–1671. https://doi.org/10.1109/SP46214.2022.9833605
- [96] Timo Speith. 2022. A Review of Taxonomies of Explainable Artificial Intelligence (XAI) Methods. In Proceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency (FAccT). Association for Computing Machinery, New York, NY, USA, 2239–2250. https://doi.org/10.1145/ 3531146.3534639
- [97] M. Tehranipoor and C. Wang. 2012. Introduction to Hardware Security and Trust. Springer New York, New York, NY, USA. https://doi.org/10.1007/978-1-4419-8080-9
- [98] The Linux Foundation. 2019. The CHIPS Alliance. https://chipsalliance.org
- [99] Andrew Tomlinson, Simon Parkin, and Siraj Ahmed Shaikh. 2022. Drivers and Barriers for Secure Hardware Adoption Across Ecosystem Stakeholders. Journal of Cybersecurity 8, 1 (2022), 14 pages. https://doi.org/10.1093/cybsec/tyac009
- [100] Randy Torrance and Dick James. 2009. The State-of-the-Art in IC Reverse Engineering. In Cryptographic Hardware and Embedded Systems CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings (Lecture Notes in Computer Science, Vol. 5747), Christophe Clavier and Kris Gaj (Eds.). Springer, Berlin/Heidelberg, Germany, 363–381. https://doi.org/10.1007/978-3-642-04138-9\_26
- [101] Irem Y. Tumer and Carol S. Smidts. 2011. Integrated Design-Stage Failure Analysis of Software-Driven Hardware Systems. IEEE Trans. Computers 60, 8 (2011), 1072–1084. https://doi.org/10.1109/TC.2010.245
- [102] Kaushik Vaidyanathan, Bishnu P. Das, H. Ekin Sumbul, Renzhi Liu, and Larry T. Pileggi. 2014. Building trusted ICs using split fabrication. In 2014 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2014, Arlington, VA, USA, May 6-7, 2014. IEEE, Piscataway, NJ, USA, 1–6. https://doi.org/10.1109/HST.2014.6855559
- [103] Qian Wang and Daniel Kurz. 2022. Reconstructing Training Data from Diverse ML Models by Ensemble Inversion. In IEEE/CVF Winter Conference on Applications of Computer Vision, WACV 2022, Waikoloa, HI, USA, January 3-8, 2022. IEEE, Piscataway, NJ, USA, 3870–3878. https://doi.org/10. 1109/WACV51458.2022.00392
- [104] Graham Webster. 2019. It's not just Huawei. Trump's new tech sector order could ripple through global supply chains. The Washington Post. https://www. washingtonpost.com/politics/2019/05/18/its-not-just-huawei-trumps-new-tech-sector-order-could-ripple-through-global-supply-chains/
- [105] Neil Weste and David Harris. 2010. CMOS VLSI Design: A Circuits and Systems Perspective (4th ed.). Addison-Wesley Publishing Company, USA.
- [106] Clifford Wolf. 2016. Yosys open synthesis suite. https://github.com/YosysHQ/yosys
- [107] Haissam Ziade, Rafic A. Ayoubi, and Raoul Velazco. 2004. A Survey on Fault Injection Techniques. Int. Arab J. Inf. Technol. 1, 2 (2004), 171–186. http://www.iajit.org/ABSTRACTS-2.htm#04