SoC security architecture design is highly susceptible to critical vulnerabilities from minor oversights and struggles to simultaneously address supply-chain attack resilience and hardware reusability. This paper proposes CITADEL—the first modular, configurable SoC security framework explicitly designed to withstand supply-chain attacks. CITADEL’s key contributions are: (1) plug-and-play integration of heterogeneous security IP modules, enabling flexible composition and diverse deployment of security primitives; (2) unified threat modeling across multi-vector attack surfaces, enhancing architectural adaptability and cross-process-node reusability; and (3) ASIC implementation demonstrating minimal overhead—less than 0.8% area and 1.2% power increase across mainstream technology nodes. Experimental evaluation confirms that CITADEL significantly improves design efficiency, verification speed, and silicon-proven integration practicality, establishing a scalable foundation for secure, reusable SoC development in adversarial supply chains.

Designing secure architectures for system-on-chip (SoC) platforms is a highly intricate and time-intensive task, often requiring months of development and meticulous verification. Even minor architectural oversights can lead to critical vulnerabilities that undermine the security of the entire chip. In response to this challenge, we introduce CITADEL, a modular security framework aimed at streamlining the creation of robust security architectures for SoCs. CITADEL offers a configurable, plug-and-play subsystem composed of custom intellectual property (IP) blocks, enabling the construction of diverse security mechanisms tailored to specific threats. As a concrete demonstration, we instantiate CITADEL to defend against supply-chain threats, illustrating how the framework adapts to one of the most pressing concerns in hardware security. This paper explores the range of obstacles encountered when building a unified security architecture capable of addressing multiple attack vectors and presents CITADEL's strategies for overcoming them. Through several real-world case studies, we showcase the practical implementation of CITADEL and present a thorough evaluation of its impact on silicon area and power consumption across various ASIC technologies. Results indicate that CITADEL introduces only minimal resource overhead, making it a practical solution for enhancing SoC security.