Conventional ASIC design flows largely neglect security, and commercial place-and-route (P&R) tools lack native support for modeling or optimizing security objectives. Method: This work introduces the first security-aware, zero-overhead ASIC physical synthesis flow, natively integrating hardware Trojan mitigation and physical attack resilience—against probing and fault injection—into a commercial P&R engine. It employs security-driven placement optimization, routing constraints, and cell substitution strategies, ensuring security convergence without compromising timing, area, or power. Contribution/Results: Evaluated on the ISPD’22 benchmark suite, the flow achieves state-of-the-art security metrics with negligible design overhead. All proposed methodologies and associated protection circuits are fully open-sourced, enabling reproducibility and community adoption.

In the traditional Application-Specific Integrated Circuit (ASIC) design flow, the concept of timing closure implies to reach convergence during physical synthesis such that, under a given area and power budget, the design works at the targeted frequency. However, security has been largely neglected when evaluating the Quality of Results (QoR) from physical synthesis. In general, commercial place & route tools do not understand security goals. In this work, we propose a modified ASIC design flow that is security-aware and, differently from prior research, does not degrade QoR for the sake of security improvement. Therefore, we propose a first-of-its-kind zero-overhead flow for security closure. Our flow is concerned with two distinct threat models: (i) insertion of Hardware Trojans (HTs) and (ii) physical probing/fault injection. Importantly, the flow is entirely executed within a commercial place & route engine and is scalable. In several metrics, our security-aware flow achieves the best-known results for the ISPD`22 set of benchmark circuits while incurring negligible design overheads due to security-related strategies. Finally, we open source the entire methodology (as a set of scripts) and also share the protected circuits (as design databases) for the benefit of the hardware security community.