A trust model answers the basic question, “Who decides if the security provided by a given flow is sufficient.” Past trust models favored the tool providers; each tool vendor could choose what to show or not show for protected IP after that IP enters the control of the tool chain for each vendor. In some cases, like simulation tools, a common understanding has been reached between tool vendors, and a de-facto approach to visibility and protection is adopted.
IEEE-1735 aims for a trust model based upon the concerns of the IP author. The assumption is that the IP author should be able to specify how their secured IP can be viewed, used, how access can be revoked later, even in different vendor tools. There is a balance; however, in that all tool vendors might not be able to build the same levels of security into their tools. The trust model can be summed up by the following: Encryption of source code is a mandate by the IP author that they expect their IP to be secure. Tool behavior should default to the maximum reasonable protection tool is capable of while still accomplishing tool goals.
In some cases, default tool behavior can be either too restrictive or too permissive. IEEE-1735 based encryption allows for the IP author to state their desired behavior for target tools. If a tool vendor cannot adhere to any specific requests, the tool should stop processing, unless a special exemption is granted for that tool from a particular vendor.