Automatic Asset Identification for Assertion-Based SoC Security Verification

Automatic Asset Identification for Assertion-Based SoC Security Verification

The ubiquitous presence and utilization of System-on-Chips (SoCs) have made them critical to our daily lives. As SoCs become more complex, their susceptibility to security threats has also increased. The comprehensive security assurance of an SoC system requires a deep knowledge of the design and se...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on computer-aided design of integrated circuits and systems 2024-10, Vol.43 (10), p.3264-3277
Hauptverfasser: Ayalasomayajula, Avinash, Farzana Dipu, Nusrat, Tehranipoor, Mark M., Farahmandi, Farimah
Format: Artikel
Sprache:eng
Schlagworte:
Bus interconnections
Computer-aided design (CAD)
Design
Design analysis
Design standards
Designers
Encryption
Hardware
Measurement
presilicon security verification
Protection
Random access memory
Registers
Security
security assets
security metrics
System on chip
Threat evaluation
Threat modeling
Verification
vulnerability assessment
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The ubiquitous presence and utilization of System-on-Chips (SoCs) have made them critical to our daily lives. As SoCs become more complex, their susceptibility to security threats has also increased. The comprehensive security assurance of an SoC system requires a deep knowledge of the design and security-critical assets that must be protected. As SoC applications vary, the assets vary in number, type, importance level, and form based on the various hardware blocks that construct the SoC and their complex interactions. Some assets are distinctive in their definition and characteristics, making them easily identifiable, such as encryption/decryption keys, logic locking keys, etc. However, other assets, such as system bus control registers that are internal to the design, require a more complex design analysis. Automatic identification of these security assets at the presilicon stage can help designers take the necessary precautions to protect them. Equipped with the security assets, designers can then incorporate techniques to protect these security assets against various threats. This article presents the variation among security assets based on hardware design and defines attributes to help classify them. Then, we introduce security asset identification framework (SAIF), an automated framework that can help identify security assets for a design at the register-transfer level (RTL). We introduce a set of metrics into SAIF to perform comprehensive vulnerability analysis and identify security assets that are prone to specific vulnerabilities. Finally, we report our findings on the effectiveness of SAIF for various open-source hardware designs and the National Institute of Standards and Technology (NIST) lightweight crypto designs. We show that SAIF can automatically identify critical security assets in a design with high accuracy and performance. Moreover, we analyze the security implications of the identified secondary assets to show their importance in presilicon security verification.
ISSN:0278-0070
1937-4151
DOI:10.1109/TCAD.2024.3387875