A Pre-Silicon Approach to Discovering Microarchitectural Vulnerabilities in Security Critical Applications

Microarchitectural vulnerabilities have become an increasingly effective attack vector. This is especially problematic for security critical applications, which handle sensitive data and may employ software-level hardening in order to thwart data leakage. These strategies rely on necessary assumptions about the underlying microarchitectural implementation, which may (and have proven to be) incorrect in some instances, leading to exploits. Consequently, devising early-stage design tools for reasoning about and verifying the correctness of high assurance applications with respect to a given hardware design is an increasingly important problem. This letter presents a principled dynamic testing methodology to reveal and analyze data-dependent microarchitectural behavior with the potential to violate assumptions and requirements of security critical software. A differential analysis is performed of the microarchitectural state space explored during register transfer-level (RTL) simulation to reveal internal activity which correlates to sensitive data used in computation. We demonstrate the utility of the proposed methodology through it's ability to identify secret data leakage from selected case studies with known vulnerabilities.