Detecting hardware Trojans in unspecified functionality using mutation testing

Existing functional Trojan detection methodologies assume Trojans violate the design specification under carefully crafted rare triggering conditions. We present a new type of Trojan that leaks secret information from the design by only modifying unspecified functionality, meaning the Trojan is no longer restricted to being active only under rare conditions. We provide a method based on mutation testing for detecting this new Trojan type along with mutant ranking heuristics to prioritize analysis of the most dangerous functionality. Applying our method to a UART controller design, we discover unspecified and untested bus functionality with the potential to leak 32 bits of information during hundreds of cycles without being detected! Our method also reveals poorly tested interrupt functionality with information leakage potential. After modifying the specification and test bench to remove the discovered vulnerabilities, we close the verification loop by re-analyzing the design using our methodology and observe the functionality is no longer flagged as dangerous.

[1]  Kwang-Ting Cheng,et al.  Hardware Trojans hidden in RTL don't cares — Automated insertion and prevention methodologies , 2015, 2015 IEEE International Test Conference (ITC).

[2]  Lori L. Pollock,et al.  An Attack Simulator for Systematically Testing Program-based Security Mechanisms , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[3]  Gang Qu,et al.  Designing Trusted Embedded Systems from Finite State Machines , 2014, TECS.

[4]  Simha Sethumadhavan,et al.  FANCI: identification of stealthy malicious logic using boolean functional analysis , 2013, CCS.

[5]  Milo M. K. Martin,et al.  Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically , 2010, 2010 IEEE Symposium on Security and Privacy.

[6]  Franco Fummi,et al.  Functional qualification of TLM verification , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[7]  Franco Fummi,et al.  A Mutation Model for the SystemC TLM 2.0 Communication Interfaces , 2008, 2008 Design, Automation and Test in Europe.

[8]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[9]  Edgar R. Weippl,et al.  Hardware Malware , 2013, Hardware Malware.

[10]  Swarup Bhunia,et al.  Hardware Trojan: Threats and emerging solutions , 2009, 2009 IEEE International High Level Design Validation and Test Workshop.

[11]  Jie Zhang,et al.  VeriTrust: Verification for hardware trust , 2013, 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC).

[12]  Mark Harman,et al.  An Analysis and Survey of the Development of Mutation Testing , 2011, IEEE Transactions on Software Engineering.

[13]  Sally Adee,et al.  The Hunt For The Kill Switch , 2008, IEEE Spectrum.

[14]  Kwang-Ting Cheng,et al.  SCEMIT: A SystemC error and mutation injection tool , 2010, Design Automation Conference.

[15]  Shaojie Zhang,et al.  FIGHT-metric: Functional identification of gate-level hardware trustworthiness , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[16]  Kwang-Ting Cheng,et al.  Mutation analysis with coverage discounting , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).