For complex production hardware designs, a significant challenge is to decide where to look for security issues. Published approaches to information flow security analysis find all paths from signals for an asset to ports accessible by an adversary, such as a secret key to a point of disclosure. Although this can be beneficial in eliminating areas of the hardware designs that need not be reviewed, what is included is still overwhelmingly large for a proper review for security vulnerabilities. However, it is not necessary to review all of the paths, but instead to review access control mechanisms that limit information flow between adversary and asset. Our method of using multiple information flow paths allows us to identify access control mechanisms and evaluate whether they are used on every access to the asset. Our technique was used commercially in production hardware design to successfully find critical security issues before tape-in by pre-Si validation engineers at Intel.
[1]
Andrew C. Myers,et al.
Language-based information-flow security
,
2003,
IEEE J. Sel. Areas Commun..
[2]
Daniel Jackson,et al.
A new model of program dependences for reverse engineering
,
1994,
SIGSOFT '94.
[3]
Masahiro Fujita,et al.
Program slicing for VHDL
,
2002
.
[4]
José Meseguer,et al.
Unwinding and Inference Control
,
1984,
1984 IEEE Symposium on Security and Privacy.
[5]
Daryl McCullough,et al.
Noninterference and the composability of security properties
,
1988,
Proceedings. 1988 IEEE Symposium on Security and Privacy.
[6]
Roope Kaivola,et al.
Formal Verification of Pentium® 4 Components with Symbolic Simulation and Inductive Invariants
,
2005,
CAV.