Using computational game theory to guide verification and security in hardware designs

Verifying that hardware design implementations adhere to specifications is a time intensive and sometimes intractable problem due to the massive size of the system's state space. Formal methods techniques can be used to prove certain tractable specification properties; however, they are expensive, and often require subject matter experts to develop and solve. Nonetheless, hardware verification is a critical process to ensure security and safety properties are met, and encapsulates problems associated with trust and reliability. For complex designs where coverage of the entire state space is unattainable, prioritizing regions most vulnerable to security or reliability threats would allow efficient allocation of valuable verification resources. Stackelberg security games model interactions between a defender, whose goal is to assign resources to protect a set of targets, and an attacker, who aims to inflict maximum damage on the targets after first observing the defender's strategy. In equilibrium, the defender has an optimal security deployment strategy, given the attacker's best response. We apply this Stackelberg security framework to synthesized hardware implementations using the design's network structure and logic to inform defender valuations and verification costs. The defender's strategy in equilibrium is thus interpreted as a prioritization of the allocation of verification resources in the presence of an adversary. We demonstrate this technique on several open-source synthesized hardware designs.

[1]  Milind Tambe,et al.  From physical security to cybersecurity , 2015, J. Cybersecur..

[2]  Vincent Conitzer,et al.  Stackelberg vs. Nash in Security Games: An Extended Investigation of Interchangeability, Equivalence, and Uniqueness , 2011, J. Artif. Intell. Res..

[3]  Yevgeniy Vorobeychik,et al.  MultiDefender security games on networks , 2014, PERV.

[4]  Yevgeniy Vorobeychik,et al.  Characterizing short-term stability for Boolean networks over any distribution of transfer functions , 2014, Physical review. E.

[5]  Noam Nisan,et al.  Constant depth circuits, Fourier transform, and learnability , 1993, JACM.

[6]  Kerstin Eder,et al.  Coverage-Directed Test Generation Automated by Machine Learning -- A Review , 2012, ACM Trans. Design Autom. Electr. Syst..

[7]  Aron Laszka,et al.  A Survey of Interdependent Security Games Working paper , 2012 .

[8]  Charles A. Kamhoua,et al.  Testing for Hardware Trojans: A Game-Theoretic Approach , 2014, GameSec.

[9]  Yevgeniy Vorobeychik,et al.  Multidefender Security Games , 2015, IEEE Intelligent Systems.

[10]  Magdy S. Abadir,et al.  A Survey of Hybrid Techniques for Functional Verification , 2007, IEEE Design & Test of Computers.

[11]  P. Athanas,et al.  How Threats Drive the Development of Secure Reconfigurable Devices , 2008, 2008 IEEE National Aerospace and Electronics Conference.

[12]  Jie Zhang,et al.  VeriTrust: Verification for Hardware Trust , 2015, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[13]  Robert C. Armstrong,et al.  Tradeoffs in targeted fuzzing of cyber systems by defenders and attackers , 2011, CSIIRW '11.

[14]  Simha Sethumadhavan,et al.  FANCI: identification of stealthy malicious logic using boolean functional analysis , 2013, CCS.

[15]  Jonathan Graf Trust games: How game theory can guide the development of hardware Trojan detection methods , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[16]  Carl-Johan H. Seger,et al.  Practical Formal Verification in Microprocessor Design , 2001, IEEE Des. Test Comput..

[17]  Yevgeniy Vorobeychik,et al.  Securing interdependent assets , 2012, Autonomous Agents and Multi-Agent Systems.