Data Secrecy Protection Through Information Flow Tracking in Proof-Carrying Hardware IP—Part I: Framework Fundamentals

Proof-carrying hardware intellectual property (PCHIP) is a previously proposed framework for ensuring trustworthiness of third-party hardware IP through the development of formal proofs for security properties designed to prevent introduction of malicious behavior. Based on this framework, we introduce new approaches for assuring that the secrecy of internal information in a hardware design is not compromised by design flaws or malicious hardware Trojans. Specifically, we devise two PCHIP-based information flow tracking approaches, which enhance the formal PCHIP framework with secrecy tags and/or sensitivity levels in order to provide mechanisms for proving that sensitive information does not reach undesired sites. To assist in the development of data secrecy properties, we also introduce the concept of theorem generation functions, which enable generation of security theorems independent of the target circuit, thereby paving the way for proof automation. In addition, we enhance the PCHIP framework with a hierarchy-preserving methodology and we show its utility in preventing malicious data modification, which may indirectly result in sensitive information leakage, such as by modifying the secret key in a cryptographic core. This enhanced PCHIP framework also enables development of hybrid module libraries, which contain hardware description language code along with proofs of lemmas for these modules. These module libraries can then be used for hierarchically proving security properties in higher level designs, thereby reducing the proof development burden in the general PCHIP framework. Efforts toward automation of the proposed methodologies, as well as evaluation of their effectiveness in identifying design flaws or hardware Trojans in various cryptographic hardware designs are presented in part II of this paper series.

[1]  Christof Paar,et al.  MOLES: Malicious off-chip leakage enabled by side-channels , 2009, 2009 IEEE/ACM International Conference on Computer-Aided Design - Digest of Technical Papers.

[2]  Tzi-cker Chiueh,et al.  A General Dynamic Information Flow Tracking Framework for Security Applications , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[3]  Jie Zhang,et al.  DeTrust: Defeating Hardware Trust Verification with Stealthy Implicitly-Triggered Hardware Trojans , 2014, CCS.

[4]  Yiorgos Makris,et al.  Toward automatic proof generation for information flow policies in third-party hardware IP , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[5]  Yao Wang,et al.  A Hardware Design Language for Timing-Sensitive Information-Flow Security , 2015, ASPLOS.

[6]  Frederic T. Chong,et al.  Sapper: a language for hardware-level security policy enforcement , 2014, ASPLOS.

[7]  Ruby B. Lee,et al.  A software-hardware architecture for self-protecting data , 2012, CCS.

[8]  Ralph Howard,et al.  Data encryption standard , 1987 .

[9]  Prabhat Mishra,et al.  Scalable SoC trust verification using integrated theorem proving and model checking , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[10]  Debdeep Mukhopadhyay,et al.  Improved Test Pattern Generation for Hardware Trojan Detection Using Genetic Algorithm and Boolean Satisfiability , 2015, CHES.

[11]  Yiorgos Makris,et al.  Experiences in Hardware Trojan design and implementation , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[12]  Jeyavijayan Rajendran,et al.  Detecting malicious modifications of data in third-party intellectual property cores , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[13]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[14]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[15]  Wei Hu,et al.  Gate-Level Information Flow Tracking for Security Lattices , 2014, TODE.

[16]  Adam Chlipala,et al.  Formal Verification of Hardware Synthesis , 2013, CAV.

[17]  Simha Sethumadhavan,et al.  FANCI: identification of stealthy malicious logic using boolean functional analysis , 2013, CCS.

[18]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[19]  Wei Hu,et al.  Detecting Hardware Trojans with Gate-Level Information-Flow Tracking , 2016, Computer.

[20]  Daniela Oliveira,et al.  Extended Abstract : Trustworthy SoC Architecture with On-Demand Security Policies and HW-SW Cooperation , 2014 .

[21]  Michael S. Hsiao,et al.  Hardware Trojan Attacks: Threat Analysis and Countermeasures , 2014, Proceedings of the IEEE.

[22]  Bo Yang,et al.  Cycle-accurate information assurance by proof-carrying based signal sensitivity tracing , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[23]  Frederic T. Chong,et al.  Complete information flow tracking from the gates up , 2009, ASPLOS.

[24]  M. Tehranipoor,et al.  Hardware Trojans: Lessons Learned after One Decade of Research , 2016, TODE.

[25]  Joseph Zambreno,et al.  A case study in hardware Trojan design and implementation , 2011, International Journal of Information Security.

[26]  Christos A. Papachristou,et al.  MERO: A Statistical Approach for Hardware Trojan Detection , 2009, CHES.

[27]  Yiorgos Makris,et al.  Proof carrying-based information flow tracking for data secrecy protection and hardware trust , 2012, 2012 IEEE 30th VLSI Test Symposium (VTS).

[28]  Yiorgos Makris,et al.  VeriCoq: A Verilog-to-Coq converter for proof-carrying hardware automation , 2015, 2015 IEEE International Symposium on Circuits and Systems (ISCAS).

[29]  Jie Zhang,et al.  VeriTrust: Verification for Hardware Trust , 2015, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[30]  Ravishankar K. Iyer,et al.  Defeating memory corruption attacks via pointer taintedness detection , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[31]  Hassan Salmani,et al.  COTD: Reference-Free Hardware Trojan Detection and Recovery Based on Controllability and Observability in Gate-Level Netlist , 2017, IEEE Transactions on Information Forensics and Security.

[32]  Yiorgos Makris,et al.  Proof-Carrying Hardware Intellectual Property: A Pathway to Trusted Module Acquisition , 2012, IEEE Transactions on Information Forensics and Security.

[33]  Hsien-Hsin S. Lee,et al.  InfoShield: a security architecture for protecting information usage in memory , 2006, The Twelfth International Symposium on High-Performance Computer Architecture, 2006..

[34]  Frederic T. Chong,et al.  Caisson: a hardware description language for secure information flow , 2011, PLDI '11.

[35]  Yiorgos Makris,et al.  A proof-carrying based framework for trusted microprocessor IP , 2013, 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[36]  Tim Güneysu,et al.  Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering , 2009, CHES.

[37]  Guilherme Ottoni,et al.  RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).