Formal Security Verification of Third Party Intellectual Property Cores for Information Leakage

Globalization of the system-on-chip (SoC) design flow has created opportunities for rogue intellectual property (IP) vendors to insert malicious circuits (a.k.a. hardware Trojans) into their IPs. We propose to formally verify third party IPs (3PIPs) for unauthorized information leakage. We validate our technique using Trojan benchmarks from the Trust-Hub.

[1]  Pramod Subramanyan,et al.  Formal verification of taint-propagation security properties in a commercial SoC design , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[2]  Rupak Majumdar,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 1997, Lecture Notes in Computer Science.

[3]  Yiorgos Makris,et al.  Proof-Carrying Hardware Intellectual Property: A Pathway to Trusted Module Acquisition , 2012, IEEE Transactions on Information Forensics and Security.

[4]  Michael S. Hsiao,et al.  Trusted RTL: Trojan detection methodology in pre-silicon designs , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[5]  Jie Zhang,et al.  VeriTrust: Verification for hardware trust , 2013, 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC).

[6]  Jie Zhang,et al.  DeTrust: Defeating Hardware Trust Verification with Stealthy Implicitly-Triggered Hardware Trojans , 2014, CCS.

[7]  Bernd Becker,et al.  #SAT-based vulnerability analysis of security components — A case study , 2012, 2012 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT).

[8]  A. Pnueli The Temporal Semantics of Concurrent Programs , 1979, Theor. Comput. Sci..

[9]  Mark Mohammad Tehranipoor,et al.  Case study: Detecting hardware Trojans in third-party digital IP cores , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[10]  Mark Mohammad Tehranipoor,et al.  Analyzing circuit vulnerability to hardware Trojan insertion at the behavioral level , 2013, 2013 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS).

[11]  Jing-Yang Jou,et al.  Coverage Analysis Techniques for HDL Design Validation , 1999 .

[12]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[13]  Simha Sethumadhavan,et al.  FANCI: identification of stealthy malicious logic using boolean functional analysis , 2013, CCS.

[14]  Yiorgos Makris,et al.  A proof-carrying based framework for trusted microprocessor IP , 2013, 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[15]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[16]  Yiorgos Makris,et al.  Proof carrying-based information flow tracking for data secrecy protection and hardware trust , 2012, 2012 IEEE 30th VLSI Test Symposium (VTS).

[17]  Jeyavijayan Rajendran,et al.  Detecting malicious modifications of data in third-party intellectual property cores , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[18]  Michael S. Hsiao,et al.  Hardware Trojan Attacks: Threat Analysis and Countermeasures , 2014, Proceedings of the IEEE.

[19]  Patrick Schaumont,et al.  SMT-Based Verification of Software Countermeasures against Side-Channel Attacks , 2014, TACAS.