Litcius/Paper detail

SHarPen

Hasan Al-Shaikh, Arash Vafaei, Mridha Md Mashahedur Rahman, Kimia Zamiri Azar, Fahim Rahman, Farimah Farahmandi, Mark Tehranipoor

2023Proceedings of the 28th Asia and South Pacific Design Automation Conference12 citationsDOI

Abstract

As modern SoC architectures incorporate many complex/heterogeneous intellectual properties (IPs), the protection of security assets has become imperative, and the number of vulnerabilities revealed is rising due to the increased number of attacks. Over the last few years, penetration testing (PT) has become an increasingly effective means of detecting software (SW) vulnerabilities. As of yet, no such technique has been applied to the detection of hardware vulnerabilities. This paper proposes a PT framework, SHarPen, for detecting hardware vulnerabilities, which facilitates the development of a SoC-level security verification framework. SHarPen proposes a formalism for performing gray-box hardware (HW) penetration testing instead of relying on coverage-based testing and provides an automation for mapping hardware vulnerabilities to logical/mathematical cost functions. SHarPen supports both simulation and FPGA-based prototyping, allowing us to automate security testing at different stages of the design process with high capabilities for identifying vulnerabilities in the targeted SoC.

Topics & Concepts

Computer scienceEmbedded systemField-programmable gate arraySoftware security assuranceAutomationSoftwareSecure codingSecurity testingFuzz testingObfuscationSoftware engineeringComputer architectureComputer securityOperating systemInformation securitySecurity serviceEngineeringCloud computing securityCloud computingSecurity information and event managementMechanical engineeringSecurity and Verification in ComputingPhysical Unclonable Functions (PUFs) and Hardware SecurityAdvanced Malware Detection Techniques