Litcius/Paper detail

SAIF: Automated Asset Identification for Security Verification at the Register Transfer Level

Nusrat Farzana, Avinash Ayalasomayajula, Fahim Rahman, Farimah Farahmandi, Mark Tehranipoor

202117 citationsDOI

Abstract

With the increasing complexity, modern system-onchip (SoC) designs are becoming more susceptible to security attacks and require comprehensive security assurance. However, establishing a comprehensive assurance for security often involves knowledge of relevant security assets. Since modern SoCs contain myriad confidential assets, the identification of security assets is not straightforward. The number and types of assets change due to numerous embedded hardware blocks within the SoC and their complex interactions. Some security assets are easily identifiable because of their distinct characteristics and unique definitions, while others remain in the blind-spot during design and verification and can be utilized as potential attack surfaces to violate confidentiality, integrity, and availability of the SoC. Therefore, it is essential to automatically identify security assets in an SoC at pre-silicon design stages to protect them and prevent potential attacks. In this paper, we propose an automated CAD framework called SAF to identify an SoC's security assets at the register transfer level (RTL) through comprehensive vulnerability analysis under different threat models. Moreover, we develop and incorporate metrics with SAF to quantitatively assess multiple vulnerabilities for the identified security assets. We demonstrate the effectiveness of SAF on MSP430 micro-controller and CEP SoC benchmarks. Our experimental results show that SAF can successfully and automatically identify an SoC's most vulnerable underlying security assets for protection.

Topics & Concepts

Computer scienceAsset (computer security)Computer securityIdentification (biology)ConfidentialitySoftware security assuranceSecurity testingVulnerability (computing)Security through obscurityComputer security modelSecurity information and event managementSecurity serviceInformation securityCloud computing securityOperating systemBotanyCloud computingBiologyPhysical Unclonable Functions (PUFs) and Hardware SecurityIntegrated Circuits and Semiconductor Failure AnalysisSecurity and Verification in Computing