A Semi-formal Information Flow Validation for Analyzing Secret Asset Propagation in COTS IC Integrated Systems

Abstract

Integration of off-the-shelf components from commercial sources during system design provides a drastic reduction of product cost and development time. It also allows faster adoption of new technologies without the risks associated with research and development. Therefore, commercial off-the-shelf (COTS) components can be found in a wide range of applications, including military, aerospace, etc. However, any untrusted vendors could include hidden malicious hardware to compromise the functionality of the system or leak secret information through COTS integrated circuits (ICs). Existing trust-verification solutions are generally inapplicable for COTS hardware due to the absence of golden models for analysis. In this paper, we propose a semi-formal validation technique to protect the secret assets in a system that integrates COTS IC. Our framework identifies the paths that could propagate secret assets to surrounding COTS ICs in the system by analyzing the IC design. Our experimental results on a significantly large microprocessor core demonstrate that the proposed approach is effective in determining information flow violations within a short time and provides greater coverage and accurate identification.