HUnTer: Hardware Underneath Trigger for Exploiting SoC-level Vulnerabilities

Abstract

Systems-on-chip (SoCs) have become increasingly large and complex, resulting in new threats and vulnerabilities, mainly related to system-level flaws. However, the system-level verification process, whose violation may lead to exploiting a hardware vulnerability, is not studied comprehensively due to the lack of decisive (security) requirements and properties from the SoC designer's perspective. To enable a more comprehensive verification for system-level properties, this paper presents HUnTer (Hardware Underneath Trigger), a framework for identifying sets (sequences) of instructions at the processor unit (PU) that unveils the underneath hardware vulnerabilities. The HUnTer framework automates (i) threat modeling, (ii) threat-based formal verification, (iii) generation of counterexamples, and (iv) generation of snippet code for exploiting the vulnerability. The HUnTer framework also defines a security coverage metric (HUnT_Coverage) to measure the performance and efficacy of the proposed approach. Using the HUnTer framework on a RISC-V-based open-source SoC architecture, we conduct a wide variety of case studies of Trust-HUB vulnerabilities to demonstrate the high effectiveness of the proposed framework.