Trusted RTL: Trojan detection methodology in pre-silicon designs

Mainak Banga, M. Hsiao
{"title":"Trusted RTL: Trojan detection methodology in pre-silicon designs","authors":"Mainak Banga, M. Hsiao","doi":"10.1109/HST.2010.5513114","DOIUrl":null,"url":null,"abstract":"In this paper, we propose a four-step approach to filter and locate malicious insertion(s) implanted in a third party Intellectual Property (3PIP). In our approach, we first remove those easy-to-detect signals whose activation and propagation are easy using functional vectors. The remaining signals are subjected to a N-detect full-scan ATPG tool to identify those which are functionally hard-to-excite and/or propagate. But unlike recognizing hard-to-detect signal(s), behavioral change brought about by these insertion(s) needs to be taken into account to narrow down their implantation locations. So in our third step, detection condition of suspect signals are cross checked against the spec by a suspect-signal-guided equivalence checking set-up. Finally, a region isolation approach is applied on the filtered signals to determine clusters of untestable gates in the circuit. Experimental results on ISCAS'89 benchmarks show that we are able to return a very small set of candidate locations where the stealthy malicious insertion could reside.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"117","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2010.5513114","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 117

Abstract

In this paper, we propose a four-step approach to filter and locate malicious insertion(s) implanted in a third party Intellectual Property (3PIP). In our approach, we first remove those easy-to-detect signals whose activation and propagation are easy using functional vectors. The remaining signals are subjected to a N-detect full-scan ATPG tool to identify those which are functionally hard-to-excite and/or propagate. But unlike recognizing hard-to-detect signal(s), behavioral change brought about by these insertion(s) needs to be taken into account to narrow down their implantation locations. So in our third step, detection condition of suspect signals are cross checked against the spec by a suspect-signal-guided equivalence checking set-up. Finally, a region isolation approach is applied on the filtered signals to determine clusters of untestable gates in the circuit. Experimental results on ISCAS'89 benchmarks show that we are able to return a very small set of candidate locations where the stealthy malicious insertion could reside.
可信RTL:预硅设计中的特洛伊木马检测方法
在本文中,我们提出了一种四步方法来过滤和定位植入第三方知识产权(3PIP)的恶意插入。在我们的方法中,我们首先使用函数向量去除那些易于检测的信号,这些信号的激活和传播很容易。剩余的信号经过N-detect全扫描ATPG工具来识别那些功能上难以激发和/或传播的信号。但与识别难以检测的信号不同,需要考虑这些插入带来的行为变化,以缩小其植入位置。因此,在我们的第三步中,可疑信号的检测条件通过可疑信号引导的等效检查装置与规范交叉检查。最后,对滤波后的信号采用区域隔离的方法来确定电路中不可测试门的簇。在ISCAS'89基准测试上的实验结果表明,我们能够返回一个非常小的候选位置集,其中隐藏的恶意插入可能存在。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信