Directed Test Generation for Activation of Security Assertions in RTL Models

ACM Transactions on Design Automation of Electronic Systems (TODAES) Pub Date : 2021-01-15 DOI:10.1145/3441297

Hasini Witharana, Yangdi Lyu, P. Mishra

{"title":"Directed Test Generation for Activation of Security Assertions in RTL Models","authors":"Hasini Witharana, Yangdi Lyu, P. Mishra","doi":"10.1145/3441297","DOIUrl":null,"url":null,"abstract":"Assertions are widely used for functional validation as well as coverage analysis for both software and hardware designs. Assertions enable runtime error detection as well as faster localization of errors. While there is a vast literature on both software and hardware assertions for monitoring functional scenarios, there is limited effort in utilizing assertions to monitor System-on-Chip (SoC) security vulnerabilities. We have identified common SoC security vulnerabilities and defined several classes of assertions to enable runtime checking of security vulnerabilities. A major challenge in assertion-based validation is how to activate the security assertions to ensure that they are valid. While existing test generation using model checking is promising, it cannot generate directed tests for large designs due to state space explosion. We propose an automated and scalable mechanism to generate directed tests using a combination of symbolic execution and concrete simulation of RTL models. Experimental results on diverse benchmarks demonstrate that the directed tests are able to activate security assertions non-vacuously.","PeriodicalId":6933,"journal":{"name":"ACM Transactions on Design Automation of Electronic Systems (TODAES)","volume":"52 1","pages":"1 - 28"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Design Automation of Electronic Systems (TODAES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3441297","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Assertions are widely used for functional validation as well as coverage analysis for both software and hardware designs. Assertions enable runtime error detection as well as faster localization of errors. While there is a vast literature on both software and hardware assertions for monitoring functional scenarios, there is limited effort in utilizing assertions to monitor System-on-Chip (SoC) security vulnerabilities. We have identified common SoC security vulnerabilities and defined several classes of assertions to enable runtime checking of security vulnerabilities. A major challenge in assertion-based validation is how to activate the security assertions to ensure that they are valid. While existing test generation using model checking is promising, it cannot generate directed tests for large designs due to state space explosion. We propose an automated and scalable mechanism to generate directed tests using a combination of symbolic execution and concrete simulation of RTL models. Experimental results on diverse benchmarks demonstrate that the directed tests are able to activate security assertions non-vacuously.

查看原文本刊更多论文

RTL模型中安全断言激活的定向测试生成

断言广泛用于功能验证以及软件和硬件设计的覆盖率分析。断言支持运行时错误检测以及更快的错误本地化。虽然有大量关于软件和硬件断言用于监视功能场景的文献，但在利用断言监视片上系统(SoC)安全漏洞方面的努力有限。我们已经确定了常见的SoC安全漏洞，并定义了几类断言来启用安全漏洞的运行时检查。基于断言的验证中的一个主要挑战是如何激活安全断言以确保它们是有效的。现有的基于模型检查的试验生成方法很有前景，但由于状态空间爆炸的原因，无法生成大型设计的定向试验。我们提出了一种自动化和可扩展的机制，使用符号执行和RTL模型的具体模拟相结合来生成定向测试。在各种基准测试上的实验结果表明，定向测试能够非空洞地激活安全断言。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Design Automation of Electronic Systems (TODAES)

自引率

0.00%

发文量