Arash Vafaei, Nick Hooten, M. Tehranipoor, Farimah Farahmandi
{"title":"用于硬件木马激活的c级符号执行","authors":"Arash Vafaei, Nick Hooten, M. Tehranipoor, Farimah Farahmandi","doi":"10.1109/ITC50571.2021.00031","DOIUrl":null,"url":null,"abstract":"Due to the global supply of semiconductor intellectual property (IP) cores, modern system-on-chip (SoC) designs are vulnerable to malicious functionality, referred to as hardware Trojans. Hardware Trojans are inserted to bypass the security mechanisms in a SOC or cause confidentiality, integrity, and availability violations. There is an increased emphasis on finding effective solutions to generate tests to activate Trojans in hardware designs (if any) in third party IPs. However, state-of-the-art approaches suffer from ineffectiveness in detection and scalability. In this paper, we propose SymbA that utilizes symbolic execution at C/C++ level to activate malicious functionality hidden in RTL designs. SymbA is based on mapping of RTL design to C level and leveraging the existing powerful software-level symbolic execution engine to generate tests. SymbA maps back the generated tests to RTL and checks if the hidden Trojans have been activated. In this paper, we use KLEE Symbolic Execution Engine and show the efficiency of SymbA by applying it to a number of Trust-Hub benchmarks. SymbA improves the existing state-of-the-art techniques significantly with regard to performance, coverage and memory usage.","PeriodicalId":147006,"journal":{"name":"2021 IEEE International Test Conference (ITC)","volume":"280 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"SymbA: Symbolic Execution at C-level for Hardware Trojan Activation\",\"authors\":\"Arash Vafaei, Nick Hooten, M. Tehranipoor, Farimah Farahmandi\",\"doi\":\"10.1109/ITC50571.2021.00031\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Due to the global supply of semiconductor intellectual property (IP) cores, modern system-on-chip (SoC) designs are vulnerable to malicious functionality, referred to as hardware Trojans. Hardware Trojans are inserted to bypass the security mechanisms in a SOC or cause confidentiality, integrity, and availability violations. There is an increased emphasis on finding effective solutions to generate tests to activate Trojans in hardware designs (if any) in third party IPs. However, state-of-the-art approaches suffer from ineffectiveness in detection and scalability. In this paper, we propose SymbA that utilizes symbolic execution at C/C++ level to activate malicious functionality hidden in RTL designs. SymbA is based on mapping of RTL design to C level and leveraging the existing powerful software-level symbolic execution engine to generate tests. SymbA maps back the generated tests to RTL and checks if the hidden Trojans have been activated. In this paper, we use KLEE Symbolic Execution Engine and show the efficiency of SymbA by applying it to a number of Trust-Hub benchmarks. SymbA improves the existing state-of-the-art techniques significantly with regard to performance, coverage and memory usage.\",\"PeriodicalId\":147006,\"journal\":{\"name\":\"2021 IEEE International Test Conference (ITC)\",\"volume\":\"280 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Test Conference (ITC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ITC50571.2021.00031\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Test Conference (ITC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITC50571.2021.00031","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
SymbA: Symbolic Execution at C-level for Hardware Trojan Activation
Due to the global supply of semiconductor intellectual property (IP) cores, modern system-on-chip (SoC) designs are vulnerable to malicious functionality, referred to as hardware Trojans. Hardware Trojans are inserted to bypass the security mechanisms in a SOC or cause confidentiality, integrity, and availability violations. There is an increased emphasis on finding effective solutions to generate tests to activate Trojans in hardware designs (if any) in third party IPs. However, state-of-the-art approaches suffer from ineffectiveness in detection and scalability. In this paper, we propose SymbA that utilizes symbolic execution at C/C++ level to activate malicious functionality hidden in RTL designs. SymbA is based on mapping of RTL design to C level and leveraging the existing powerful software-level symbolic execution engine to generate tests. SymbA maps back the generated tests to RTL and checks if the hidden Trojans have been activated. In this paper, we use KLEE Symbolic Execution Engine and show the efficiency of SymbA by applying it to a number of Trust-Hub benchmarks. SymbA improves the existing state-of-the-art techniques significantly with regard to performance, coverage and memory usage.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
