Hardware/software security co-verification and vulnerability detection: An information flow perspective

Security vulnerabilities provide attackers unauthorized access to critical resources and effective attack surfaces to compromise a system. Security verification is an emerging technique for detecting and locating such threats. However, existing security verification methods are typically restricted...

Full description

Saved in:
Bibliographic Details
Published in:Integration (Amsterdam) 2024-01, Vol.94, p.102089, Article 102089
Main Authors: Qin, Maoyuan, Zhu, Jiacheng, Mao, Baolei, Hu, Wei
Format: Article
Language:English
Subjects:
Hardware and software security co-verification
Information flow security
Security model
Security property
Vulnerability detection
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Security vulnerabilities provide attackers unauthorized access to critical resources and effective attack surfaces to compromise a system. Security verification is an emerging technique for detecting and locating such threats. However, existing security verification methods are typically restricted within the hardware or software boundary and incapable of meeting cross-layer verification requirements due to the differences in design semantics and the lack of a security model that fits both hardware and software. We attempt to address such a limitation from the perspective of information flow analysis and propose a hardware/software security co-verification method, which can check information flow security properties on fine-grained hardware information flow models. The proposed method can pinpoint security vulnerabilities by capturing information flow security property violations under clues of malicious information flows. Our information flow security model and properties are described using standard hardware design and verification languages, which allows our method to be seamlessly integrated with electronics design automation flows. Experimental results using RISC-V hardware/software designs show that the proposed method detects software, hardware and system-level security vulnerabilities, effectively. •Developing a formal model for precisely modeling information flows in both HW and SW.•Proposing a HW/SW security co-verification method using standing EDA tools.•Providing a vulnerability detection method through formal security co-verification.
ISSN:0167-9260
1872-7522
DOI:10.1016/j.vlsi.2023.102089