Evaluating Security Requirements in a General-Purpose Processor by Combining Assertion Checkers with Code Coverage [poster] by Bilzor, Michael et al.
Calhoun: The NPS Institutional Archive
Faculty and Researcher Publications Faculty and Researcher Publications
2012-06
Evaluating Security Requirements in a
General-Purpose Processor by
Combining Assertion Checkers with
Code Coverage [poster]
Bilzor, Michael
Michael Bilzor, Ted Huffmire, Cynthia Irvine, and Tim Levin, Evaluating Security Requirements
in a General-Purpose Processor by Combining Assertion Checkers with Code Coverage.
Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust
(HOST), San Francisco, CA, June 2012, Pages 49-54.
http://hdl.handle.net/10945/36701
Evaluating Security Requirements in a 
General-Purpose Processor Using 










PSL Parser and  
Rewrite Rules 
Automata Construction  
and Combination 
Automata  











 Michael Bilzor1 Ted Huffmire2 
 Cynthia Irvine2 Tim Levin2 
1 - U.S. Naval Academy 
2 - U.S. Naval Postgraduate School • PROBLEM: How to tractably verify security 
requirements in hardware.   
• GOAL: Express and enforce security 
requirements in a processor design.   
• IDEAS:  
• Use assertions in the Property 
Specification Language (PSL) to map 
architectural security requirements to a 
processor's implementation.  
• Convert the PSL assertions into 
synthesizable HDL checkers, and add 
them to the design. 
• Run the processor testbench with 
coverage. Detect policy violations with 
the checkers, using coverage to isolate 
unused circuits for further analysis. 
• ANTICIPATED BENEFITS: The ability to 
detect some hardware malicious 
inclusions, while greatly reducing the 
portion of a design that must be analyzed 
manually. 
• FUTURE RESEARCH: Evaluate on more 
processor platforms. Experiment against 
adversary malicious-inclusion designers. 
Fabricate demonstrations in silicon. 









Verification Testbench triggers malicious circuit 
Assertions checkers flag the   
security policy violation 
Testbench does not trigger malicious circuit 
Manual analysis only required on uncovered 
circuit elements, rather than entire design 
Covered 
Uncovered 
Violation Detected No Violation Detected 
1. Generate 
Assertion Checkers 
