ABSTRACT Computing hardware has become an attractive attack surface due to the globalization of semi-conductor design and supply chain, and the wide integration of third-party intellectual property cores. Recently, gate-level information flow tracking (GLIFT) has been proposed to monitor the flow of information in secure hardware design by associating data objects with sensitivity labels and tracking the flow of labeled data. GLIFT can be used to model and verify security-related properties, such as confidentiality and integrity. However, existing work in this realm only considers binary labels. These are inadequate for understanding simultaneous information flow behaviors and the root source information flows. In this paper, we propose a precise multi-bit GLIFT method to perform simultaneous multi-bit flow tracking for understanding exactly which bits are affecting a data object at the same time. The proposed method provides more detailed insights into simultaneous information flow behaviors and thus allows proof of quantitative information flow data properties. We compare the complexity and verification performance for different information flow models using primitive gates, IWLS benchmarks, several cryptographic cores, and trust-HUB benchmarks. Experimental results have demonstrated that our method can reason about multi-bit information flow behaviors and identify potential security flaws.
I. INTRODUCTION
With the consistent increase in the complexity of hardware designs, globalization of hardware supply chain and wide application of third party intellectual property (IP) cores, the traditional system design flow can no longer guarantee design security since it is impossible to fully cover the design state space in testing and verification. As a result, design flaws and security vulnerabilities are inevitable. It is widely accepted that function verification using traditional hardware design tools only provides limited support for detecting security vulnerabilities. For example, an implementation flaw in the Qualcomm TrustZone is used to break Android's full disk encryption design feature [1] . Recent researches revealed that the estimated possibility of design code flaws and data security vulnerabilities in computing secure system are more than designers might previously have thought [2] - [4] .
As a possible solution, information flow tracking (IFT) has been proposed to detect security vulnerabilities that can cause violation of information flow security policies. It can be used to specify and verify important security properties related to the flow of information. IFT associates each data object with a label and monitors the flow of labeled information through the entire system and detects security vulnerabilities by capturing harmful flow of information. IFT provides an effective approach for enforcing information flow data analysis at various levels of the system stack, including compiler/ programming language, operating system, instruction set architecture and design bottom level. Among existing IFT methods, gate level information flow tracking (GLIFT) uses fine granularity labels and propagation policies. It precisely measures information flows through Boolean gates [5] and models all logical flows in a unified manner, enabling the verification of important security properties related to confidentiality, integrity, and timing channel. Hu et al established the fundamental theories and presented complexity analysis of GLIFT [6] , [7] .
All of the existing IFT methods tend to take a quantitative approach and provide a binary answer for information flow security properties. Giving a binary answer means that these IFT techniques are capable of indicating existence of information flows while failing to quantify the amount of information flowed. At the hardware level, the quantitative approach is implemented using a single bit label for each data bit. Such tracking at the gate level allows for definition of fine grained label propagation rules which can account for multiple forms of flows including explicit, implicit and timing flows [6] , [8] , [9] . However, the complexity of digital circuits calls for study of more convoluted security properties such as quantified metrics and comparative analysis. For example, existing IFT methods can easily detect flow of the secret key to the cipher text in a cryptographic algorithm, while neither of them can quantify such information or detect whether the key is maliciously leaked to the cipher.
In this work, we discuss how GLIFT technique can be enhanced to simultaneously track multiple flows of information by defining multi-bit security labels and designing novel label propagation rules. We show how the multi-flow GLIFT technique can be used to analyze a wider range of security properties and can be leveraged to qualify the flow of information in hardware cores. Specifically, this paper makes the following contributions:
• Proposing a precise multi-flow tracking method to propagate labels for gate level information flow tracking;
• Applying this multi-flow GLIFT method to implement information flow security verification and proof quantitative security properties of information flow;
• Presenting comparative analysis to evaluate complexity using IWLS benchmarks and prove security properties using several RSA cores and trust-HUB benchmarks. The remainder of the paper is organized as follows. We briefly review related work in Section II. Section III provides the concepts of two-level, multi-level and multi-flow IFT. In Section IV, we propose a method for multi-flow tracking and discuss the details of multi-flow security verification. In Section V, we verify multi-flow properties using a design example. Section VI presents experimental results in terms of model complexity and security verification. We conclude the paper in Section VII.
II. RELATED WORK
Information flow tracking (IFT) has been proved to be effective in detecting security vulnerabilities and preventing attacks through side channels. IFT is a frequently used method to analyze the security of a system [10] , [11] and detect information flows at the end-to-end level, which is established to associate each data with a label for monitoring how information and its label flows throughout the system [12] - [14] . IFT provides an effective approach for preventing unintended interaction between different components in a system. It is useful for deploying information flow security and enforcing its security properties at various levels of the entire system, including compiler/programming language [15] , operating system [16] , [17] , instruction set architecture [18] and hardware level [18] , [19] . However, the coarse-grained design rules are generally used in these previous IFT methods, which lead to higher design complexity [11] , [20] , the huge number of additional overhead [16] , [19] or overly conservative propagation policies [21] , [22] . IFT has been widely deployed to identify security properties at hardware level. A novel technique is that hardware IFT is proposed for hardware Trojan detection through proof of security properties. [23] . Another RTL certification method can precisely account for the flow of sensitive information through both steady or transient states [24] . It has shown in previous work that hardware IFT can be used to separate timing and functional flows between IP blocks in SoC systems [25] , identify and eliminate timing channels in I2C and USB [8] , guarantee information flow security in embedded systems [26] , craft verifiably information flow secure architectures [27] , investigate security violations due to timing side channels [9] , and detect the hardware Trojans through violating the information flow security properties related to confidentiality and integrity [23] .
GLIFT uses fine granularity labels in propagation policies, which has been proposed to precisely measure how information flows through Boolean gates at hardware level [5] . It captures and monitors all logical flows in a unified manner that enables the verification of some properties related to confidentiality, integrity, logical side channels and some security properties related to information flow logic. In addition, the fundamental theories and the complexity analysis of GLIFT are proposed respectively [6] , [7] . Further, The theoretical expansion of GLIFT provides a general method to expand the GLIFT for multilevel security lattices based on common two-level security labels [28] , [29] . Furthermore, the security lattices model, first proposed for describing information flow channel and policy by Denning [10] , [12] , can be modeled as a finite security lattice and security classes indicating different security levels of data objects. Recent work investigates the tradeoffs of logic synthesis on precision and complexity of GLIFT that can be used to generate further simplified logic and reduce securicy logic complexity for imprecise GLIFT models with selectively introducing false positives [30] . Specifically, register transfer level IFT (RTLIFT) is proposed to implement high level IFT using hardware description language (e.g., RTLIFT) [31] .
Previous work focuses on binary security label (one-bit label) tracking models for GLIFT, which proves binary security properties and can not satisfy information flow tracking for modern high-performance architectures. A binary decision is made regarding the flow of information between various design points, which in turn restricts the capabilities of these methods. Thus, it need to monitor information flow using multi-flow model through multi-flow label due to its multiple inputs simultaneously. In this work, we enhance GLIFT to track multiple flows simultaneously by defining multi-flow security labels and enable analyzing a wider range of security properties. VOLUME 6, 2018
III. BACKGROUND AND MOTIVATION
In this section, we cover the ideas behind two-level and multi-level hardware IFT and their draw backs in modeling multi-flow behaviors. We discuss the preliminary work in this section to enable a better understanding of our research. We focus on various background literature including the security lattices model, two-level IFT and multi-level IFT.
A. SECURITY LATTICES MODEL
The lattice model [12] was proposed by Denning for describing information flow policy. An information flow policy can be modeled as a finite security lattice L = {SC, }, where SC is the set of security classes indicating different security levels of data objects and defines the partial order on these security classes. Defined function L: x → SC to represent safety data object x belongs to the security class. The arrow indicates the direction of information flows that reflect security policy and the partial order defined by the security lattice. The symbols in the lattice represent security classes, such as SC = {Low, High} for two-level security lattices or SC = {Unclassified, Secret, Top Secret} for three-level security lattices.
B. THE GLIFT METHOD
GLIFT provides a model for understanding how data propagates through a hardware design [5] . Each data bit is assigned a label to characterize its security level (such as confidential or unclassified). It adopts fine-grained labels to implement strict and precise information flow analysis, this label is propagated through the system under pre-defined policies to prevent unintended information flows. Each binary bit is associated with a tag called taint (or taint label). When the data is involved in computing in the system, the taint label will be propagated through the system, too. The information included in the data is regarded as tainted when its taint is logic true and untainted when its taint is logic false. Taint is propagated from the input to the output of the hardware design if and only if the value of any tainted input has an influence on the output.
The original GLIFT method targets a two-level security lattice low high, stating that high information is never allowed to flow to a low portion. Consider an AES example. To analyze the security of the key, GLIFT usually labels the entire key or individual key bits as high. The message needs to be marked as low since the lattice only has two security classifications. After performing the key xor message operation, the intermediate encryption result and the temporary ciphertext will become high due to a flow from the key. When the entire encryption is complete, the final ciphertext will also be high. However, the GLIFT method cannot tell that the high intermediate result will leak information while the final high ciphertext is safe to declassify. This is because GLIFT only indicates there is a flow from the key or none. However, it does not tell how many key bits are flowing simultaneously to a specific ciphertext bit.
An essential step for tracking multiple information flows is to associate different data with labels of different security levels. Such extended GLIFT method targets more general security lattices [12] to enable a finer classification of security labels. This will allow understanding the flow of information among hardware components of different security levels (e.g., unclassified ethernet, confidential cryptographic core, and secret boot ROM). Still consider the AES core. Using a three-level security lattice unclassified confidential secret, we can now mark the key as secret, the message as confidential and control inputs as unclassified. After performing the key xor message operation, the temporary ciphertext will become secret since it dominates the security label of the message. A multi-level GLIFT model still cannot provide answers to questions such as how many key bits are flowing to a ciphertext bit and are the message bits flowing simultaneously to that bit?
To detect the security flaw in the AES core using the GLIFT method, we need to mark a single key bit each time in order to determine that the marked key bit only flows to the corresponding bit in the temporary ciphertext. This requires running multiple analysis, which can cause overheads in verification performance. Employing a multi-level GLIFT method will enable tracking more information flows at the same time. However, a security lattice with a large number of security classes is required to understand the flow of each individual key bit. This will soon become intractable due to the exponential increase in complexity of multi-level GLIFT model as the security lattice grows more complicated.
C. TWO-LEVEL INFORMATION FLOW TRACKING
Traditional information flow models target a conservative security format. Under such model, all signals in the computing design will flow to the higher security class. Let LOW and HIGH denote two security classes respectively. Consider a two-input AND (AND-2) gate and let input A be LOW while input B be HIGH. A partial conservative information flow model for AND-2 can be shown in Table 1 . Binary security properties can be verified on a two-level information flow model. The information flow security property enforced by the corresponding security lattice states that HIGH information should never flow to a LOW portion. Two-level information flow models target a two-level security lattice LOW HIGH. Under such a lattice, all signals in the hardware design will be classified as either LOW or HIGH. Then, a two-level information flow model will be used to understand the flow of HIGH information. Consider a twoinput AND (AND-2) gate and let input A be LOW while input B be HIGH. The information flow model should precisely track when the HIGH information in B could flow to the output O. Table 2 illustrates such a model.
According to the notion of information flow, the HIGH information in B flows to O if and only if B has an effect on the output. In two-level IFT, each binary data bit is associated with a label to indicate its security level, e.g., trusted/untrusted, confidential/unclassified or low/high. Twolevel IFT provides a more precise approach that the output influenced by data actually is bounded to the most restrictive security label. Consider the partial truth table in Table 2 , where A is LOW while B is HIGH. In the first row, both A and B have an influence at (or dominate) the output, thus the output should be set to LOW since LOW is a more restrictive label. In the second and third rows, A (or B) determines the output, the output should take the security label of A (or B). In the fourth row, neither A nor B dominates the output. In this case, the output should be labeled as HIGH since a change in the HIGH input B could lead to a change in the output. When considering a full truth table, we can derive the GLIFT logic for AND-2. 
D. MULTI-LEVEL INFORMATION FLOW TRACKING
Multi-level information flow models target more general security lattices [12] . This will allow understanding of information flow among hardware components of different security levels (e.g., boot rom, cryptographic core, and display port). Consider a three-input AND gate (AND-3) processing information classified using a three-level linear security lattice Unclassified Secret Top Secret. Let input A be Unclassified, B be Secret and C be Top Secret. The information flow model should precisely track when Secret or Top Secret information flows to the output O. Table 3 gives such a model.
Consider the partial truth table in Table 3 , let input A be Unclassified, B be Secret and C be Top Secret respectively in the three-level lattice. In the first row, all A, B and C have an influence at the output, thus the output should be set to Unclassified. In the fifth and sixth rows, both B and C determine the output, the output should be set to Secret since Secret is a more restrictive label. Similarly, information of a higher security level cannot flow to the output when an input of lower security level dominates the output. The difference is that the model allows a finer classification of security labels, which is desirable when reasoning about the security between multiple parties.
For the two-level and multi-level information flow models, the output can only take one security label at any time. They can be used to determine if there is a flow. However, they are inadequate in describing information flow scenarios where information in multiple data objects flows simultaneously. As an example, all bits of the secret key are required to flow to the ciphertext. We propose a multi-flow IFT method for modeling such simultaneously information flow behaviors.
E. MULTI-FLOW INFORMATION FLOW TRACKING
For the two-level and multi-level information flow models, the output can only take one security label at any time. They can be used to determine if there is a flow. However, they are inadequate in describing information flow scenarios where information in multiple data objects flows simultaneously. As an example, all bits of the secret key are required to flow to the ciphertext. In such cases, the two-level and multi-level models will only indicate one of the key bits flows to the ciphertext. We need a multi-flow IFT model that tracks the flow of each data object through the hardware design.
Take the AES S-Box as an example. The multi-flow model can be used to determine if all S-Box inputs flow to all the S-Box output simultaneously. This model assigns an eight-bit label to each input bit of the S-Box. By observing the multiflow label for an output, we mark a flow from an input to the output when the label bit corresponding to that input is set.
IV. MULTI-FLOW TRACKING METHODOLOGY A. LABEL ENCODING AND MAPPING
To track multiple information flows simultaneously, we need to expand the binary encoding security label for two-level and multi-level IFT to a one-hot encoding. In this way, each bit in the multi-flow security label only tracks the propagation of one input bit.
For a better understanding, consider a four-bit signal A. The two-level IFT method targets a two level security label. Thus, we have the taint labels At[i] ∈ {0, 1}, where 0 ≤ i ≤ 3. The multi-level IFT method allows a finer classification of security labels. If each individual bit in A takes a different label, we have the taint labels ALt[i] ∈ {00, 01, 10, 11}. Using a binary encoding scheme, two bits will be enough for encoding the taint labels. By comparison, the multi-flow IFT method uses a one-hot encoding. Each data bit will be assigned a four-bit label. Thus, the taint label AMt[i] ∈ {0000, 0001, 0010, 0100, 1000}. Here 0000 corresponds to the case when At[i] = 0.
VOLUME 6, 2018
Now we define the rules for mapping the binary taint labels to that for multi-flow. Given an n-bit signal B, we need n-bit security labels in one-hot encoding for each signal bit. Let Bt and BMt be the taint labels for two-level and multi-flow tracking respectively. When
to the first vacant n-bit one-hot encoding code and mark that code as occupied.
B. LABEL PROPAGATION POLICY
The two-level IFT method provides a precise measurement of if there is a flow. We need to expand the security label used by GLIFT to track the propagation of each input data bit to be monitored. Take AND-2 as an example, let A, B and O be its inputs and output respectively. Use At, Bt and Ot to denote their security labels under two-level IFT. From the label propagation policy for AND-2 under two-level IFT, it can be formalized as Equation (1).
Equation (1) indicates that when A is logical 1 and B is HIGH, the output will be HIGH; when B is logical 1 and A is HIGH, the output will also be HIGH; Or when both A and B are HIGH, the output will doubtlessly be HIGH. It cares only about if there is any HIGH information flow from either A or B to the output. However, when there is indeed a flow, it does not tell which input caused the flow. Understanding the source of harmful information flows can be beneficial for identifying a security vulnerability. To do this, we need a label propagation policy that tracks the flows of information from multiple variables simultaneously.
As mentioned, the two-level IFT model precisely indicates if there is a flow. When there is no flow, the multi-flow label should be all zeros. When there is a flow, the multi-flow label should reflect where the flow was from. The subtle case is when there are multiple HIGH inputs. The label propagation policy should track the HIGH information flow from each input to the output. Figure 1 (a) shows the tracking logic for implementing such a label propagation policy for AND-2. Here, A and B are the original inputs of AND; At and Bt are the two-level security labels; AMt, BMt and OMt are the multi-flow security labels. We define an intermediate variable Ot, which reflects the two-level security label for the output. We use this variable as the select line to set and reset the multiflow security label. The label propagation policy is shown as The label propagation policy for invertor is relatively more straightforward. This is because an invertor will only flip the original input while not affecting the security label. The label propagation policy for an invertor is shown as follows: To understand multi-flow behaviors of hardware designs, a first step is to create multi-flow tracking logic for digital circuits. This can be a challenging task if we enumerate the input/output relations in a brute force way. As an alternative approach, we can synthesize the hardware design into design netlist consisting of a small set of logic primitives (e.g., AND, OR, Invertor). Deriving multi-flow IFT logic for these smaller primitives has significantly lower complexity. With the multi-flow tracking logic for logic primitives, we can then discretely map the logic primitives in the design netlist to its corresponding multi-flow tracking logic in a constructive manner. Using this approach, multi-flow tracking logic can be generated for large hardware design in polynomial time. Figure 2 illustrates this constructive method.
D. MULTI-FLOW SECURITY PROPERTIES
With the multi-flow IFT model, we can prove a different type of security other than binary. For a better understanding, consider an RSA core. Under the two-level IFT model, we can label the private key and plaintext as HIGH and check if the ciphertext will be HIGH. Formal proof will indicate that all the ciphertext bits will be HIGH. Under the multi-level IFT model, we can label the inputs in a finer granularity. For example, we can mark the key as Top Secret and the plaintext as Secret. We can then check what kind of security label the ciphertext will take with a formal verification tool. Proof results will show that the ciphertext bits will all be Top Secret. Here, the output labels will be evaluated to the highest security label on the security lattice. As a result, it does not reveal the flow from the plaintext to the ciphertext. set property key, plaintext : HIGH assert property ciphertext : HIGH assert property ready : HIGH Under the multi-flow security model, we can use a onehot encoding to encode the key and plaintext and track the propagation of each key or plaintext bit to the ciphertext. By checking if all bits in the multi-flow security label for the ciphertext are asserted, we can understand if all key bits flow to every single bit of the ciphertext. This can be done by summing up all security label bits for the ciphertext and check if the sum is exactly the width of the security label signal using an SMT solver.
V. MULTI-FLOW GLIFT SECURITY VERIFICATION
In this section, we provide a security verification approach using multi-flow IFT. We also provide an example of backward tracking using multi-flow IFT model.
A. SECURITY VERIFICATION
Under the two-level GLIFT model, we can label the input as HIGH and check if the output will be HIGH. It describes how the GLIFT model can be used to verify such a security property. With the multi-bit IFT model, we can prove a different type of security property other than binary.
For a better understanding, consider the AES S-Box as an example, all bits of the secret key are required to flow to the ciphertext. In such cases, the two-level and multi-level models will only indicate one of the key bits flows to the ciphertext. We need a multi-flow IFT model that tracks the flow of each key bit through the hardware design. The multiflow model can be used to determine if all S-Box inputs flow to all the S-Box outputs simultaneously. This model assigns an eight-bit label in one-hot encoding to each input bit of the S-Box. By observing the multi-flow label for an output, we mark a flow from an input to the output when the label bit corresponding to that input is set.
If we mark all key bits as HIGH at the same time, the GLIFT model cannot tell which key bit will flow to the output. We have to set one key bit to HIGH each time and use a formal tool to check all ciphertext bits to see if they will be HIGH. This requires running 128 instances of the proof with different security constraints on the key and thus cause significant verification performance overheads. Meanwhile, the two-level GLIFT model does not reveal how severe the flow is. When multiple key bits are flowing to each ciphertext bit at the same time, it can be mathematically difficult to decode information about individual key bits.
Under the multi-level IFT model, we can label the inputs in a finer granularity. For example, we can mark different groups of the key bits as different security labels using the lattice UNCLASSIFIED SECRET TOP SECRET and then check the security label of the ciphertext. The following shows a security theorem for this security property. We can then check what kind of security label the ciphertext will take with a formal verification tool. Proof results will show that the ciphertext bits will all be Top Secret. Here, the output labels will be evaluated to be the highest security label of the security lattice. As a result, it does not reveal the flows from the lower 96 key bits to the ciphertext.
Under the multi-flow security model, we can use the encoding technique introduced in Section IV-A and track the propagation of each key bit to the ciphertext. The following gives a security theorem for the property, where key_i[w] and cipher_i[w] are the multi-flow labels for the w-th bits of key and ciphertext respectively. Here, we can contain all key bits time and complete the verification in a single run. VOLUME 6, 2018 for w in 0 to 127 do set key_i[w] := 128'h0000_0000_0000_0001 << w end for set Others := 128'h0000_0000_0000_0000 assert cipher_i[w] ≡ 128'hFFFF_FFFF_FFFF_FFFF By checking if the multi-bit security labels for all bits of the outputs are asserted, we can understand the severity of the flow. When multiple input bits are flowing to each output bit at the same time, it can be mathematically difficult to decode information about individual key bits. By comparison, when only a few key bits are flowing, there can be a significant defect in the cipher implementation.
B. AN EXAMPLE OF MULTI-FLOW MODEL
For a better understanding, consider signal A under the multiflow security label. Table 4 shows the security labels for different IFT models. Under the two-level method, we have the taint labels At ∈ {0, 1}. Thus, At is ont-bit wide label. The multi-bit IFT method allows a finer expansion of security labels. Each individual bit in A can take a different label, we have Ai[w] ∈ {000, 001, 010, 100}, which can be encoded with three bits. Therefore, At is three-bit wide for the multiflow IFT method. For the back tracking information flow models, we need to measure where the unexpected information flow come from. Take the AND-2 as an example. The multi-bit model can be used to determine if all inputs flow to all the output simultaneously. This model also indicates which input leads to tainted output as Figure. 3 shown. Let A, B and O denote the inputs and output of AND-2 while their security labels are denoted by At, Bt and Ot respectively. The label policies and corresponding encoding implementations are shown in Table 5 . The IFT logic for AND-2 can be derived from Table 5 , which are shown in Equation (2) and (3) respectively.
(2)
For the three-input AND gate (AND-3), let A, B, C and O denote the inputs and output of AND-3 while their security labels are denoted by At, Bt, Ct and Ot respectively. From Section IV-A, the security labels are set to three bits to satisfy the requirements of three inputs. The label encoding method are shown in Table 6 . Here, the taint label for the output comes from 7 different taint sources of the inputs. From Table 6 , the equations of IFT logic for AND-3 can be derived under multiflow model respectively. For an n-bit label wide, there are elements in the label propagation rule set of AND-2. Thus, label propagation rule set enumeration soon becomes a complicated and errorprone process as n grows. Instead, we use a more efficient way to derive IFT logic for AND-2 under arbitrary level of linear lattices.
VI. EXPERIMENTAL RESULTS
In this section, we present experimental results. In Section VI-A, we perform scalability analysis using primitive gates to show how the complexity of the multiflow model grows with the number of flows. We further present complexity analysis by comparing the area of twolevel, four-level and several multi-flow IFT logic for IWLS benchmarks [32] in Section VI-B. We perform comparison of security verification performance across different IFT models in Section VI-C.
A. SCALABILITY ANALYSIS
As described in Section IV-C, the multi-flow IFT logic for large circuits can be generated in a constructive manner by instantiating tracking logic for each logic primitive. Thus, the scalability of tracking logic for logic primitives should reflect the entire circuit scalability. We perform scalability analysis using primitive gates when tracking different number of flows. We generate IFT logic for N input AND and OR gates for scalability analysis under the multi-flow IFT model. The resulting circuits are synthesized using Synopsys Design Compiler and targeted to the SAED 90nm standard cell library for area. We use area of the tracking logic as a measure of complexity. This is because area is proportional to the number of gates, which positively correlates to formal verification performance. Figure 4 shows the results. From Figure 4 , when the number of flows to be monitored is doubled, the area for multi-flow tracking logic also increases by about 1X. Thus, the complexity of the multi-flow IFT model increases linearly to the number of flows.
B. COMPLEXITY ANALYSIS
We further perform complexity analysis by comparing the various models using IWLS benchmarks [32] . The benchmarks are first synthesized using Synopsys Design Compiler and mapped to its internal technology library. The synthesized netlist are then augmented with IFT logic by mapping the logic primitives to IFT libraries for the two-level, multi-level and multi-flow IFT models using the constructive method. The generated IFT logic circuits are then synthesized and mapped again for area, delay and power reports. We conducted experiments using several IWLS benchmarks to obtain area, delay and power results to show the overheads of multi-flow information flow tracking. Overheads in area, delay and power are provided to show the complexity of IFT logic as compared with the original circuit.
By comparison of the normalized average area for 2-level and 2-bit, we can see that the 2-bit IFT logic doubles the area. However, the 2-bit model can track 2 bits while the 2-level model only tracks one. The increase in complexity is due to the reason that the multi-flow IFT method uses a one-hot encoding. However, the 2-level IFT model still only tracks the information flows of the highest security class. The 2-bit model can track information flows with two different security classes. Thus, the multi-flow IFT method can reduce the number of security verifications. By comparison of 2-bit, 4-bit and 8-bit models, there is about 1.5 times increase in average for area complexity of tracking logic when doubling the number of flows to be tracked (in this case, area of 2-bit as the statistical benchmarks). We can also analyze delay and power for 2-lev, 2-bit, 4-bit and 8-bit models. From Table 7 , take the alu4 as an example, the area reports 10765/20915/30732/49360 um 2 for 2-lev/ 2-bit/4-bit/8-bit models, the delay reports 2.27/2.47/2.47/ 2.71 ns for 2-lev/2-bit/4-bit/8-bit models and the power reports 2.18/4.40/6.99/11.55 uW for 2-lev/2-bit/4-bit/8-bit models.
C. SECURITY VERIFICATION ANALYSIS
We use several cryptographic cores and trust-HUB benchmarks [33] for security verification analysis. We compare the verification performance across two-level, four-level and multi-flow IFT methods. We compare the verification performance across two-level, four-level and multi-flow IFT TABLE 7. Area, delay and power of IWLS benchmarks using two-level and multi-flow IFT. Area is in square micrometers (um 2 ); delay is in nanoseconds (ns); power is in microwatts (uW ). methods. There is some difference in the types of security properties that can be proved on different models. Take the RSA-32 design shown in the second row of Table 8 for example, we label a signal key bit and would like to understand where this key bit will flow using the two-level IFT model; we mark two key bits with different labels and observe the output labels using the four-level IFT model; we label 8 key bits and track their propagation to each ciphertext bit using the multi-flow model. We then use the Mentor Graphics Questa Formal tool to obtain the verification time reports. Table 8 gives the verification time reports.
From Table 8 , the multi-flow model tends to take longer verification time. However, it still can be beneficial because this model tracks multiple flow during each proof. Still consider the RSA-32 example, it takes the two-level model 18 seconds to prove where a single key bit can flow. It is important to note that we cannot label multiple key bits for the two-level model in this proof. Otherwise, we will not be able to tell which key bit actually propagates to a specific output. To understand the propagation of all the key bits, we need to label a different key bit each time and run multiple verifications. In case of a 32-bit RSA, this will require 32 proofs, which results in a total verification time of 18 * 32 = 576 sec. It is possible to label multiple key bits under the multi-level IFT model. However, this model will evaluate the output labels to the highest security class. We will not be able to understand the propagation of key bits marked as lower security classes. Thus, we still need to run 32 proofs. By comparison, the multi-flow method can model simultaneous information flow behaviors. We monitored the propagation of 8 key bits within 31 sec. Understanding the propagation of all key bits requires running a total of 4 proofs, which yields to a total proof time of 51 * 4 = 204 sec.
The multi-flow model can be more complex when compared with the two-level or multi-level models. However, it can be used to prove quantified security properties, e.g., at least x bits of the key should flow to a ciphertext bit. By comparison, the two-level and multi-level models can be more efficient in proving qualitative security properties, e.g., no key bit information should flow to a given output.
VII. CONCLUSIONS
This paper presents a new multi-flow method for label propagating and information flow tracking for secure hardware design. We propose a multi-flow IFT method to understand security properties and perform information flow security verification. Experimental results show that the proposed method can detect security vulnerabilities with acceptable overhead over the original GLIFT method and allows verifying quantitative information flow security properties.
