2 research outputs found
Secure Instruction and Data-Level Information Flow Tracking Model for RISC-V
Rising device use and third-party IP integration in semiconductors raise
security concerns. Unauthorized access, fault injection, and privacy invasion
are potential threats from untrusted actors. Different security techniques have
been proposed to provide resilience to secure devices from potential
vulnerabilities; however, no one technique can be applied as an overarching
solution. We propose an integrated Information Flow Tracking (IFT) technique to
enable runtime security to protect system integrity by tracking the flow of
data from untrusted communication channels. Existing hardware-based IFT schemes
are either fine-, which are resource-intensive, or coarse-grained models, which
have minimal precision logic, providing either control flow or data-flow
integrity. No current security model provides multi-granularity due to the
difficulty in balancing both the flexibility and hardware overheads at the same
time. This study proposes a multi-level granularity IFT model that integrates a
hardware-based IFT technique with a gate-level-based IFT (GLIFT) technique,
along with flexibility, for better precision and assessments. Translation from
the instruction level to the data level is based on module instantiation with
security-critical data for accurate information flow behaviors without any
false conservative flows. A simulation-based IFT model is demonstrated, which
translates the architecture-specific extensions into a compiler-specific
simulation model with toolchain extensions for Reduced Instruction Set
Architecture (RISC-V) to verify the security extensions. This approach provides
better precision logic by enhancing the tagged mechanism with 1-bit tags and
implementing an optimized shadow logic that eliminates the area overhead by
tracking the data for only security-critical modules
Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations
Verifying the absence of maliciously inserted Trojans in ICs is a crucial task – especially for security-enabled products. Depending on the concrete threat model, different techniques can be applied for this purpose. Assuming that the original IC layout is benign and free of backdoors, the primary security threats are usually identified as the outsourced manufacturing and transportation. To ensure the absence of Trojans in commissioned chips, one straightforward solution is to compare the received semiconductor devices to the design files that were initially submitted to the foundry. Clearly, conducting such a comparison requires advanced laboratory equipment and qualified experts. Nevertheless, the fundamental techniques to detect Trojans which require evident changes to the silicon layout are nowadays well-understood. Despite this, there is a glaring lack of public case studies describing the process in its entirety while making the underlying datasets publicly available. In this work, we aim to improve upon this state of the art by presenting a public and open hardware Trojan detection case study based on four different digital ICs using a Red Team vs. Blue Team approach. Hereby, the Red Team creates small changes acting as surrogates for inserted Trojans in the layouts of 90 nm, 65 nm, 40 nm, and 28 nm ICs. The quest of the Blue Team is to detect all differences between digital layout and manufactured device by means of a GDSII–vs–SEM-image comparison. Can the Blue Team perform this task efficiently? Our results spark optimism for the Trojan seekers and answer common questions about the efficiency of such techniques for relevant IC sizes. Further, they allow to draw conclusions about the impact of technology scaling on the detection performance