| Title | SAIF: Automated Asset Identification for Security Verification at the Register Transfer Level |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Farzana, Nusrat, Ayalasomayajula, Avinash, Rahman, Fahim, Farahmandi, Farimah, Tehranipoor, Mark |
| Conference Name | 2021 IEEE 39th VLSI Test Symposium (VTS) |
| Date Published | apr |
| Keywords | Analytical models, Benchmark testing, Hardware, Measurement, Measurement and Metrics Testing, Metrics, pubcrawl, Registers, security assets, security metrics, security verification., Solid modeling, Very large scale integration, vulnerability assessment |
| Abstract | With the increasing complexity, modern system-onchip (SoC) designs are becoming more susceptible to security attacks and require comprehensive security assurance. However, establishing a comprehensive assurance for security often involves knowledge of relevant security assets. Since modern SoCs contain myriad confidential assets, the identification of security assets is not straightforward. The number and types of assets change due to numerous embedded hardware blocks within the SoC and their complex interactions. Some security assets are easily identifiable because of their distinct characteristics and unique definitions, while others remain in the blind-spot during design and verification and can be utilized as potential attack surfaces to violate confidentiality, integrity, and availability of the SoC. Therefore, it is essential to automatically identify security assets in an SoC at pre-silicon design stages to protect them and prevent potential attacks. In this paper, we propose an automated CAD framework called SAF to identify an SoC's security assets at the register transfer level (RTL) through comprehensive vulnerability analysis under different threat models. Moreover, we develop and incorporate metrics with SAF to quantitatively assess multiple vulnerabilities for the identified security assets. We demonstrate the effectiveness of SAF on MSP430 micro-controller and CEP SoC benchmarks. Our experimental results show that SAF can successfully and automatically identify an SoC's most vulnerable underlying security assets for protection. |
| DOI | 10.1109/VTS50974.2021.9441039 |
| Citation Key | farzana_saif_2021 |
SAIF: Automated Asset Identification for Security Verification at the Register Transfer Level