Biblio

Jeopardy to cybersecurity threats in electronic systems is persistent and growing. Such threats present in hardware, by means such as Trojans and counterfeits, and in software, by means such as viruses and other malware. Against such threats, we propose a range of embedded instruments that are capable of real-time hardware assurance and online monitoring.

In this work, we propose a design flow for automatic generation of hardware sandboxes purposed for IP security in trusted system-on-chips (SoCs). Our tool CAPSL, the Component Authentication Process for Sandboxed Layouts, is capable of detecting trojan activation and nullifying possible damage to a system at run-time, avoiding complex pre-fabrication and pre-deployment testing for trojans. Our approach captures the behavioral properties of non-trusted IPs, typically from a third-party or components off the shelf (COTS), with the formalism of interface automata and the Property Specification Language's sequential extended regular expressions (SERE). Using the concept of hardware sandboxing, we translate the property specifications to checker automata and partition an untrusted sector of the system, with included virtualized resources and controllers, to isolate sandbox-system interactions upon deviation from the behavioral checkers. Our design flow is verified with benchmarks from Trust-Hub.org, which show 100% trojan detection with reduced checker overhead compared to other run-time verification techniques.