Scalable Hardware Trojan Activation by Interleaving Concrete Simulation and Symbolic Execution

Ahmed, Alif; Farahmandi, Farimah; Iskander, Yousef; Mishra, Prabhat

doi:10.1109/test.2018.8624854

Cited by 32 publications

(9 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We also adopt the "sensitivity" from [20] as a metric, which refers to the scaled delay difference between the DUT and golden design. The sensitivity is defined as: sensitivity= difference/delay{; 1 it*)) (2) where f* refers to the register producing the maximum delay difference, and t* refers to the test producing the maximum delay difference.…”

Section: Methodsmentioning

confidence: 99%

“…Existing Trojan detection techniques can be broadly classified into two categories: logic testing and side-channel analysis. Logic testing methods such as Automatic Test Pattern Generation (ATPG) [2] or statistical test generation [ 4,15] try to activate Trojans using generated tests, but they have two major limitations: (1) They suffer from high computational complexity for large designs. (2) Since it is infeasible to generate all possible input patterns, the generated tests are not effective in activating stealthy Trojans.…”

mentioning

confidence: 99%

“…Logic testing methods such as Automatic Test Pattern Generation (ATPG) [2] or statistical test generation [ 4,15] try to activate Trojans using generated tests, but they have two major limitations: (1) They suffer from high computational complexity for large designs. (2) Since it is infeasible to generate all possible input patterns, the generated tests are not effective in activating stealthy Trojans. The triggering conditions for Trojans are usually crafted as a combination of rare conditions, such that Trojan-implanted designs will retain exactly the same functionality as golden designs until a rare condition is satisfied to yield malicious behavior.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Test generation using reinforcement learning for delay-based side-channel analysis

Pan

Sheldon

Mishra

2020

Proceedings of the 39th International Conference on Computer-Aided Design

Self Cite

View full text Add to dashboard Cite

Section: Methodsmentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Test generation using reinforcement learning for delay-based side-channel analysis

Pan

Sheldon

Mishra

2020

Proceedings of the 39th International Conference on Computer-Aided Design

Self Cite

View full text Add to dashboard Cite

“…Logic testing is a reliable method that is independent of process variations, which is robust against process variations and noise margins [16,17]. It activates HTs by applying test vectors and compares the responses with the correct results.…”

Section: Introductionmentioning

confidence: 99%

An Efficient Framework with Node Filtering and Load Expansion for Machine-Learning-Based Hardware Trojan Detection

Meng¹,

Pan²,

Qiu³

et al. 2022

Electronics

View full text Add to dashboard Cite

The globalization of the integrated circuit (IC) industry has raised concerns about hardware Trojans (HT), and there is an urgent need for efficient HT-detection methods of gate-level netlists. Machine learning (ML) is a powerful tool for this purpose. A Trojan-detection framework is proposed in this paper to solve the data imbalance and low accuracy problems of existing ML-based HT-detection algorithms. To solve the problem of data imbalance, we propose the node-filtering algorithm, which extracts structure templates from HT circuits and removes most normal nodes based on them. To enhance the identification of unknown HT payload, we propose the load-expansion algorithm, which expands the identified HT nodes based on their fanout features. We evaluate the framework using different ML algorithms. The results show that the framework significantly improves the Trojan-detection rate of the original algorithms, and achieves a 10% improvement in true positive rate compared to the original algorithms.

show abstract

“…Therefore, verifying the security aspects of HLS IPs is crucial for CSPs to ensure accurate functionality. [8] Gate level ATPG binning + SAT formulation ISCAS85, ISCAS89, ITC99 ✗ Huang et al [28] Gate level Guided ATPG ISCAS85, ISCAS89 ✗ Liu et al [45] Gate level Genetic algorithm + SMT formulation TrustHub [55] ✗ Ahmed et al [5] Register transfer level Concolic testing TrustHub [55] ✓ Ahmed et al [4] Register Transfer Level Greedy concolic testing TrustHub [55] ✓ Lyu et al [44] Register Transfer Level Parallelism + concolic testing TrustHub [55] ✓ Veerana et al [58] HLS/SystemC Property checking S3C [59] ✓ Le et al [36] HLS/SystemC Guided greybox fuzzing S3C [59] ✗ Bin et al [38] HLS/SystemC Selective concolic testing S3C [59] ✗ Vafaei et al [57] C-level(from RTL) Symbolic Execution TrustHub [55] ✓ GreyConE [19] HLS/SystemC,C/C++ Greybox Fuzzing(GF) + Concolic Execution(CE) S3C [59],S2C [51] ✗ GreyConE+(Ours) HLS/SystemC,C/C++ Selective Instrumentation with GF + CE S3C [59], S2C [51],SC [40],Rosetta [66] ✓ functionalities like Trojans in IP designs introduces potential threats, including the risk of IP malfunctions, leakage of sensitive information, and potential damage to underlying hardware [48,58]. Vulnerabilities within third party HLS IPs might arise during the design phase, presenting similarities to security challenges encountered in untrusted electronics supply chains and the insertion of Trojans in pre-silicon hardware.…”

Section: Introductionmentioning

confidence: 99%

GreyConE: Greybox Fuzzing + Concolic Execution Guided Test Generation for High Level Designs

Debnath

Chowdhury

Saha

et al. 2022

2022 IEEE International Test Conference (ITC)

View full text Add to dashboard Cite

High-Level Synthesis (HLS) has transformed the development of complex Hardware IPs (HWIP) by offering abstraction and configurability through languages like SystemC/C++, particularly for Field Programmable Gate Array (FPGA) accelerators in high-performance and cloud computing contexts. These IPs can be synthesized for different FPGA boards in cloud, offering compact area requirements and enhanced flexibility. HLS enables designs to execute directly on ARM processors within modern FPGAs without the need for Register Transfer Level (RTL) synthesis, thereby conserving FPGA resources. While HLS offers flexibility and efficiency, it also introduces potential vulnerabilities such as the presence of hidden circuitry, including the possibility of hosting hardware trojans within designs.In cloud environments, these vulnerabilities pose significant security concerns such as leakage of sensitive data, IP functionality disruption and hardware damage, necessitating the development of robust testing frameworks. This research presents an advanced testing approach for HLS-developed cloud IPs, specifically targeting hidden malicious functionalities that may exist in rare conditions within the design. The proposed method leverages selective instrumentation, combining greybox fuzzing and concolic execution techniques to enhance test generation capabilities. Evaluation conducted on various HLS benchmarks, possessing characteristics of FPGA-based cloud IPs with embedded cloud related threats, demonstrates the effectiveness of our framework in detecting trojans and rare scenarios, showcasing improvements in coverage, time efficiency, memory usage, and testing costs compared to existing methods.

show abstract

Scalable Hardware Trojan Activation by Interleaving Concrete Simulation and Symbolic Execution

Cited by 32 publications

References 47 publications

Test generation using reinforcement learning for delay-based side-channel analysis

Test generation using reinforcement learning for delay-based side-channel analysis

An Efficient Framework with Node Filtering and Load Expansion for Machine-Learning-Based Hardware Trojan Detection

GreyConE: Greybox Fuzzing + Concolic Execution Guided Test Generation for High Level Designs

Contact Info

Product

Resources

About