research-article

SHarPen: SoC Security Verification by Hardware Penetration Test

Authors:

Hasan Al-Shaikh,

Mridha Md Mashahedur Rahman,

Kimia Zamiri Azar,

Farimah Farahmandi,

Mark TehranipoorAuthors Info & Claims

ASPDAC '23: Proceedings of the 28th Asia and South Pacific Design Automation Conference

Pages 579 - 584

https://doi.org/10.1145/3566097.3567918

Published: 31 January 2023 Publication History

Abstract

As modern SoC architectures incorporate many complex/heterogeneous intellectual properties (IPs), the protection of security assets has become imperative, and the number of vulnerabilities revealed is rising due to the increased number of attacks. Over the last few years, penetration testing (PT) has become an increasingly effective means of detecting software (SW) vulnerabilities. As of yet, no such technique has been applied to the detection of hardware vulnerabilities. This paper proposes a PT framework, SHarPen, for detecting hardware vulnerabilities, which facilitates the development of a SoC-level security verification framework. SHarPen proposes a formalism for performing gray-box hardware (HW) penetration testing instead of relying on coverage-based testing and provides an automation for mapping hardware vulnerabilities to logical/mathematical cost functions. SHarPen supports both simulation and FPGA-based prototyping, allowing us to automate security testing at different stages of the design process with high capabilities for identifying vulnerabilities in the targeted SoC.

References

[1]

A. Adamov et al. 2009. The problem of Hardware Trojans detection in System-on-Chip. In CADSM. 178--179.

[2]

A. Ahmed et al. 2018. Scalable hardware trojan activation by interleaving concrete simulation and symbolic execution. In ITC. 1--10.

[3]

A. Tyagi et al. 2022. TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities. arXiv 2201.09941 (2022).

[4]

G. Dessouky et al. 2019. {HardFails}: Insights into {Software-Exploitable} Hardware Bugs. In USENIX Security. 213--230.

[5]

H. Al Shebli et al. 2018. A study on penetration testing process and tools. In LISAT. 1--7.

[6]

H. M. Kamali et al. 2022. Advances in Logic Locking: Past, Present, and Prospects. Cryptology ePrint Archive (2022).

[7]

J. Kennedy et al. 1997. A discrete binary version of the particle swarm algorithm. In IEEE SMC, Vol. 5. 4104--4108.

[8]

J. Portillo et al. 2016. Building trust in 3PIP using asset-based security property verification. In VTS. 1--6.

[9]

J. Rajendran et al. 2016. Formal security verification of third party intellectual property cores for information leakage. In VLSID. 547--552.

[10]

J. Vicarte et al. 2022. Augury: Using data memory-dependent prefetchers to leak data at rest. In IEEE S&P. 1518--1518.

[11]

K. Laeufer et al. 2018. RFUZZ: Coverage-directed fuzz testing of RTL on FPGAs. In ICCAD. 1--8.

Digital Library

[12]

K. Z. Azar et al. 2022. Fuzz, Penetration, and AI Testing for SoC Security Verification: Challenges and Solutions. Cryptology ePrint Archive (2022).

[13]

M. Fischer et al. 2020. Hardware penetration testing knocks your SoCs off. IEEE Design & Test 38, 1 (2020), 14--21.

[14]

M. Nourian et al. 2018. Hardware Trojan detection using an advised genetic algorithm based logic testing. JETC 34, 4 (2018), 461--470.

[15]

Lester James V. Miranda. 2018. PySwarms, a research-toolkit for Particle Swarm Optimization in Python. JOSS 3 (2018). Issue 21.

[16]

N. Anandakumar et al. 2022. Rethinking Watermark: Providing Proof of IP Ownership in Modern SoCs. Cryptology ePrint Archive (2022).

[17]

N. Farzana et al. 2019. Soc security verification using property checking. In ITC. 1--10.

[18]

P. Kocher et al. 2019. Spectre attacks: Exploiting speculative execution. In IEEE S&P. 1--19.

[19]

P. Puri et al. 2015. Fast stimuli generation for design validation of rtl circuits using binary particle swarm optimization. In ISVLSI. 573--578.

[20]

P. Subramanyan et al. 2014. Formal verification of taint-propagation security properties in a commercial SoC design. In DATE. IEEE, 1--2.

[21]

R. Zhang et al. 2018. End-to-end automated exploit generation for validating the security of processor designs. In MICRO. 815--827.

[22]

S. Bhunia et al. 2018. The Hardware Trojan War. Springer (2018).

[23]

S. Canakci et al. 2021. Directfuzz: Automated test generation for rtl designs using directed graybox fuzzing. In DAC. 529--534.

[24]

S. Muduli et al. 2020. Hyperfuzzing for soc security validation. In ICCAD. 1--9.

[25]

S. Ray et al. 2019. Security Policy in System-on-Chip Designs: Specification, Implementation and Verification. Springer.

[26]

T. Trippel et al. 2021. Fuzzing hardware like software. arXiv 2102.02308 (2021).

[27]

W. Hu et al. 2021. Hardware information flow tracking. ACM CSUR 54, 4 (2021), 1--39.

Digital Library

[28]

X. Guo et al. 2016. Scalable SoC trust verification using integrated theorem proving and model checking. In HOST. 124--129.

[29]

Z. Pan et al. 2021. Automated test generation for hardware trojan detection using reinforcement learning. In ASP-DAC. 408--413.

Cited By

Rahman MTarek SAzar KTehranipoor MFarahmandi F(2024)The Road Not Taken: eFPGA Accelerators Utilized for SoC Security AuditingIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.338735043:10(3068-3082)Online publication date: Oct-2024
https://doi.org/10.1109/TCAD.2024.3387350
Tehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi FTehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi F(2024)Digital Twin for Secure Semiconductor Lifecycle ManagementHardware Security10.1007/978-3-031-58687-3_8(345-399)Online publication date: 3-Apr-2024
https://doi.org/10.1007/978-3-031-58687-3_8
Tehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi FTehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi F(2024)Large Language Models for SoC SecurityHardware Security10.1007/978-3-031-58687-3_6(255-299)Online publication date: 3-Apr-2024
https://doi.org/10.1007/978-3-031-58687-3_6
Show More Cited By

Index Terms

SHarPen: SoC Security Verification by Hardware Penetration Test

Index terms have been assigned to the content through auto-classification.

Recommendations

Threat led advanced persistent threat penetration test

Cyber security attacks have been on the rise in recent years. One of the most destructive attacks are known as advanced persistent threat (APT) attacks which can inflict massive damages to a network. A common approach of testing the security of an IT ...
A Penetration Testing Method for E-Commerce Authentication System Security
ICMECG '09: Proceedings of the 2009 International Conference on Management of e-Commerce and e-Government

E-Commerce systems are suffering more and more security issues. Vulnerabilities of authentication systems are revealed when various attacks and malicious abuses are developed and deployed to violate security of system and information. To improve the ...
Cyber Security & Ethical Hacking For SMEs
KMO '16: Proceedings of the The 11th International Knowledge Management in Organizations Conference on The changing face of Knowledge Management Impacting Society

Literature posits that 30,000 SME websites are hacked daily. Thus it is acknowledged that web-based tools are essential to prevent cyber criminals hacking into online networks to comprise their services and gain access to confidential data for improper ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPDAC '23: Proceedings of the 28th Asia and South Pacific Design Automation Conference

January 2023

807 pages

ISBN:9781450397834

DOI:10.1145/3566097

General Chair:
Atsushi Takahashi
Tokyo Institute of Technology

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGDA: ACM Special Interest Group on Design Automation

In-Cooperation

IPSJ
IEEE CAS
IEEE CEDA
IEICE

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 January 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASPDAC '23

Sponsor:

SIGDA

ASPDAC '23: 28th Asia and South Pacific Design Automation Conference

January 16 - 19, 2023

Tokyo, Japan

Acceptance Rates

ASPDAC '23 Paper Acceptance Rate 102 of 328 submissions, 31%;

Overall Acceptance Rate 466 of 1,454 submissions, 32%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
313
Total Downloads

Downloads (Last 12 months)83
Downloads (Last 6 weeks)15

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Rahman MTarek SAzar KTehranipoor MFarahmandi F(2024)The Road Not Taken: eFPGA Accelerators Utilized for SoC Security AuditingIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.338735043:10(3068-3082)Online publication date: Oct-2024
https://doi.org/10.1109/TCAD.2024.3387350
Tehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi FTehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi F(2024)Digital Twin for Secure Semiconductor Lifecycle ManagementHardware Security10.1007/978-3-031-58687-3_8(345-399)Online publication date: 3-Apr-2024
https://doi.org/10.1007/978-3-031-58687-3_8
Tehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi FTehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi F(2024)Large Language Models for SoC SecurityHardware Security10.1007/978-3-031-58687-3_6(255-299)Online publication date: 3-Apr-2024
https://doi.org/10.1007/978-3-031-58687-3_6
Tehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi FTehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi F(2024)Runtime SoC Security ValidationHardware Security10.1007/978-3-031-58687-3_5(231-253)Online publication date: 3-Apr-2024
https://doi.org/10.1007/978-3-031-58687-3_5
Tehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi FTehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi F(2024)SoC Security Verification Using Fuzz, Penetration, and AI TestingHardware Security10.1007/978-3-031-58687-3_4(183-229)Online publication date: 3-Apr-2024
https://doi.org/10.1007/978-3-031-58687-3_4
Tehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi FTehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi F(2024)Rethinking Hardware WatermarkHardware Security10.1007/978-3-031-58687-3_3(143-182)Online publication date: 3-Apr-2024
https://doi.org/10.1007/978-3-031-58687-3_3
Tehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi FTehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi F(2024)Secure Heterogeneous IntegrationHardware Security10.1007/978-3-031-58687-3_10(447-490)Online publication date: 3-Apr-2024
https://doi.org/10.1007/978-3-031-58687-3_10
Tehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi FTehranipoor MZamiri Azar KAsadizanjani NRahman FMardani Kamali HFarahmandi F(2024)Quantifiable Assurance in HardwareHardware Security10.1007/978-3-031-58687-3_1(1-52)Online publication date: 3-Apr-2024
https://doi.org/10.1007/978-3-031-58687-3_1
Rajendran STarek SHicks BKamali HFarahmandi FTehranipoor M(2023)HUnTer: Hardware Underneath Trigger for Exploiting SoC-level Vulnerabilities2023 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE56975.2023.10137139(1-6)Online publication date: Apr-2023
https://doi.org/10.23919/DATE56975.2023.10137139
Hossain MVafaei AAzar KRahman FFarahmandi FTehranipoor M(2023)SoCFuzzer: SoC Vulnerability Detection using Cost Function enabled Fuzz Testing2023 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE56975.2023.10137024(1-6)Online publication date: Apr-2023
https://doi.org/10.23919/DATE56975.2023.10137024

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten