QIF-RTL: A New Secure Hardware Description Language on VHDL/Verilog

By: Xiaolong Guo and Yier Jin

Stage: RTL

Summary

A framework which evaluates the trustworthiness of a hardware system at register transfer level (RTL).
Includes a quantified information flow (QIF) model and extends Verilog/VHDL type systems
Help developers with no security background to label sensitive signals and to quickly evaluate the design’s trustworthiness levels.
Initial results for 18 benchmarks using leakage paths as design errors show detection accuracy of 100% without false positive in less than 20 minutes.

Contact

Yier Jin

Input/Output Interface

Input: Denoted Verilog program
Output: Whether there is information leakage vulnerability

Dependencies

PyVerilog
Icarus Verilog

Binariey

QIF-RTL
Instruction: Run on linux command: ./qif –help

References

Guo, Xiaolong; Dutta, Raj Gautam; He, Jiaji; Tehranipoor, Mark; Jin, Yier

QIF-Verilog: Quantitative Information-Flow based Hardware Description Languages for Pre-Silicon Security Assessment Proceedings Article

In: 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 91-100, IEEE, McLean, VA, USA, 2019.

Abstract | Links | BibTeX

@inproceedings{Guo2019,

title = {QIF-Verilog: Quantitative Information-Flow based Hardware Description Languages for Pre-Silicon Security Assessment},

author = {Xiaolong Guo and Raj Gautam Dutta and Jiaji He and Mark Tehranipoor and Yier Jin},

url = {http://cadforassurance.org/wp-content/uploads/xiaolong2019qir.pdf},

doi = {10.1109/HST.2019.8740840},

year  = {2019},

date = {2019-03-15},

booktitle = {2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)},

journal = {2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)},

pages = {91-100},

publisher = {IEEE},

address = {McLean, VA, USA},

abstract = {Hardware vulnerabilities are often due to design mistakes because the designer does not sufficiently consider potential security vulnerabilities at the design stage. As a result, various security solutions have been developed to protect ICs, among which the language-based hardware security verification serves as a promising solution. The verification process will be performed while compiling the HDL of the design. However, similar to other formal verification methods, the language-based approach also suffers from scalability issues. Furthermore, existing solutions either lead to hardware overhead or are not designed for vulnerable or malicious logic detection. To alleviate these challenges, we propose a new language based framework, QIF-Verilog, to evaluate the trustworthiness of a hardware system at the register transfer level (RTL). This framework introduces a quantified information flow (QIF) model and extends Verilog type systems to provide more expressiveness in presenting security rules; QIF is capable of checking the security rules given by the hardware designer. Secrets are labeled by the new type and then parsed to data flow, to which a QIF model will be applied. To demonstrate our approach, we design a compiler for QIF-Verilog and perform vulnerability analysis on benchmarks from Trust-Hub and OpenCore. We show that Trojans or design faults that leak information from circuit outputs can be detected automatically and that our method evaluates the security of the design correctly.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Acknowledgments

This work is partially supported by Army Research Office (W911NF-17-1-0477), Semiconductor Research Corporation (2014-TS-2