Data Secrecy Protection Through Information Flow Tracking in Proof-Carrying Hardware IP—Part II: Framework Automation

Abstract

Part II of this paper series focuses on automation of the extended proof-carrying hardware intellectual property (PCHIP) framework for data secrecy protection in third-party IPs, which was presented in part I. Specifically, we introduce: 1) VeriCoq-IFT, an automated PCHIP framework for information flow policies and 2) VeriCoq-H, a hierarchy-preserving Verilog-to-Coq converter. VeriCoq-IFT aims to: 1) automate the process of converting designs from an HDL to the Coq formal language; 2) generate security property theorems ensuring compliance with information flow policies; 3) construct proofs for such theorems; and 4) check their validity in a design, with minimal user intervention. VeriCoq-H, on the other hand, seeks to convert the entire functionality of a Verilog design to its Coq representation while preserving design hierarchy. It facilitates the development of hierarchical proofs and enables the construction of hybrid module libraries containing the HDL code and the corresponding reusable lemmas for each module. Applicability of our automated VeriCoq-IFT framework is demonstrated by evaluating trustworthiness of two DES encryption circuits and several genuine and Trojan-infested advanced encryption standard (AES) designs, along with the utility of VeriCoq-H in preventing malicious modification of sensitive data, such as the secret key of an encryption circuit.