Hardware and software co-verification from security perspective in SoC platforms

Abstract

Attacks which combine software and hardware vulnerabilities are emerging security problems. Although runtime verification or remote attestation can determine the correctness of program states on a processor core, existing methods rarely consider the software states on the whole System on Chip (SoC). Also, there are SoC level solutions focusing on addressing the threat in the RISC-V architecture, which provides an open Instruction Set Architecture (ISA) of the processor. In this paper, we propose a comprehensive software and hardware co-verification method to protect the entire RISC-V based SoC platform at runtime. The proposed method adopts the Dynamic Information Flow Tracking (DIFT) framework to implement a new Verifier and Prover security architecture for supporting runtime software and hardware co-verification. This framework also considers the security states of third-party IPs (3PIPs). The framework is implemented as a coprocessor, new bus and DIFT supported IP wrapper which does not change the architecture of the main processor core. The new security architecture can be integrated with other RISC-V processors. We implement a FPGA prototype on the Rocket-Chip, an RISC-V open-source processor core. The hardware overhead is 10% LUTs and 9.4% Flip-Flops and a performance overhead is 3%.