Hardware/software security co-verification and vulnerability detection: An information flow perspective

Abstract

Security vulnerabilities provide attackers unauthorized access to critical resources and effective attack surfaces to compromise a system. Security verification is an emerging technique for detecting and locating such threats. However, existing security verification methods are typically restricted within the hardware or software boundary and incapable of meeting cross-layer verification requirements due to the differences in design semantics and the lack of a security model that fits both hardware and software. We attempt to address such a limitation from the perspective of information flow analysis and propose a hardware/software security co-verification method, which can check information flow security properties on fine-grained hardware information flow models. The proposed method can pinpoint security vulnerabilities by capturing information flow security property violations under clues of malicious information flows. Our information flow security model and properties are described using standard hardware design and verification languages, which allows our method to be seamlessly integrated with electronics design automation flows. Experimental results using RISC-V hardware/software designs show that the proposed method detects software, hardware and system-level security vulnerabilities, effectively.