RTL-ConTest: Concolic Testing on RTL for Detecting Security Vulnerabilities

Abstract

This article presents RTL-ConTest, a register transfer-level (RTL) security vulnerability detection algorithm, that extracts critical process flows from a RTL design and executes RTL-level concolic testing to generate security test cases for identifying critical exploits manifested in a System on Chip (SoC). The efficiency of the proposed approach is evaluated on opensource RISC-V-based SoCs. Our technique is successful in detecting the security vulnerabilities manifested in the processor core as well as in the rest of the SoC, e.g., debug modules, peripherals, etc., thereby providing a thorough vulnerability check on the entire hardware design. As demonstrated by our experimental results, in circumstances where conventional security verification tools are limited, RTL-ConTest furnishes significantly improved efficiency in detecting SoC security vulnerabilities.