Towards Quantified Data Analysis of Information Flow Tracking for Secure System Design

Abstract

Computing hardware has become an attractive attack surface due to the globalization of semi-conductor design and supply chain, and the wide integration of third-party intellectual property cores. Recently, gate-level information flow tracking (GLIFT) has been proposed to monitor the flow of information in secure hardware design by associating data objects with sensitivity labels and tracking the flow of labeled data. GLIFT can be used to model and verify security-related properties, such as confidentiality and integrity. However, existing work in this realm only considers binary labels. These are inadequate for understanding simultaneous information flow behaviors and the root source information flows. In this paper, we propose a precise multi-bit GLIFT method to perform simultaneous multi-bit flow tracking for understanding exactly which bits are affecting a data object at the same time. The proposed method provides more detailed insights into simultaneous information flow behaviors and thus allows proof of quantitative information flow data properties. We compare the complexity and verification performance for different information flow models using primitive gates, IWLS benchmarks, several cryptographic cores, and trust-HUB benchmarks. Experimental results have demonstrated that our method can reason about multi-bit information flow behaviors and identify potential security flaws.