Trojan Resilient Computing in COTS Processors Under Zero Trust

Abstract

The commercial off-the-shelf (COTS) component-based ecosystem provides an attractive system design paradigm due to the drastic reduction in development time and cost compared to custom solutions. However, it brings in a growing concern of trustworthiness arising from the possibility of malicious embedded logic or hardware Trojans in COTS components. Existing hardware Trojan countermeasures are typically not applicable to COTS hardware due to the need for zero trust consideration for all supply chain entities, absence of golden models, and lack of observability of internal signals within the component. In this work, we propose a novel approach for runtime Trojan detection and resilience in untrusted COTS processors through judicious modifications in the software. The proposed approach does not rely on any hardware redundancy or architectural modification and hence seamlessly integrates with the COTS-based system design process. Trojan resilience is achieved through the execution of multiple functionally equivalent software variants. We have developed and implemented a solution for compiler-based automatic generation of program variants, metric-guided selection of variants, and their integration in a single executable. To evaluate the proposed approach, we first analyzed the effectiveness of program variants in avoiding the activation of a random pool of Trojans. Then, by implementing several Trojans in an OpenRISC 1000 processor, we analyzed the detectability and resilience under Trojan activation in both single and multiple variants. We also present delay and code size overhead for the automatically generated variants for several programs and discuss future research directions.