The Gate Level Information Flow Tracking (GLIFT) is an effective method to uphold the information security for high-assurance digital circuits. The GLIFT method associates a security label with each data bit and monitors these labels to expose the illegal information flow in the circuit under tracking. However, the label propagation usually consumes a significant area overhead, especially for the multi-level security lattices. This work aims to reduce the area cost of the GLIFT logic to enhance its applicability. A new implementation technique of GLIFT logic of basic gates is proposed by introducing the logic operation ‘minus’. A decoupling-encoding technique of the security labels is also proposed to simplify the GLIFT logic. Furthermore, three improved GLIFT schemes are introduced for different scenarios based on these two techniques. These improved schemes are applied to some ISCAS’85 benchmarks. The evaluation results show that the improved schemes only consume 38.90%, 39.84% and 29.16% area of that of the original GLIFT scheme on average, respectively.
Read full abstract