Abstract
Information flow analysis plays an important role in hardware security verification as it enables reasoning about properties related to confidentiality, integrity, and availability. This book chapter describes techniques for integrating information flow tracking into the high-level synthesis (HLS) design flow. Specifically, we develop precise information flow tracking methods that target the HLS backend and verify the security of HLS design outputs. We discuss the benefits of performing information flow tracking at the register transfer level, present fine-granularity information flow model formalizations in a common hardware description language, and illustrate how hardware security properties are formally verified using standard EDA verification tools. We present experimental results to show the effectiveness of our secure hardware design flow in proving security properties related to confidentiality, integrity, isolation, constant time, and malicious design modification. This provides a promising approach for enhancing the traditional functional HLS design flow to consider security as an additional design constraint.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kastner, R., Matai, J., Neuendorffer, S.: Parallel programming for FPGAs (2018). Preprint, arXiv:1805.03648
Bulck, J.V., Minkin, M., Weisse, O., Genkin, D., Kasikci, B., Piessens, F., Silberstein, M., Wenisch, T.F., Yarom, Y., Strackx, R.: Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: 2018 27th USENIX Security Symposium (USENIX Security 18), pp. 991–1008. USENIX Association, Baltimore, MD (2018). https://www.usenix.org/conference/usenixsecurity18/presentation/bulck
Weisse, O., Bulck, J.V., Minkin, M., Genkin, D., Kasikci, B., Piessens, F., Silberstein, M., Strackx, R., Wenisch, T.F., Yarom, Y.: Foreshadow-NG: breaking the virtual memory abstraction with transient out-of-order execution (2018). https://foreshadowattack.eu/foreshadow-NG.pdf
Skorobogatov, S., Woods, C.: Breakthrough Silicon Scanning Discovers Backdoor in Military Chip, pp. 23–40. Springer, Heidelberg (2012)
Andreou, A., Bogdanov, A., Tischhauser, E.: Cache timing attacks on recent microarchitectures. In: 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 155–155 (2017)
Hu, W., Althoff, A., Ardeshiricham, A., Kastner, R.: Towards property driven hardware security. In: 2016 17th International Workshop on Microprocessor and SOC Test and Verification (MTV), pp. 51–56. IEEE, Piscataway (2016)
Hu, W., Ardeshiricham, A., Gobulukoglu, M.S., Wang, X., Kastner, R.: Property specific information flow analysis for hardware security verification. In: 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 1–8 (2018)
Ma, H., He, J., Liu, Y., Zhao, Y., Jin, Y.: CAD4EM-P: security-driven placement tools for electromagnetic side channel protection. In: 2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), pp. 1–6 (2019)
Tiwari, M., Wassel, H.M., Mazloom, B., Mysore, S., Chong, F.T., Sherwood, T.: Complete information flow tracking from the gates up. In: the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 109–120 (2009)
Bidmeshki, M., Makris, Y.: Toward automatic proof generation for information flow policies in third-party hardware IP. In: 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 163–168 (2015)
Zhang, D., Wang, Y., Suh, G.E., Myers, A.C.: A hardware design language for timing-sensitive information-flow security. In: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 503–516. ACM, New York, NY (2015)
Ardeshiricham, A., Hu, W., Marxen, J., Kastner, R.: Register transfer level information flow tracking for provably secure hardware design. In: Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1691–1696 (2017)
Sefton, S., Siddiqui, T., Amour, N.S., Stewart, G., Kodi, A.K.: GARUDA: designing energy-efficient hardware monitors from high-level policies for secure information flow. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 37(11), 2509–2518 (2018)
Jiang, Z., Dai, S., Suh, G.E., Zhang, Z.: High-level synthesis with timing-sensitive information flow enforcement. In: Proceedings of the International Conference on Computer-Aided Design (ICCAD), pp. 88:1–88:8. ACM, New York, NY (2018)
Pilato, C., Wu, K., Garg, S., Karri, R., Regazzoni, F.: TaintHLS: high-level synthesis for dynamic information flow tracking. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 38(5), 798–808 (2019)
Ravi, P., Najm, Z., Bhasin, S., Khairallah, M., Gupta, S.S., Chattopadhyay, A.: Security is an architectural design constraint. Microprocess. Microsyst. 68, 17–27 (2019)
Knechtel, J., Kavun, E.B., Regazzoni, F., Heuser, A., Chattopadhyay, A., Mukhopadhyay, D., Dey, S., Fei, Y., Belenky, Y., Levi, I., Güneysu, T., Schaumont, P., Polian, I.: Towards Secure Composition of Integrated Circuits and Electronic Systems: On the Role of EDA. In: Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 508–513 (2020).
Pilato, C., Garg, S., Wu, K., Karri, R., Regazzoni, F.: Securing hardware accelerators: a new challenge for high-level synthesis. IEEE Embed. Syst. Lett. 10(3), 77–80 (2018)
Deng, S., Gümüşoğlu, D., Xiong, W., Sari, S., Gener, Y.S., Lu, C., Demir, O., Szefer, J.: SecChisel framework for security verification of secure processor architectures. In: Proceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy (HASP), pp. 7:1–7:8. ACM, New York, NY (2019)
Ardeshiricham, A., Hu, W., Kastner, R.: Clepsydra: modeling timing flows in hardware designs. In: 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 147–154 (2017)
Jin, Y., Guo, X., Dutta, R.G., Bidmeshki, M., Makris, Y.: Data secrecy protection through information flow tracking in proof-carrying hardware IP–Part I: framework fundamentals. IEEE Trans. Inf. Forensics Secur. 12(10), 2416–2429 (2017)
Hu, W., Oberg, J., Irturk, A., Tiwari, M., Sherwood, T., Mu, D., Kastner, R.: Theoretical fundamentals of gate level information flow tracking. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 30(8), 1128–1140 (2011)
Bidmeshki, M., Antonopoulos, A., Makris, Y.: Information flow tracking in analog/mixed-signal designs through proof-carrying hardware IP. In: Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1703–1708 (2017)
Li, X., Tiwari, M., Hardekopf, B., Sherwood, T., Chong, F.T.: Secure information flow analysis for hardware design: using the right abstraction for the job. In: Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), pp. 8:1–8:7. ACM, New York, NY (2010)
Stroud, C.E., Wang, L.T., Chang, Y.W.: Introduction. In: Wang, L.T., Chang, Y.W., Cheng, K.T.T. (eds.) Electronic Design Automation, Chap. 1, pp. 1–38. Morgan Kaufmann, Boston (2009)
Oberg, J., Meiklejohn, S., Sherwood, T., Kastner, R.: Leveraging gate-level properties to identify hardware timing channels. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 33(9), 1288–1301 (2014)
Hu, W., Mao, B., Oberg, J., Kastner, R.: Detecting hardware trojans with gate-level information-flow tracking. Computer 49(8), 44–52 (2016)
Shakya, B., He, T., Salmani, H., Forte, D., Bhunia, S., Tehranipoor, M.: Benchmarking of hardware trojans and maliciously affected circuits. J. Hardware Syst. Secur. 1, 85–102 (2017)
Hu, W., Oberg, J., Irturk, A., Tiwari, M., Sherwood, T., Mu, D., Kastner, R.: On the complexity of generating gate level information flow tracking logic. IEEE Trans. Inf. Forensics Secur. 7(3), 1067–1080 (2012)
Wolf, C., Glaser, J.: Yosys - a free Verilog synthesis suite (2013). http://www.clifford.at/yosys/
Ameli, R.: Present Cipher Encryption IP Core (2011). https://opencores.org/ocsvn/present_encryptor/present_encryptor/trunk
Percival, C.: Cache missing for fun and profit. In: Proc. of BSDCan 2005 (2005)
Bernstein, D.J.: Cache-timing attacks on AES. VLSI Des. IEEE Comput. Soc. 51(2), 218–221 (2005)
Wang, Z., Lee, R.B.: New cache designs for thwarting software cache-based side channel attacks. SIGARCH Comput. Archit. News 35(2), 494–505 (2007)
Hu, W., Zhang, L., Ardeshiricham, A., Blackstone, J., Hou, B., Tai, Y., Kastner, R.: Why you should care about don’t cares: exploiting internal don’t care conditions for hardware trojans. In: IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 707–713 (2017)
Satoh, A.: AES Encryption/Decryption Macro (2007). http://www.aoki.ecei.tohoku.ac.jp/crypto/
IWLS: IWLS Benchmarks Ver. 3.0 (2005). http://iwls.org/iwls2005/benchmarks.html
Berkeley Logic Synthesis and Verification Group: ABC: A System for Sequential Synthesis and Verification (2020). http://www.eecs.berkeley.edu/~alanmi/abc
Acknowledgements
This work was supported in part by the Natural Science Foundation of Shaanxi Province under Grant 2019JM-244, NSF award 1718586, and the Semiconductor Research Corporation Task 2770.001.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Hu, W., Ardeshiricham, A., Wu, L., Kastner, R. (2022). Integrating Information Flow Tracking into High-Level Synthesis Design Flow. In: Katkoori, S., Islam, S.A. (eds) Behavioral Synthesis for Hardware Security. Springer, Cham. https://doi.org/10.1007/978-3-030-78841-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-78841-4_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-78840-7
Online ISBN: 978-3-030-78841-4
eBook Packages: Computer ScienceComputer Science (R0)