Advertisement

SoC Security Verification Challenges

  • Farimah Farahmandi
  • Yuanwen Huang
  • Prabhat Mishra
Chapter

Abstract

An SoC should be verified against several vulnerabilities to endure its security and trust. However, the existing verification and validation techniques are not sufficient to identify security issues in SoC due to the lack of security specification, the vast complexity of SoC designs, aggressive time-to-market, globally distributed supply chain of SoCs, design issues, and unsecured computer-aided design (CAD) tools. In this chapter, we review the challenges in SoC security and trust verification and review some existing approaches to evaluate the resiliency of SoCs against various types of attacks. We also discuss the limitation of these approaches.

References

  1. 1.
    A. Adir, E. Almog, L. Fournier, E. Marcus, M. Rimon, M. Vinov, A. Ziv, Genesys-pro: innovations in test program generation for functional processor verification. IEEE Des. Test Comput. 21, 84–93 (2004)CrossRefGoogle Scholar
  2. 2.
    D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, Trojan detection using IC finger-printing, in Symposium on Security and Privacy (2007), pp. 296–310Google Scholar
  3. 3.
    A. Ahmed, P. Mishra, QUEBS: qualifying event based search in concolic testing for validation of RTL models, in IEEE International Conference on Computer Design (ICCD) (2017), pp. 185–192Google Scholar
  4. 4.
    A. Ahmed, F. Farahmandi, Y. Iskander, P. Mishra, Scalable hardware Trojan activation by interleaving concrete simulation and symbolic execution, in IEEE International Test Conference (ITC) (2018)Google Scholar
  5. 5.
    A. Ahmed, F. Farahmandi, P. Mishra, Directed test generation using concolic testing of RTL models, in Design Automation and Test in Europe (DATE) (2018), pp. 1538–1543Google Scholar
  6. 6.
    M. Banga, M. Hsiao, Trusted RTL: Trojan detection methodology in pre-silicon designs, in IEEE International Symposium on Hardware-Oriented Security and Trust (HOST) (2010), pp. 56–59Google Scholar
  7. 7.
    G. Becker, J. Cooper, E. DeMulder, G. Goodwill, J. Jaffe, G. Kenworthy, T. Kouzminov, A. Leiserson, M. Marson, P. Rohatgi et al., Test vector leakage assessment (TVLA) methodology in practice, in International Cryptographic Module Conference, vol. 1001 (2013), p. 13Google Scholar
  8. 8.
    P. Behnam, B. Alizadeh, In-circuit mutation-based automatic correction of certain design errors using SAT mechanisms, in 2015 IEEE 24th Asian Test Symposium (ATS) (IEEE, Piscataway, 2015), pp. 199–204CrossRefGoogle Scholar
  9. 9.
    P. Behnam, B. Alizadeh, Z. Navabi, Automatic correction of certain design errors using mutation technique, in 2014 19th IEEE European Test Symposium (ETS) (IEEE, Piscataway, 2014), pp. 1–2Google Scholar
  10. 10.
    A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic model checking without BDDs, in International Conference on Tools and Algorithms for the Construction and Analysis of Systems (Springer, Berlin, 1999), pp. 193–207CrossRefGoogle Scholar
  11. 11.
    E. Brier, C. Clavier, F. Olivier, Correlation power analysis with a leakage model, in Cryptographic Hardware and Embedded Systems – CHES, ed. by M. Joye, J.-J. Quisquater (Springer, Berlin, 2004), pp. 16–29Google Scholar
  12. 12.
    R.E. Bryant, Graph-based algorithms for Boolean function manipulation. IEEE Trans. Comput. C-35, 677–691 (1986)zbMATHCrossRefGoogle Scholar
  13. 13.
    R.E. Bryant, Y.-A. Chen, Verification of arithmetic circuits with binary moment diagrams, in Proceedings of the 32nd Annual ACM/IEEE Design Automation Conference (ACM, New York, 1995), pp. 535–541Google Scholar
  14. 14.
    M. Bushnell, V.D. Agrawal, Essentials of electronic testing for digital, memory, and mixed signal VLSI circuits, vol. 17 (Springer, New York, 2000)Google Scholar
  15. 15.
    B. Çakir, S. Malik, Hardware Trojan detection for gate-level ICS using signal correlation based clustering, in Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition (EDA Consortium, San Jose, 2015), pp. 471–476Google Scholar
  16. 16.
    R.S. Chakraborty, F. Wolf, C. Papachristou, S. Bhunia, MERO: a statistical approach for hardware Trojan detection, in International Workshop on Cryptographic Hardware and Embedded Systems (CHES’09) (2009), pp. 369–410Google Scholar
  17. 17.
    S. Chari, J.R. Rao, P. Rohatgi, Template attacks, in Cryptographic Hardware and Embedded Systems – CHES, ed. by B.S. Kaliski, Ç.K. Koç, C. Paar (Springer, Berlin, 2003), pp. 13–28Google Scholar
  18. 18.
    M. Chen, P. Mishra, Functional test generation using efficient property clustering and learning techniques. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 29(3), 396–404 (2010)CrossRefGoogle Scholar
  19. 19.
    M. Chen, P. Mishra, Property learning techniques for efficient generation of directed tests. IEEE Trans. Comput. 60(6), 852–864 (2011)MathSciNetzbMATHCrossRefGoogle Scholar
  20. 20.
    M. Chen, P. Mishra, Decision ordering based property decomposition for functional test generation, in Design Automation and Test in Europe (DATE) (2011), pp. 167–172Google Scholar
  21. 21.
    M. Chen, X. Qin, P. Mishra, Learning-oriented property decomposition for automated generation of directed tests. J. Electron. Test. 30(3), 287–306 (2014)CrossRefGoogle Scholar
  22. 22.
    M.J. Ciesielski, P. Kalla, Z. Zheng, B. Rouzeyre, Taylor expansion diagrams: a compact, canonical representation with applications to symbolic verification, in Proceedings 2002 Design, Automation and Test in Europe Conference and Exhibition (IEEE, Piscataway, 2002), pp. 285–289Google Scholar
  23. 23.
    E.M. Clarke, E.A. Emerson, and A.P. Sistla, Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Program. Lang. Syst. 8(2), 244–263 (1986)zbMATHCrossRefGoogle Scholar
  24. 24.
    J. Cruz, F. Farahmandi, A. Ahmed, P. Mishra, Hardware Trojan detection using ATPG and model checking, in 2018 31st International Conference on VLSI Design and 2018 17th International Conference on Embedded Systems (VLSID) (IEEE, Piscataway, 2018), pp. 91–96Google Scholar
  25. 25.
    N. Dang, A. Roychoudhury, T. Mitra, P. Mishra, Generating test programs to cover pipeline interactions, in ACM/IEEE Design Automation Conference (DAC) (2009), pp. 142–147Google Scholar
  26. 26.
    F. Farahmandi, B. Alizadeh, Groebner basis based formal verification of large arithmetic circuits using Gaussian elimination and cone-based polynomial extraction. Microprocess. Microsyst. 39(2), 83–96 (2015)CrossRefGoogle Scholar
  27. 27.
    F. Farahmandi, P. Mishra, Automated test generation for debugging arithmetic circuits, in 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE) (IEEE, Piscataway, 2016), pp. 1351–1356Google Scholar
  28. 28.
    F. Farahmandi, P. Mishra, FSM anomaly detection using formal analysis, in IEEE International Conference on Computer Design (ICCD) (2017), pp. 313–320Google Scholar
  29. 29.
    F. Farahmandi, P. Mishra, Automated debugging of arithmetic circuits using incremental Gröbner basis reduction, in IEEE International Conference on Computer Design (ICCD) (2017), pp. 193–200Google Scholar
  30. 30.
    F. Farahmandi, P. Mishra, Automated test generation for debugging multiple bugs in arithmetic circuits. IEEE Trans. Comput. 68(2), 182–197 (2019)MathSciNetzbMATHCrossRefGoogle Scholar
  31. 31.
    F. Farahmandi, B. Alizadeh, Z. Navabi, Effective combination of algebraic techniques and decision diagrams to formally verify large arithmetic circuits, in 2014 IEEE Computer Society Annual Symposium on VLSI (IEEE, Piscataway, 2014), pp. 338–343Google Scholar
  32. 32.
    F. Farahmandi, P. Mishra, S. Ray, Exploiting transaction level models for observability-aware post-silicon test generation, in Design Automation and Test in Europe (DATE) (2016), pp. 1477–1480Google Scholar
  33. 33.
    F. Farahmandi, Y. Huang, P. Mishra, Trojan localization using symbolic algebra, in Asia and South Pacific Design Automation Conference (ASPDAC) (2017), pp. 591–597Google Scholar
  34. 34.
    N. Fern, S. Kulkarni, K.-T.T. Cheng, Hardware Trojans hidden in RTL don’t cares – automated insertion and prevention methodologies, in 2015 IEEE International Test Conference (ITC) (IEEE, Piscataway, 2015), pp. 1–8Google Scholar
  35. 35.
    N. Fern, I. San, C.K. Koç, K.-T.T. Cheng, Hardware Trojans in incompletely specified on-chip bus systems, in Proceedings of the 2016 Conference on Design, Automation & Test in Europe (EDA Consortium, San Jose, 2016), pp. 527–530Google Scholar
  36. 36.
    N. Fern, I. San, K.-T.T. Cheng, Detecting hardware Trojans in unspecified functionality through solving satisfiability problems, in 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC) (IEEE, Piscataway, 2017), pp. 598–504Google Scholar
  37. 37.
    B. Gierlichs, K. Lemke-Rust, C. Paar, Templates vs. stochastic methods, in Cryptographic Hardware and Embedded Systems – CHES 2006, ed. by L. Goubin, M. Matsui (Springer, Berlin, 2006), pp. 15–29CrossRefGoogle Scholar
  38. 38.
    L.H. Goldstein, E.L. Thigpen, SCOAP: Sandia controllability/observability analysis program, in Proceedings of the 17th Design Automation Conference (ACM, New York, 1980), pp. 190–196Google Scholar
  39. 39.
    X. Guo, R.G. Dutta, Y. Jin, F. Farahmandi, P. Mishra, Pre-silicon security verification and validation: a formal perspective, in ACM/IEEE Design Automation Conference (DAC) (2015), pp. 145:1–145:6Google Scholar
  40. 40.
    X. Guo, R.G. Dutta, P. Mishra, Y. Jin, Scalable SoC trust verification using integrated theorem proving and model checking, in IEEE International Symposium on Hardware Oriented Security and Trust (HOST) (2016), pp. 124–129Google Scholar
  41. 41.
    X. Guo, R.G. Dutta, P. Mishra, Y. Jin, Automatic code converter enhanced PCH framework for SoC trust verification. IEEE Trans. Very Large Scale Integr. VLSI Syst. 25(12), 3390–3400 (2017)CrossRefGoogle Scholar
  42. 42.
    K. Hasegawa, M. Yanagisawa, N. Togawa, Hardware Trojans classification for gate-level netlists using multi-layer neural networks, in IEEE 23rd International Symposium on On-Line Testing and Robust System Design (IOLTS) (2017), pp. 227–232Google Scholar
  43. 43.
    K. Hasegawa, Y. Shi, N. Togawa, Hardware Trojan detection utilizing machine learning approaches, in Proceedings – 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2018 (2018), pp. 1891–1896Google Scholar
  44. 44.
    J. He, Y. Zhao, X. Guo, Y. Jin, Hardware Trojan detection through chip-free electromagnetic side-channel statistical analysis. IEEE Trans. Very Large Scale Integr. VLSI Syst. 25(10), 2939–2948 (2017)CrossRefGoogle Scholar
  45. 45.
    M. He, J. Park, A. Nahiyan, A. Vassilev, Y. Jin, M. Tehranipoor, RTL-PSC: automated power side-channel leakage assessment at register-transfer level, in IEEE VLSI Test Symposium (VTS) (2019)Google Scholar
  46. 46.
    M. Hicks, M. Finnicum, S.T. King, M.M. Martin, J.M. Smith, Overcoming an untrusted computing base: detecting and removing malicious hardware automatically, in 2010 IEEE Symposium on Security and Privacy (SP) (IEEE, Piscataway, 2010), pp. 159–172Google Scholar
  47. 47.
    W. Hu, A. Ardeshiricham, M.S. Gobulukoglu, X. Wang, R. Kastner, Property specific information flow analysis for hardware security verification, in 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), San Diego, CA (2018), pp. 1–8Google Scholar
  48. 48.
    W. Hua, Z. Zhang, G.E. Suh, Reverse engineering convolutional neural networks through side-channel information leaks, in 55th ACM/ESDA/IEEE Design Automation Conference (DAC) (2018), pp. 1–6Google Scholar
  49. 49.
    Y. Huang, P. Mishra, Trace buffer attack on the AES cipher. J. Hardw. Syst. Secur. 1(1), 68–84 (2017)CrossRefGoogle Scholar
  50. 50.
    Y. Huang, A. Chattopadhyay, P. Mishra, Trace buffer attack: security versus observability study in post-silicon debug, in IEEE International Conference on Very Large Scale Integration (VLSI-SoC) (2015), pp. 355–360Google Scholar
  51. 51.
    Y. Huang, S. Bhunia, P. Mishra, MERS: statistical test generation for side-channel analysis based Trojan detection, in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (ACM, New York, 2016), pp. 130–141Google Scholar
  52. 52.
    Y. Huang, S. Bhunia, P. Mishra, Scalable test generation for Trojan detection using side channel analysis. IEEE Trans. Inf. Forensics Secur. 13(11), 2746–2760 (2018)CrossRefGoogle Scholar
  53. 53.
    T. Inoue, K. Hasegawa, Y. Kobayashi, M. Yanagisawa, N. Togawa, Designing subspecies of hardware Trojans and their detection using neural network approach, in IEEE 8th International Conference on Consumer Electronics (2018), pp. 1–4Google Scholar
  54. 54.
    D. Ismari, J. Plusquellic, C. Lamech, S. Bhunia, F. Saqib, On detecting delay anomalies introduced by hardware Trojans, in 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), Austin, TX (2016), pp. 1–7Google Scholar
  55. 55.
    Y. Jin, Y. Makris, Hardware Trojan detection using path delay fingerprint, in IEEE International Workshop on Hardware-Oriented Security and Trust (2008), pp. 51–57Google Scholar
  56. 56.
    Y. Jin, Y. Makris, Hardware Trojans in wireless cryptographic ICs. IEEE Des. Test Comput. 27(1), 26–35 (2010)CrossRefGoogle Scholar
  57. 57.
    B. Keng, A. Veneris, Path-directed abstraction and refinement for SAT-based design debugging. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 32(10), 1609–1622 (2013)CrossRefGoogle Scholar
  58. 58.
    P.C. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, Series CRYPTO ’99, London, UK (Springer, London, 1999), pp. 388–397. [Online]. Available: http://dl.acm.org/citation.cfm?id=646764.703989 CrossRefGoogle Scholar
  59. 59.
    H.-M. Koo, P. Mishra, Test generation using SAT-based bounded model checking for validation of pipelined processors, in Proceedings of the 16th ACM Great Lakes Symposium on VLSI (ACM, New York, 2006), pp. 362–365Google Scholar
  60. 60.
    H. Koo, P. Mishra, Functional test generation using property decompositions for validation of pipelined processors, in Design Automation and Test in Europe (DATE) (2006), pp. 1240–1245Google Scholar
  61. 61.
    A. Kulkarni, Y. Pino, T. Mohsenin, SVM-based real-time hardware Trojan detection for many-core platform, in 17th International Symposium on Quality Electronic Design (ISQED) (2016), pp. 362–367Google Scholar
  62. 62.
    T.-H. Le, J. Clédière, C. Canovas, B. Robisson, C. Servière, J.-L. Lacoume, A proposition for correlation power analysis enhancement, in Cryptographic Hardware and Embedded Systems – CHES 2006, ed. by L. Goubin, M. Matsui (Springer, Berlin, 2006), pp. 174–186CrossRefGoogle Scholar
  63. 63.
    B. Le, H. Mangassarian, B. Keng, A. Veneris, Non-solution implications using reverse domination in a modern SAT-based debugging environment, in Design Automation and Test in Europe (DATE) (2012), pp. 629–634Google Scholar
  64. 64.
    J. Lee, M. Tebranipoor, J. Plusquellic, A low-cost solution for protecting IPs against scan-based side-channel attacks, in 24th IEEE VLSI Test Symposium (2006), pp. 1–6Google Scholar
  65. 65.
    C. Li, J. Gaudiot, Online detection of spectre attacks using microarchitectural traces from performance counters, in 2018 30th International Symposium on Computer Architecture and High Performance Computing (SBAC-PAD), Lyon, France (2018), pp. 25–28Google Scholar
  66. 66.
    M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, M. Hamburg, Meltdown: reading kernel memory from user space, in 27th Security Symposium (USENIX Security) (2018), pp. 973–990Google Scholar
  67. 67.
    L. Liu, S. Vasudevan, Efficient validation input generation in RTL by hybridized source code analysis, in Design, Automation & Test in Europe Conference & Exhibition (DATE), 2011 (IEEE, Piscataway, 2011), pp. 1–6Google Scholar
  68. 68.
    Y. Liu, K. Huang, Y. Makris, Hardware Trojan detection through golden chip-free statistical side-channel fingerprinting, in Proceedings of the 51st Annual Design Automation Conference (DAC ’14) (ACM, New York, 2014), 6 pp. Article 155Google Scholar
  69. 69.
    Y. Lyu, P. Mishra, A survey of side channel attacks on caches and countermeasures. J. Hardw. Syst. Secur. 2, 33–50 (2018)CrossRefGoogle Scholar
  70. 70.
    Y. Lyu, P. Mishra, Efficient test generation for Trojan detection using side channel analysis, in Design Automation and Test in Europe (DATE) (2019)Google Scholar
  71. 71.
    Y. Lyu, X. Qin, M. Chen, P. Mishra, Directed test generation for validation of cache coherence protocols. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 38, 163–176 (2018)CrossRefGoogle Scholar
  72. 72.
    S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards. Advances in Information Security (Springer, New York, 2007)Google Scholar
  73. 73.
    H. Mangassarian, A. Veneris, S. Safarpour, M. Benedetti, D. Smith, A performance-driven QBF-based iterative logic array representation with applications to verification, debug and test, in 2007 IEEE/ACM International Conference on Computer-Aided Design (IEEE, Piscataway, 2007), pp. 240–245Google Scholar
  74. 74.
    K.L. McMillan, Model Checking (Wiley, New York, 2003)zbMATHGoogle Scholar
  75. 75.
    T.S. Messerges, E.A. Dabbish, R.H. Sloan, Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002). [Online] Available: https://doi.org/10.1109/TC.2002.1004593 MathSciNetzbMATHCrossRefGoogle Scholar
  76. 76.
    P. Mishra, M. Chen, Efficient techniques for directed test generation using incremental satisfiability, in International Conference on VLSI Design (2009), pp. 65–70Google Scholar
  77. 77.
    P. Mishra, N. Dutt, Graph-based functional test program generation for pipelined processors, in Design Automation and Test in Europe (DATE) (2004), pp. 182–187Google Scholar
  78. 78.
    P. Mishra, N. Dutt, Functional coverage driven test generation for validation of pipelined processors, in Design Automation and Test in Europe (DATE) (2005), pp. 678–683Google Scholar
  79. 79.
    P. Mishra, N. Dutt, Specification-driven directed test generation for validation of pipelined processors. ACM Trans. Des. Autom. Electron. Syst. 13(2), 36 pp., article 42 (2008)CrossRefGoogle Scholar
  80. 80.
    P. Mishra, S. Bhunia, M. Tehranipoor (eds.), Hardware IP Security and Trust (Springer, Cham, 2017). ISBN: 978-3-319-49024-3Google Scholar
  81. 81.
    A. Nahiyan, K. Xiao, K. Yang, Y. Jin, D. Forte, M. Tehranipoor, AVFSM: a framework for identifying and mitigating vulnerabilities in FSMs, in 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC) (IEEE, Piscataway, 2016), pp. 1–6Google Scholar
  82. 82.
    A. Nahiyan, F. Farahmandi, P. Mishra, D. Forte, M. Tehranipoor, Security-aware FSM design flow for identifying and mitigating vulnerabilities to fault attacks. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 38, 1003–1016 (2018)CrossRefGoogle Scholar
  83. 83.
    S. Narasimhan, D. Du, R.S. Chakraborty, S. Paul, F.G. Wolff, C.A. Papachristou, K. Roy, S. Bhunia, Hardware Trojan detection by multiple-parameter side-channel analysis. IEEE Trans. Comput. 62(11), 2183–2195 (2013)MathSciNetzbMATHCrossRefGoogle Scholar
  84. 84.
    M. Oya, Y. Shi, M. Yanagisawa, N. Togawa, A score-based classification method for identifying hardware-Trojans at gate-level netlists, in Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition (2015), pp. 465–470Google Scholar
  85. 85.
    J. Park, A. Nahiyan, A. Vassilev, Y. Jin, M. Tehranipoor, RTL-PSC: automated power side-channel leakage assessment at register-transfer level. arXiv preprint arXiv:1901.05909 (2019)Google Scholar
  86. 86.
    S. Proch, P. Mishra, Test generation for hybrid systems using clustering and learning techniques, in International Conference on VLSI Design (2016), pp. 589–590Google Scholar
  87. 87.
    X. Qin, P. Mishra, Directed test generation for validation of multicore architectures. ACM Trans. Des. Autom. Electron. Syst. 17(3), article 24, 21 pp. (2012)CrossRefGoogle Scholar
  88. 88.
    X. Qin, P. Mishra, Automated generation of directed tests for transition coverage in cache coherence protocols, in Design Automation and Test in Europe (DATE) (2012)Google Scholar
  89. 89.
    X. Qin, P. Mishra, Scalable test generation by interleaving concrete and symbolic execution, in International Conference on VLSI Design (2014), pp. 104–109Google Scholar
  90. 90.
    X. Qin, M. Chen, P. Mishra, Synchronized generation of directed tests using satisfiability solving, in International Conference on VLSI Design (2010), pp. 351–356Google Scholar
  91. 91.
    R. Rad, J. Plusquellic, M. Tehranipoor, Sensitivity analysis to hardware Trojans using power supply transient signals, in Workshop on Hardware-Oriented Security and Trust (2008), pp. 3–7Google Scholar
  92. 92.
    J. Rajendran, V. Vedula, R. Karri, Detecting malicious modifications of data in third-party intellectual property cores, in Proceedings of the 52nd Annual Design Automation Conference (ACM, New York, 2015), pp. 1–6Google Scholar
  93. 93.
    S. Safarpour, A. Veneris, Abstraction and refinement techniques in automated design debugging, in Seventh International Workshop on Microprocessor Test and Verification (MTV’06) (IEEE, Piscataway, 2006), pp. 88–93Google Scholar
  94. 94.
    S. Saha, R. Chakraborty, S. Nuthakki, Anshul, D. Mukhopadhyay, Improved test pattern generation for hardware Trojan detection using genetic algorithm and Boolean satisfiability, in Cryptographic Hardware and Embedded Systems (CHES) (2015), pp. 577–596Google Scholar
  95. 95.
    H. Salmani, COTD: reference-free hardware Trojan detection and recovery based on controllability and observability in gate-level netlist. IEEE Trans. Inf. Forensics Secur. 12(2), 338–350 (2017)CrossRefGoogle Scholar
  96. 96.
    F. Saqib, D. Ismari, C. Lamech, J. Plusquellic, Within-die delay variation measurement and power transient analysis using REBEL. IEEE Trans. Very Large Scale Integr. VLSI Syst. 23(4), 776–780 (2015)CrossRefGoogle Scholar
  97. 97.
    A. Sayed-Ahmed, D. Gro, M. Soeken, R. Drechsler et al., Formal verification of integer multipliers by combining gröbner basis with logic reduction, in 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE) (IEEE, Piscataway, 2016), pp. 1048–1053Google Scholar
  98. 98.
    K. Sen, G. Agha, CUTE and jCUTE: concolic unit testing and explicit path model-checking tools, in International Conference on Computer Aided Verification (Springer, Berlin, 2006), pp. 419–423Google Scholar
  99. 99.
    A. Smith, A. Veneris, M.F. Ali, A. Viglas, Fault diagnosis and logic debugging using Boolean satisfiability. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 24(10), 1606–1621 (2005)CrossRefGoogle Scholar
  100. 100.
    C. Sturton, M. Hicks, D. Wagner, S.T. King, Defeating UCI: building stealthy and malicious hardware, in 2011 IEEE Symposium on Security and Privacy (SP) (IEEE, Piscataway, 2011), pp. 64–77CrossRefGoogle Scholar
  101. 101.
  102. 102.
    A. Waksman et al., FANCI: identification of stealthy malicious logic using Boolean functional analysis, in CCS (2013), pp. 697–708Google Scholar
  103. 103.
    Y. Yarom, K. Falkner, FLUSH+ RELOAD: a high resolution, low noise, L3 cache side-channel attack, in USENIX Security Symposium, vol. 1 (2014), pp. 22–25Google Scholar
  104. 104.
    X. Zhang, M. Tehranipoor, Case study: detecting hardware Trojans in third-party digital IP cores, in 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST) (IEEE, Piscataway, 2011), pp. 67–70CrossRefGoogle Scholar
  105. 105.
    J. Zhang, F. Yuan, Q. Xu, DeTrust: defeating hardware trust verification with stealthy implicitly-triggered hardware Trojans, in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (ACM, New York, 2014), pp. 153–166Google Scholar
  106. 106.
    J. Zhang, F. Yuan, L. Wei, Y. Liu, Q. Xu, VeriTrust: verification for hardware trust. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 34(7), 1148–1161 (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Farimah Farahmandi
    • 1
  • Yuanwen Huang
    • 2
  • Prabhat Mishra
    • 1
  1. 1.University of FloridaGainesvilleUSA
  2. 2.GoogleMountain ViewUSA

Personalised recommendations