A Simplifying Logic Approach for Gate Level Information Flow Tracking

  • Yu Tai
  • Wei Hu
  • Dejun Mu
  • Baolei Mao
  • Lantian Guo
  • Maoyuan Qin
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 237)


With the increase of design scale and complexity, security vulnerabilities residing in hardware designs become hard to detect. Existing functional testing and verification methods cannot guarantee test and verification coverage in design phase. Fortunately, gate level information flow tracking (GLIFT) has been proposed to enforce bit-tight information flow security from the gate level to detect security vulnerabilities and prevent information leakage effectively. However, there is a significant limitation that the inherent high complexity of GLIFT logic causes significant overheads in static verification and physical implementation. In order to address the limitation, we propose a simplified GLIFT method that incorporates more detailed optimization logic routes to reduce its complexity and allow don’t care to simplify original GLIFT logic. Experimental results have demonstrated that the simplified GLIFT method can reduce the design overhand in several gates by sacrificing a fraction of GLIFT precision.


Hardware security Gate level information flow tracking Security lattice Don’t care Optimization 



This research was financially supported by the National Natural Science Foundation of China under Grant 61303224 and Grant 61672433, the National Cryptography Development Fund under Grant MMJJ20170210.


  1. 1.
    Extracting qualcomms keymaster keys - breaking android full disk encryption (2016).
  2. 2.
    Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hardware trojans. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 197–214. Springer, Heidelberg (2013). Scholar
  3. 3.
    Bell, D.E., LaPadula, L.J.: Secure computer systems: mathematical foundations. Technical report, DTIC Document (1973)Google Scholar
  4. 4.
    Dalton, M., Kannan, H., Kozyrakis. C.: Raksha: a flexible information flow architecture for software security. In: ACM SIGARCH Computer Architecture News, vol. 35, pp. 482–493. ACM (2007)Google Scholar
  5. 5.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Denning, D.E.: Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc., Boston (1982)zbMATHGoogle Scholar
  7. 7.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and privacy, vol. 11, p. 77 (1982)Google Scholar
  8. 8.
    Hu, W., Becker, A., Ardeshiricham, A., Tai, Y., Ienne, P., Mu, D., Kastner, R.: Imprecise security: quality and complexity tradeoffs for hardware information flow tracking. In: Proceedings of the 35th International Conference on Computer-Aided Design, p. 95. ACM (2016)Google Scholar
  9. 9.
    Hu, W., Mao, B., Oberg, J., Kastner, R.: Detecting hardware trojans with gate-level information-flow tracking. Computer 49(8), 44–52 (2016)CrossRefGoogle Scholar
  10. 10.
    Keating, M.: The Simple Art of SoC Design: Closing the Gap Between RTL and ESL. Springer Science & Business Media, Heidelberg (2011). Scholar
  11. 11.
    Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information flow control for standard OS abstractions. In: ACM SIGOPS Operating Systems Review, vol. 41, pp. 321–334. ACM (2007)Google Scholar
  12. 12.
    Mu, D., Hu, W., Mao, B., Ma, B.: A bottom-up approach to verifiable embedded system information flow security. IET Inf. Secur. 8(1), 12–17 (2014)CrossRefGoogle Scholar
  13. 13.
    Pottier, F., Simonet, V.: Information flow inference for ML. ACM Trans. Program. Lang. Syst. (TOPLAS) 25(1), 117–158 (2003)CrossRefzbMATHGoogle Scholar
  14. 14.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003)CrossRefGoogle Scholar
  15. 15.
    Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.L Secure program execution via dynamic information flow tracking. In: ACM Sigplan Notices, vol. 39, pp. 85–96. ACM (2004)Google Scholar
  16. 16.
    Tiwari, M., Wassel, H.M., Mazloom, B., Mysore, S., Chong, F.T., Sherwood, T.: Complete information flow tracking from the gates up. In: ACM Sigplan Notices, vol. 44, pp. 109–120. ACM (2009)Google Scholar
  17. 17.
    Vandebogart, S., Efstathopoulos, P., Kohler, E., Krohn, M., Frey, C., Ziegler, D., Kaashoek, F., Morris, R., Mazières, D.: Labels and event processes in the asbestos operating system. ACM Trans. Comput. Syst. (TOCS) 25(4), 11 (2007)CrossRefGoogle Scholar
  18. 18.
    Venkataramani, G., Doudalis, I., Solihin, Y., Prvulovic, M.: Flexitaint: a programmable accelerator for dynamic taint propagation. In: 2008 IEEE 14th International Symposium on High Performance Computer Architecture, pp. 173–184. IEEE (2008)Google Scholar
  19. 19.
    Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2–3), 167–187 (1996)CrossRefGoogle Scholar
  20. 20.
    Zhang, D., Wang, Y., Suh, G.E., Myers, A.C.: A hardware design language for timing-sensitive information-flow security. In: The Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2015, pp. 503–516, New York, NY, USA (2015)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  • Yu Tai
    • 1
  • Wei Hu
    • 1
  • Dejun Mu
    • 1
  • Baolei Mao
    • 1
  • Lantian Guo
    • 1
  • Maoyuan Qin
    • 1
  1. 1.School of AutomationNorthwestern Polytechnical UniversityXi’anChina

Personalised recommendations