Go to DBLP homepageRTL-Spec: RTL Spectrum Analysis for Security Bug Localization
Abstract: Modern System-on-Chip (SoC) designs are integrated with intellectual property (IPs) cores to achieve complex functionalities. While this integration significantly improves the computing power of SoCs, it also leads to an increase in verification complexity pertaining to the security of the SoC design. Existing SoC verification techniques do not offer localization capability to pinpoint the root causes of security vulnerabilities in the register transfer level (RTL) code. This leads to significant delay, incurred due to SoC debugging. Fault localization techniques, such as spectrum-based methodologies, are used predominantly in software validation and testing to debug and localize bugs in programs. However, due to the absence of any such techniques that correlate faulty output with individual lines of RTL code, approaches that can detect vulnerabilities in the hardware have not yet been adopted. In order to circumvent this, in this paper, we, for the first time, propose RTL-Spec, a RTL level security vulnerability localization framework that aims to pinpoint buggy lines in the RTL code to ensure the security of the SoC design in its pre-silicon phase. RTL-Spec achieves this by establishing a correlation between the effects of input patterns in simulation runs and the corresponding statements in the RTL code. The subsequent stage employs a spectrum-based localization technique to identify buggy statements in RTL that might cause vulnerabilities. The efficacy of RTL-Spec was assessed using a buggy version of PULPissimo SoC, utilized in the “Hack @DAC2018” competition. RTL-Spec accurately identified the origin of all 14 vulnerabilities in the RTL code and achieved a precision of 100 % in 10 out of the 14 cases.
Loading