Automatic Asset Identification for Assertion-Based SoC Security Verification

The ubiquitous presence and utilization of System-on-Chips (SoCs) have made them critical to our daily life. As SoCs become more complex to meet multiple applications, their susceptibility to security threats has also increased. The comprehensive security assurance of an SoC system requires a deep knowledge of the design and security-critical assets that must be protected. As SoC applications vary, the assets vary in number, type, importance-level, and form based on the various hardware blocks that construct the SoC and their complex interactions. Some assets are distinctive in their definition and characteristics, making them easily identifiable, such as encryption/decryption keys, logic locking keys, etc. However, other assets, such as system bus control registers that are internal to the design, require a more complex design analysis. Automatic identification of these security assets at the pre-silicon stage can help designers take the necessary precautions to protect them. Equipped with the security assets, designers can then incorporate techniques to protect these security assets against various threats such as information leakage, side-channel leakage, access control violations, and more. This paper presents the variation among security assets based on hardware design and defines specific attributes to help classify them. Then, we introduce SAIF, an automated framework that can help identify security assets for a design at the register-transfer level (RTL). We introduce a set of metrics into SAIF to perform comprehensive vulnerability analysis and identify security assets that are prone to specific vulnerabilities. Lastly, we report our findings on the effectiveness of SAIF for various open-source hardware designs and finalists of the National Institute of Standards and Technology (NIST) lightweight crypto standardization process such as ASCON, GIFT-COFB & Romulus. We show that SAIF can automatically identify critical security assets in a design with high accuracy and performance. Moreover, we analyze the security implication of the identified secondary assets to show their importance in pre-silicon security verification.