# New frontiers in Security Verification: Fuzzing and Penetration Testing

### **Farimah Farahmandi**

Wally Rhines Endowed Professor in Hardware Security Assistant Professor, Dept. of Electrical and Computer Engineering, UF Associate Director, Florida Institute for Cybersecurity (FICS)





### **SoC Security Verification**

Definition of Security Verification, The "Verification Crisis", Challenges, Promising Solutions

#### Part 1: Fuzzy/Fuzz Testing

Background, High-Level Overview, Proposed Approaches, Results, Comparison, Summary

### Part 2: Penetration (Pen) Testing

Background, Definition, High-Level Overview, Example Framework, Results, Summary



### **SoC Security Verification**

Definition of Security Verification, The "Verification Crisis", Challenges, Promising Solutions

#### Part 1: Fuzzy/Fuzz Testing

Background, High-Level Overview, Proposed Approaches, Results, Comparison

### **Part 2: Penetration (Pen) Testing**

Background, Definition, High-Level Overview, Example Framework, Results, Summary

### **SoC Market Size**





SoC market value is growing thanks to AI accelerators, increased connectivity, and diversity of applications

### **EDA Market Size**





# Modern SoCs: Security is a Challenge



On-chip device keys (developer/OEM) Device configuration Manufacturer Firmware Application software On-device sensitive data Communication credentials Random number or entropy E-fuse,

PUF, and more...



## **Ensuring security is a challenge**

Image Source: https://novelbits.io/chipset-vs-module-bluetooth-le-solutions-the-ultimateguide/

# **Growing # Vulnerabilities – Verification is a MUST**



Fault Injection Privilege Escalation Trojan Insertion Trace Buffer EM Side-Channel **CLKSCREW Denial-of-Service** Vector Rewrite Rowhammer **Power Side-Channel Direct Memory Access** BranchScope Bitstream Encryption Cracking

Plundervolt Access Control Meltdown and Spectre Machine Learning Information Leakage Trusted Execution **Environment Breaking** Reset and Flush Branch Shadowing **Bitstream Tampering Reverse Engineering** Timing Side-Channel Integrity

#### Strong Algorithm & Architecture



Weak Implementation & Execution



# **Security: An Indispensable Aspect of Verification**



- In addition to functional, performance requirements, security requirements have recently emerged important concerns:
  - Lack of understanding of security vulnerabilities by designers
  - Recent reports of critical hardware security vulnerabilities in commercial products



# **Need for Dynamic Verification: A Case Study**



- In a RISC-V SoC
  - There may be up to 3 privilege levels: M, S and U
  - Privileged access is protected through a complex interplay between hardware and software



**Assume:** M and U-modes are implemented

All rights reserved

# **Need for Dynamic Verification: A Case Study**



- In a RISC-V SoC
  - When an illegal access is detected, hardware raises an *illegal instruction exception*
  - The hardware program counter will jump to address stored in register *mtvec*
    - $\rightarrow$  *mtvec* needs to be configured properly
  - Software trap handler code will handle the response
- Hardware-software interplay is indispensable for protection of assets.



Assume: M and U-modes are implemented, baremetal scenario

All rights reserved

# Alibaba's T-Head C910 RISC-V, April 2024



- German Center for Information Security has found serious security flaws in Alibaba's T-Head Semiconductors containing RISC-V processors
- T-Head 4 core, TH1520 SoC now dubbed "GhostWrite", allowing hackers access to read and write physical memory and execute arbitrary code
- Bad Actors can take over the SoC and hijack the host, the vulnerability lies in faulty instructions in the RTL chip design
- Given the instructions are "baked" into the design, silicon, it cannot be fixed with a Software update



# **Comparison of Traditional Methods**



| Method                       | Model     | Limitation                                          | Scalability | Automation |
|------------------------------|-----------|-----------------------------------------------------|-------------|------------|
| Formal property verification | White-box | False positive, state<br>explosion, low<br>accuracy | Low         | Low        |
| Symbolic, Concolic           | White-box | Path explosion, low accuracy                        | Low         | Moderate   |
| Genetic Algorithms           | White-box | Reliance on structural features                     | Low         | Moderate   |
| ML                           | White-box | Reliance on structural features                     | High        | Moderate   |

- Traditional methods presuppose white-box knowledge
  - A major pitfall given today's SoC supply chain context
- vast majority of traditional Hw verification methods are not dynamic
  - Unable to consider HW-SW interactions

# **Promising Solutions: Test Generation for Security**





# Outline



### **SoC Security Verification**

Definition of Security Verification, The "Verification Crisis", Challenges, Promising Solutions

#### Part 1: Fuzzy/Fuzz Testing

Background, High-Level Overview, Proposed Approaches, Results, Comparison, Summary

#### **Part 2: Penetration (Pen) Testing**

Background, Definition, High-Level Overview, Example Framework, Results, Summary



An automatic testing technique

Uses invalid/semi-valid/valid data as application input

Targets numerous boundary/corner cases

Used to generate and feed the target program with plenty of test cases to trigger bugs

Ensures the absence of exploitable vulnerabilities

Widely used in software domain for bug detection



**Typical Fuzzing Technique Overview** 

# **Current Fuzzing Practices for Hardware Verification**

CPU

Fuzzer



#### Direct Fuzzing on Hardware

Apply mutated inputs to HW directly

Software simulation

FPGA based emulation

#### Advantages

Faster (emulation) and scalable

Effective for HW/SW co-layer verification

Disadvantages

Motivation: Utilizing a real-time HW Emulation Platform for Fuzzing

Shared Memory

Input

Buffer

Coverage Buffer

Fuzzer w/ FPGA-accelerated Simulation

Limited permissions in some low-level

#### Fuzzing Hardware as Software

HW RTL SW model by Verilator

Fuzz SW model

Crashes Vul. Detection

Advantages

Less time required for initial preparation

Disadvantages

Emerging vulnerabilities due to translation



Ref. Laeufer, Kevin, et al. "RFUZZ: Coverage-directed fuzz testing of RTL on FPGAs." 2018 *IEEE/ACM International Conference on Computer-Aided Design (ICCAD)*. ACM, 2018.

DMA

FPGA

DUT

Stream

Unit

Ref. Trippel, Timothy, et al. "Fuzzing hardware like software." *31st USENIX Security Symposium (USENIX Security 22).* 2022.

# **Experiment: RTL Code with Vulnerability**





# **Experiment: Security Property**



Assume: Data write enable bit is never been set in any previous cycle Data write happens and lock bit set set in a cycle Provided written data and data intended to be written next are not same Check intended data to be written in figure goes to the output port Assertion failure happens!!!!





american fuzzy lop 2.57b (Vlocked\_register\_example)

| - process timing                     |                   | - overall results         |
|--------------------------------------|-------------------|---------------------------|
| run time : 0 days, 0 hrs, 24         | min 50 sec        | cycles done : 6782        |
|                                      |                   | 2                         |
| last new path : n/a (non-instrumen   |                   | total paths : 1           |
| last uniq crash : 0 days, 0 hrs, 0 m | in, 0 sec         | uniq crashes : 293        |
| last uniq hang : none seen yet       |                   | uniq hangs : 0            |
| - cycle progress                     | 🖵 map coverage 🗕  |                           |
| now processing : 0* (0.00%)          | map density :     | 0.00% / 0.00%             |
| paths timed out : 0 (0.00%)          | count coverage :  | 0.00 bits/tuple           |
| — stage progress —                   | 🕂 findings in dep | th                        |
| now trying : havoc                   | favored paths :   | 0 (0.00%)                 |
| stage execs : 207/256 (80.86%)       | new edges on :    | 0 (0.00%)                 |
| total execs : 1.74M                  | total crashes :   | 293 (293 unique)          |
| exec speed : 1159/sec                | total tmouts :    | 0 (0 unique)              |
| — fuzzing strategy yields            |                   | path geometry ————        |
| bit flips : 0/120, 0/119, 0/117      |                   | levels : 1                |
| byte flips : 0/15, 0/14, 0/12        |                   | pending : 0               |
| arithmetics : 0/837, 0/563, 0/277    |                   | pend fav : 0              |
| known ints : 0/66, 0/276, 0/421      |                   | own finds : 0             |
| dictionary : 0/0, 0/0, 0/0           |                   | <pre>imported : n/a</pre> |
| havoc : 292/1.74M, 0/0               |                   | stability : n/a           |
| trim : n/a, 0.00%                    | _                 |                           |
|                                      |                   | [cpu000: <b>51</b> %]     |

293 Unique crashes identified in 24 minutes!



# Our Proposed Framework SoCFuzzer

# **Proposed Direct Fuzzing Framework: SoCFuzzer**



#### SoCFuzzer SoC Vulnerability Detection using Cost Function enabled Fuzz Testing

Scalable and automated framework for SoC security verification

Develop evaluation metrics, cost function, and feedback for runtime update of mutation strategies

Global minima of cost function Vulnerability detection

Implementation Emulation board: Genesys 2 Kintex-7 FPGA Development Board, SoC: 64-bit RISC-V Ariane

HW debugging: Xilinx Integrated Logic Analyzer (ILA), Monitoring: JTAG, OS: Linux, Mutation Engine: AFL Fuzzer



Ref. Hossain, Muhammad Monir, et al. "SoCFuzzer: SoC Vulnerability Detection using Cost Function enabled Fuzz Testing." 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 2023.

# **SoCFuzzer Evaluation Metrics**



Objective: guides fuzzing to generate smarter-than-random test inputs based on metrics

Few metrics based on security properties

Evaluate the quality of mutated inputs

Estimate the chances of hitting a potential malicious behavior

Faster convergence by a feedback utilizing metrics faster triggering the vulnerability



# **SoCFuzzer Cost Function and Feedback**



#### Cost Function

$$F_{c} = 1 - \frac{(1 - f_{r}) + f_{a} + f_{c} + f_{o}}{n} = \frac{n - 1}{n} - \frac{1}{n}(f_{a} + f_{c} + f_{o} - f_{r})$$

- Developed based on proposed fuzzing evaluation metrics, M1, M2, M3, and M4
- Fuzzing objective: minimizing cost function (global minima vulnerability triggered)

#### Feedback

$$CFIR = -\frac{\delta F_c}{\delta r} = -\frac{F_{c2} - F_{c1}}{r_2 - r_1}$$

- Positive CFIR better fuzzing Continue mutation w/ the same mutation strategy
- Negative CFIR Mutation against objective Change the mutation strategy
- CFIR estimated after each frequency of feedback generation (*FREQ*<sub>fb</sub>) iterations



# **Experimental Setup**



#### Vulnerabilities in Ariane SoCs

| Index | Vulnerability                                                          | Location      | Triggering Condition                   | Output Behavior                 | Ref.              |
|-------|------------------------------------------------------------------------|---------------|----------------------------------------|---------------------------------|-------------------|
| SV1   | Leaking the AES secret key through the common bus in the SoC           | AES IP        | Specific plaintext                     | AES Key leaks to PO             | CVE-2018-<br>8922 |
| SV2   | A Trojan injects a delay in the AES IP in cipher conversion            | AES IP        | Specific plaintext                     | Ciphertext not resulted in time | AES-T500          |
| SV3   | Incorrect implementation of logic to detect the<br>FENCE.I instruction | CPU (dec)     | imm ≠ 0 & rs1 ≠ 0                      | Illegal instr exception raised  | CWE-440           |
| SV4   | Execute machine-level instructions from user mode                      | CPU (dec)     | Execute "mret" instruction             | No exception exhibited          | CWE-1242          |
| SV5   | Access to CSRs from lower privilege level                              | Register file | <i>mstatus_reg</i> r/w from user space | No exception exhibited          | CWE-1262          |

| <b>Cost Function Development</b>                                                                                                         | Index | σ | Input           |          | Out              | Effective |                       |
|------------------------------------------------------------------------------------------------------------------------------------------|-------|---|-----------------|----------|------------------|-----------|-----------------------|
|                                                                                                                                          |       |   | Data            | Length   | Signal           | Length    | Length ( <i>N-d</i> ) |
|                                                                                                                                          | SV1   | 1 | Plaintext       | 128 bits | Ciphertext       | 128 bits  | 128 bits              |
|                                                                                                                                          | SV2   | 1 | Plaintext       | 128 bits | Control Register | 32 bits   | 128 bits              |
|                                                                                                                                          | SV3   | 0 | Instruction     | 32 bits  | Exception Raised | N/A       | 32 bits               |
|                                                                                                                                          | SV4   | 0 | Instruction     | 32 bits  | No Exception     | N/A       | 32 bits               |
|                                                                                                                                          | SV5 0 |   | CSR instruction | 32 bits  | No Exception     | N/A       | 12 bits               |
| $F_{c,SV1} = \frac{n-1}{m-1} - \frac{1}{m-1} \left[ \frac{\sigma}{m-1} \sum_{k=1}^{z} (h(C_{r-1,k}, C_{r,k})) + \frac{u_i}{m-1} \right]$ |       |   |                 |          |                  |           |                       |

Example Cost Function for SV1

$$F_{c,SV1} = \frac{n-1}{n} - \frac{1}{n} \left[ \frac{\sigma}{\sum_{j=1}^{z} l_z} \sum_{k=1}^{z} (h(C_{r-1,k}, C_{r,k})) + \frac{u_i}{2^{N-d}} + \frac{1}{m} \sum_{k=1}^{m} (C_{r,k} = AES_{key}) - \frac{2}{r(r-1)} \sum_{j=1}^{r-1} \sum_{k=j+1}^{r} \frac{h(P_j, P_k)}{l_P} \right]$$

#### **Results Analysis**



Contd.

SoCFuzzer with the feedback CFIR outperforms the conventional fuzzing without our proposed feedback An optimum value required for  $FREQ_{fb}$ , a low value insufficient samples to evaluate, high value too much time with an inefficient mutation strategy

For all quality of seeds, SoCFuzzer with the proposed feedback shows excellency in faster triggering vul.



# **Results Analysis**



| Summary Results: Vulnerability Detection                                                                   |     | HD(seed<br>, VTI) | <b>FREQ</b> <sub>fb</sub> | No. of Execut     | Speed     |        |
|------------------------------------------------------------------------------------------------------------|-----|-------------------|---------------------------|-------------------|-----------|--------|
| For optimum <i>FREQ<sub>fb</sub></i> , SoCFuzzer detects all vul. in less time w/ variety quality of seeds |     | , • • • • •       |                           | Fuzzing w/o CF_FB | SoCFuzzer | up     |
| SoCFuzzer saved at least 50% of verification                                                               | SV1 | 62.50%            | 7                         | 10968             | 2862      | 73.91% |
| time                                                                                                       | SV2 | 62.50%            | 6                         | 21319             | 2999      | 85.93% |
|                                                                                                            | SV3 | 25%               | 6                         | 361               | 180       | 50.14% |
|                                                                                                            | SV4 | 43.75%            | 5                         | 415               | 162       | 60.96% |
|                                                                                                            | SV5 | 66.67%            | 6                         | 968               | 275       | 71.59% |

HD(seed, VTI): HD of Seed and Vulnerability Triggering Input CF\_FB: Cost Function enabled Feedback FI

| REQ <sub>fb</sub> : | Optimum | <b>FREQ</b> <sub>fb</sub> |
|---------------------|---------|---------------------------|
|---------------------|---------|---------------------------|

| Compare<br>w/ | Index        | Fuzzer<br>Engine                        | Frame-<br>work | Target     | Feedback to Mutation Engine                          | Golden<br>Model |
|---------------|--------------|-----------------------------------------|----------------|------------|------------------------------------------------------|-----------------|
| HW            | RFUZZ        | HW Fuzzer                               | FPGA Emu       | IP Designs | MUX coverage                                         | Yes             |
| Fuzzing       | DifuzzRTL    | HW Fuzzer                               | FPGA           | CPU Design | Control-register Code coverage                       | Yes             |
| Approach      | Hyperfuzzing | SW Fuzzer                               | SW Sim         | SoC Design | NoC, Instruction and Bitflip Monitors                | Yes             |
|               | TheHuzz      | HW Fuzzer                               | HDL Sim        | CPU Design | Statement, toggle, branch expression, condition, FSM | Yes             |
|               | SoCFuzzer    | Modified HW Fuzzer using CF and Metrics | FPGA           | SoC Design | Cost Function based (vulnerability-oriented)         | No              |





### Efficient Seeds for HW-oriented Fuzzing

- Optimization and selection of seed(s)
- Potentially less dependency on initial seed



#### Proposed Fuzzing Framework: TaintFuzzer

Scalable and automated framework for SoC security verification

Leverage taint propagation for more HW-oriented fuzzing (mutation)

Leverage taint inference for generating smart seeds from initials

Utilize taint inference in cost function and feedback development for efficiency in HW fuzzing

Proposed cost function and feedback for runtime update of mutation strategies



### Smart Seeds Evolution, Cost Function and Feedback

#### Smart Seeds Evolution

Definition: smart seeds expedite mutations in triggering vulnerability

Challenging to select an initial seed: Can't be selected in a trivial process or arbitrarily

Inefficient seeds increased verification time

Smart seeds derived based on proposed metric HW Seed Impact Factor (Is)

Randomly mutated inputs from initial with seed w/ higher Is smart seeds

Is considers impact on HW behavior and proximity of malicious behavior

Smart seeds used for longer deterministic mutation (efficient)

**HW Seed Impact Factor** 
$$I_s = \frac{1}{l_i \times z} \sum_{k=1}^{l_i} W_{S[k]} + \{1 - \frac{1}{m} \sum_{k=1}^m h(o_{r,k}, o_{t,k})\}$$

$$\begin{array}{c} \text{Cost Function} \\ F_{c} = 1 - \frac{1}{4} \times \left[\frac{n_{t}}{z} + \left\{1 - \frac{2}{r(r-1)}\sum_{j=1}^{r-1}\sum_{k=j+1}^{r}h(S_{j},S_{k})\right\} \\ + \left\{1 - \frac{1}{m}\sum_{k=1}^{m}h(o_{r,k},o_{t,k})\right\} + \frac{n_{u}}{2^{N}}\right] \end{array} \qquad \begin{array}{c} \text{Feedback} \\ CDCF = -\sum_{k=2}^{f_{f}}\left(F_{c_{k}} - F_{c_{k-1}}\right) \\ CDCF = -\sum_{k=2}^{f_{f}}\left(F_{c_{k}} - F_{c_{k-1}}\right) \\ \end{array}$$

# **Results Analysis**



#### Summary Results: Vulnerability Detection

Only few iterations required to mutate smart seeds ( $\sim$ 6x to  $\sim$ 12x)

Saved at least 32% of verification time compared to fuzzing w/o proposed feedback Saved 11.68% verification time compared to SoCFuzzer framework

| Index | #SS | $f_f$ | Iterations for | lterations for |           | No. of Iterations |           | f Verification Time w.r.t. |
|-------|-----|-------|----------------|----------------|-----------|-------------------|-----------|----------------------------|
| maex  | 100 | JJ    | Smart Seeds    | $TF_{NF}$      | SoCFuzzer | $TF_{CDCF}$       | $TF_{NF}$ | SoCFuzzer                  |
| SV1   | 10  | 5     | 79             | 1610           | 784       | 629               | 56.02%    | 9.69%                      |
| SV2   | 10  | 4     | 64             | 808            | 269       | 197               | 67.70%    | 2.97%                      |
| SV3   | 10  | 6     | 88             | 4789           | 2548      | 1945              | 57.55%    | 20.21%                     |
| SV4   | 5   | 5     | 34             | 454            | 364       | 272               | 32.56%    | 15.93%                     |
| SV5   | 5   | 5     | 31             | 413            | 237       | 181               | 48.69%    | 10.54%                     |
| SV6   | 20  | 7     | 243            | 13311          | 6389      | 5261              | 58.65%    | 13.85%                     |
| SV7   | 30  | 5     | 315            | 6063           | 3186      | 2597              | 51.97%    | 8.60%                      |
| USV1  | 20  | 7     | 225            | N/A            | N/A       | 10783             | N/A       | N/A                        |
| USV2  | 30  | 5     | 327            | N/A            | N/A       | 7311              | N/A       | N/A                        |
| USV3  | 10  | 5     | 83             | N/A            | N/A       | 1147              | N/A       | N/A                        |

#SS: No. of Smart Seeds  $f_f$ : Frequency of Feedback Evaluation.

 $TF_{NF}$ : TaintFuzzer w/o proposed Feedback  $TF_{CDCF}$ : TaintFuzzer w/ CDCF.

TaintFuzzer also detected few unknown vulnerabilities in the Ariane SoC

| Index | Vulnerability                                                                  | Location  | Triggering Condition  | Output Behavior            |
|-------|--------------------------------------------------------------------------------|-----------|-----------------------|----------------------------|
| USV1  | Allow retrieving last ciphertext of encryption operation for AES module in SoC | AES IP    | Specific plaintext    | Read last ciphertext       |
| USV2  | Release intermediate result of encryption as final ciphertext                  | AES IP    | Specific plaintext    | Intermediate<br>ciphertext |
| USV3  | No exception while executing an illegal instruction (MULH)                     | CPU (Dec) | (rd = rs1 v rd = rs2) | No exception raised        |





### When to evaluate a new feedback?

• Auto tuning of frequency of feedback evaluation



Reinforcement learning guided emulation based framework developed based on SoCFuzzer
RL utilizes cost function-based feedback to tune mutation strategies and when getting feedback
Increasing cost function RL penalty, decreasing cost function RL reward
Vulnerability trigger: Global minima (based on properties) or local minima of cost function
SoC: RISC-V-based 64-bit Ariane SoC, HW debugging: Xilinx Integrated Logic Analyzer (ILA)
Emulation board: Genesys 2 Kintex-7 FPGA Development Board



## SoCFuzzer+ AI Model

#### RL Learning

An agent learns to interact w/ environment to maximize cumulative reward

Training agent to make action towards a goal

Action results in feedback as reward or penalty

### State Set $S_r : \{\Delta m_1, \Delta m_2, \Delta m_2, \Delta m_2\}$ $S = \{S_{f_{min}}, ..., S_i, S_{i+1}, ..., S_{f_{max}}\}$ $f_{min} \le i \le f_{max}$

Change in metric values define the state

A state represents a frequency of feedback evaluation and a mutation strategy

Action Set

$$\mathcal{A} = \{\mathcal{A}_1, \mathcal{A}_2, \mathcal{A}_3, \mathcal{A}_4, \dots, \mathcal{A}_m\} \mid \mathcal{A}_m = \{a_m, f_{f_i}\} \mid f_{f_{min}} \leq f_{f_i} \leq f_{f_{max}}$$

An action set is chosen from a particular state for a particular number of iterations in fuzzing Action set consists of a particular mutation strategy and frequency of feedback evaluation



 $S_i = \{(S_i, 1), (S_i, 2), ..., (S_i, j)\}$ 



# **SoCFuzzer+ AI Model**

#### State Transition Function

$$N_{States} = \frac{2}{\Delta t} \times \frac{2}{\Delta t} \times \frac{2}{\Delta t} \times \frac{2}{\Delta t} = \frac{16}{(\Delta t)^4} \qquad \qquad N_t = \begin{pmatrix} 1 \\ 0 \end{pmatrix}$$

$$= \begin{pmatrix} N_{States} \\ 2 \end{pmatrix}$$

Determines how likely an against move from one to another state

- Implement stochastic state transition for a new module, i.e., initially randomized Q-table
- Utilize mature Q-table over time for more deterministic state transition

Action chosen best on the highest reward in Q-table for the current state

| Agent Rewards                                           |                         | $(-r_1,$ | CFIR < 0                              |
|---------------------------------------------------------|-------------------------|----------|---------------------------------------|
| Provided based on cost function improvement rate (CFIR) | $\mathcal{D}$ —         | $r_2,$   | $CFIR = 0 \lor \Delta CFIR \approx 0$ |
| +ve CFIR Reward, Max reward CF minima                   | $\mathcal{K} = \langle$ | $r_3,$   | $CFIR > 0, r_3 > r_2$                 |
| Negative CFIR Penalty (negative reward)                 |                         | $T_r,$   | $M4 = 0 \land CFIR = 0$               |

#### Q-Table

Q-table updated after certain iterations

- $\alpha$  Learning rate
- y discount factor

$$\mathcal{Q}^{new}(\mathcal{S}_t, \mathcal{A}_t) = (1 - \alpha)\mathcal{Q}(\mathcal{S}_t, \mathcal{A}_t) + \alpha(\mathcal{R}_{t+1} + \gamma \max_{\mathcal{A}_t} \mathcal{Q}(\mathcal{S}_{t+1}, \mathcal{A}_t))$$

#### **Results Analysis**

#### Contd.



Decreasing iterations significantly for triggering a vulnerability over the trial in RL model

E.g., in worst case, first vulnerability detection in 20K, decreases to 15K in second trial



Performance evolution over the trials while verifying the Ariane SoC modules

# **Results Analysis**



#### Summary Results: Vulnerability Detection

Saved at least 47% of verification time comparing w/o proposed AI feedback

Saved at least 15% of verification time comparing to SoCFuzzer framework

Saved 23% verification time on average comparing to prior SoCFuzzer framework

Detected three unknown vulnerabilities

| Index | Num        | ber of Executions | (Average)         | Spee         | d Up       |
|-------|------------|-------------------|-------------------|--------------|------------|
|       | $F_{NPNF}$ | SoCFuzzer [32]    | SoCFuzzer+        | <b>S</b> 1   | S2         |
| SV1   | 23489      | 10832             | 9161              | 61.00%       | 15.43%     |
| SV2   | 21938      | 8387              | 6644              | 69.71%       | 20.78%     |
| SV3   | 483        | 258               | 190               | 60.66%       | 26.36%     |
| SV4   | 452        | 311               | 237               | 47.57%       | 23.79%     |
| SV5   | 478        | 293               | 242               | 49.44%       | 17.52%     |
| SV6   | 397        | 226               | 140               | 64.82%       | 38.20%     |
| SV7   | 449        | 214               | 172               | 61.77%       | 19.78%     |
| SV8   | 3247       | 1922              | 492               | 84.85%       | 74.40%     |
| USV1  | N/A        | N/A               | 16392             | N/A          | N/A        |
| USV2  | N/A        | N/A               | 37163             | N/A          | N/A        |
| USV3  | N/A        | N/A               | 826               | N/A          | N/A        |
| ENDA  | Euzzine    | y w/o proposed co | st-function-based | feedback and | 1 AI model |

 $F_{NPNF}$ : Fuzzing w/o proposed cost-function-based feedback and AI model. S1: SoCFuzzer+ speedup w.r.t.  $F_{NPNF}$  and S2: Speedup w.r.t. SoCFuzzer.

| Index | Vulnerability                                                         | Location    | Triggering Condition | Output Behaviour        | Reference |
|-------|-----------------------------------------------------------------------|-------------|----------------------|-------------------------|-----------|
| USV1  | A Trojan allows exposure of the previous cipher for AES module in SoC | AES IP      | Specific plaintext   | Read last ciphertext    | CWE-401   |
| USV2  | A Trojan leaks intermediate result as final cipher                    | AES IP      | Specific plaintext   | Intermediate ciphertext | [4]       |
| USV3  | CSR read access to undefined High Performance Counter (HPC)           | Register Fi | le hpmcounter read   | No exception raised     | CWE1281   |

#### Unknown Vulnerability Detection

# Outline



### **SoC Security Verification**

Definition of Security Verification, The "Verification Crisis", Challenges, Promising Solutions

#### **Part 1: Fuzzy/Fuzz Testing**

Background, High-Level Overview, Proposed Approaches, Results, Comparison, Summary

### Part 2: Penetration (Pen) Testing

Background, Definition, High-Level Overview, Example Framework, Results, Summary

# **Security Verification by Hardware Penetration Test**



#### SHarPen: <u>Security Verification by Hardware Pen</u>etration Test



### • High level overview:

- Cost function driven grey box hardware penetration testing framework
- Both simulation and emulation compatible
- Self-evolutionary test pattern generation through Binary Particle Swarm Optimization
- Capable of triggering hardware vulnerabilities even with remote (software) access
- Applicable across a wide variety of threat models
- Fundamental insight Security policies can be represented as mathematical cost functions such that
  - finding global optimal will trigger the vulnerabilities (if they exist) that violate them

#### All rights reserved

### • Requirements:

- <u>PR1:</u> The tester possesses a high-level knowledge of potential vulnerabilities and their high-level impact on neighboring signals/modules.
- <u>PR2:</u> The tester can observe a sub-set of signals of the design that might be impacted by the vulnerabilities (grey-box).
- <u>PR3:</u> The tester can control a sub-set of relevant signals of the design to the vulnerabilities (grey-box).

#### Steps:

|                      | Translate                                                 | Exercise                                                                                                                | Monitor                                                                                  | Evaluate                                                       | Mutate                                                      | Detect                                                                                      |
|----------------------|-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|----------------------------------------------------------------|-------------------------------------------------------------|---------------------------------------------------------------------------------------------|
| Hardware<br>Pen Test | Translate<br>security<br>policies to<br>cost<br>functions | <ul> <li>Apply test<br/>patterns to<br/>exercise<br/>the DUT</li> <li>Simulate<br/>or emulate<br/>the design</li> </ul> | Observe<br>relevant<br>quantities<br>(e.g.,CSRs<br>, internal<br>signals)<br>All righter | • Use<br>observed<br>values to<br>evaluate<br>cost<br>function | • Use<br>feedback<br>to<br>generate<br>new test<br>patterns | <ul> <li>If global<br/>optima is<br/>reached,<br/>vulnerability<br/>is detected.</li> </ul> |

# **Step 1: Translate Security Policies**



- Translate: Translate security policies to grey box cost functions
- Example 1:
  - Detecting information leaking + DoS trojans in AES
  - No structural/implementation knowledge assumed about the AES (Grey-Box).

Security policies

Asset should not show up at:

- Read/write channel ( $r_{data}$  /  $w_{data}$ ) of shared bus
- Memory locations ( $mem_{data}$  accessible by untrusted IPs
- Handshaking signal ( $vo_{clk}$ ) should be asserted at the enc encryption within few clock cycles.

 $F = \alpha_1 HD(r_{data}, SC)$  $\alpha_2 HD(w_{data}, SC)$ +  $\alpha_3 \Sigma HD(mem_{data}, SC) +$  $\alpha_4 HD(v_{out}, 0)$ 

HD:= Hamming Distance SC:= Secret Key; α= C. Parameter

# Step 2 and 3: Exercise and Monitor

- We propose two variants of SHarPen
  - One is simulation compatible, other emulation compatible



#### **Simulation Framework**

- RTL is converted to equivalent C++ model
- The user space program is run on the software model (Exercise)
- The .vcd file is parsed to observe relevant signals (Monitor)



#### **Emulation Framework**

- RTL is instrumented, synthesized and then prototyped on an FPGA.
- The user space program is directly run on the hardware (Exercise at-speed)
- Monitor relevant signals through Host PC via debug port (Monitor)/ ILA core





# **Step 4 and 5: Evaluate and Mutate**

- For example 1:
  - If there's a violation of security policy
    - $\rightarrow$  At least one term becomes 0

$$\begin{split} F &= \alpha_1 HD(r_{data},SC) + \alpha_2 HD(w_{data},SC) + \alpha_3 \sum HD(mem_{data},SC) + \\ & \alpha_4 HD(v_{out},1) \\ & \rightarrow \text{ set to 0 when any of the terms is 0} \end{split}$$

Figure: BPSO finding minima of a function \* \*Source: Wikipedia

### • Insight:

- This becomes a mathematical function minimization problem
- Binary Particle Swarm Optimization (BPSO) is a viable solution
  - No training required
  - Adaptable to binary input vectors
  - Less prone to getting stuck in local minima.





# **Step 6: Detect**



- Mutate test patterns (Baremetal C code for example 1) until convergence.
- $F = \alpha_1 HD(r_{data}, SC) + \alpha_2 HD(w_{data}, SC) + \alpha_3 \Sigma HD(mem_{data}, SC) + \alpha_4 HD(vo_{clk}, 1)$
- If there's a violation of a security policy, corresponding to current generation of swarm At least one term becomes 0
  - F evaluates to 0
  - The vulnerability is triggerable/exploitable with current input
    - $\rightarrow\,$  Vulnerability exists and is detected



# **Summary of Results**

- Key takeaways:
  - Both simulation and emulation frameworks successful in detecting vulnerabilities
    - $\rightarrow\,$  Grey box cost functions
  - Emulation framework provides nearly 15x improvement in time required
    - $\rightarrow$  Emulation offers greater scalability
  - BPSO offers quick and reliable convergence to global minima
  - User configurable parameter α has minimal impact on framework performance.



Figure: Finding Global Optima of Cost Function

#### **Required time for Vuln. Detection**

| Targeted vulnerability | SV1          | SV2          |
|------------------------|--------------|--------------|
| Simulation             | 3050-3150(s) | 3050-3150(s) |
| FPGA emulation         | 180-190(s)   | 190-200 (s)  |





# Summary









#### Problem

Vast SoC threat surface. Traditional verification methods do not scale well for complex designs



#### Solution

Combination of Fuzz and Pen Testing offer promising alternatives with better scalability and generalizability.



#### Potential

Have already been successfully employed in detecting vuln. in opensource benchmarks