Isadora: Automated Information Flow Property Generation for Hardware Designs

Abstract

Isadora is an automated methodology designed to generate information flow specifications for hardware designs, eliminating the need for manual security specifications or threat models. It operates by combining information flow tracking and specification mining to analyze a design and its testbench. The system was successfully evaluated on a RISC-V processor and SoC components, producing security properties that align well with industry-standard Common Weakness Enumerations (CWEs).

Report

Key Highlights

• Fully Automated Security Specification: Isadora automates the creation of information flow specifications for hardware designs, requiring only the design under test and a testbench.
• Eliminates Manual Input: Unlike traditional methods, Isadora does not require users to supply a threat model or manually written security specifications.
• Validated on Critical Hardware: The methodology was evaluated effectively on a complex system, including a full RISC-V processor and specialized System-on-Chip (SoC) access control designs.
• High Quality Output: The generated security properties were found to align both with established standards (Common Weakness Enumerations - CWEs) and properties manually written by security experts.

Technical Details

• Core Methodology: Isadora integrates two primary techniques: Information Flow Tracking (IFT), which monitors the movement of data through the hardware, and Specification Mining, which automatically infers rules and properties based on observed behavior.
• Input Requirements: The system requires minimal input: the hardware design (typically RTL code) and a simulation testbench to exercise the design's functionality.
• Output: The result is a set of formal information flow properties that define the intended and unintended paths of data within the design, supporting the security validation process.
• Target Testing: Successfully applied to a RISC-V processor core and specific designs related to SoC access control mechanisms.

Implications

• Enhancing RISC-V Security Validation: Given the highly customizable nature of the RISC-V architecture, automated tools like Isadora are critical for ensuring that custom components or extensions do not introduce subtle, exploitable information leaks or side channels.
• Democratization of Hardware Security: By automating the creation of security specifications, Isadora lowers the barrier to entry for robust security validation, allowing hardware developers without deep security expertise to assess the security posture of their designs.
• Improved Efficiency and Coverage: Replacing labor-intensive manual threat modeling with automated property generation significantly accelerates the security verification cycle and ensures broader coverage by finding subtle security properties that might be overlooked by human experts.
• Foundation for Formal Verification: The machine-generated, formal information flow properties provide objective input suitable for use in advanced formal verification tools, improving confidence in the security of the final silicon.