Translating Common Security Assertions Across Processor Designs: A RISC-V Case Study

Abstract

This work introduces a novel methodology for translating pre-defined security assertions across disparate processor architectures, addressing the high cost and complexity of manual verification, especially within the growing RISC-V ecosystem. The automated approach successfully applied assertion translation to five critical security modules, achieving a nearly 100% success rate. Furthermore, the translated assertions were rigorously validated against real-world security breaches, specifically hardware Trojans defined by large language models (LLMs).

Report

Key Highlights

• Core Innovation: Introduction of a robust methodology for translating existing security assertions across different processor designs, overcoming the limitations of manual assertion creation.
• Case Study Focus: The methodology was specifically validated using the highly adaptable RISC-V architecture.
• Success Rate: Achieved nearly 100% success in assertion translation across five identified critical security modules.
• Validation Method: The effectiveness of the translated assertions was rigorously tested against realistic security breaches, simulated by hardware Trojans.
• Advanced Tooling: Hardware Trojans used for validation were defined using Large Language Models (LLMs), indicating a focus on contemporary threat modeling.

Technical Details

• Verification Strategy: The approach relies on assertion-based security verification (ABSV) to ensure security features are met during the design phase.
• Comparison: The primary motivation is reducing the significant time, cost, and human expertise required by state-of-the-art manual assertion definition methods.
• Scope of Application: The methodology was applied specifically to five critical security modules within the processor designs used for the RISC-V case study.
• Threat Model: Security validation focused on detecting covert threats, specifically hardware Trojans.
• Architecture Focus: The entire methodology is centered on enhancing security verification within the expanding RISC-V landscape, highlighting its cross-architectural adaptability.

Implications

• Accelerated Development for RISC-V: By automating the transfer of security knowledge (assertions), the work significantly lowers the barrier to entry for securing new and custom RISC-V designs, accelerating processor innovation and adoption.
• Cost Efficiency in IP Reuse: The methodology enables effective reuse of verified security IP across different architectural variants and processor generations, leading to substantial savings in verification time and resources.
• Increased Design Trustworthiness: Providing a robust, validated, and efficient method for checking security assertions enhances the overall trustworthiness and reliability of complex processor designs intended for sensitive applications.
• Future-Proofing Security Verification: The validation against LLM-defined hardware Trojans demonstrates a scalable and modern approach to testing security mechanisms against potentially sophisticated, automatically generated vulnerabilities.