Abstract

This paper introduces the Natural Language Processing-based Security Property Generator (NSPG), a novel automated method designed to enhance hardware security assurance in complex System-on-Chips (SoCs). NSPG utilizes HS-BERT, the first language model specialized for hardware security, to extract critical security properties directly from hardware documentation, circumventing the need for tedious expert intervention. Evaluated using OpenTitan IP documentation, the system successfully extracted 326 security properties and aided in the identification of eight critical security bugs, proving its efficiency and robustness.

Report

Structured Report: Unlocking Hardware Security Assurance: The Potential of LLMs

Key Highlights

• Novel Automation: The paper proposes an automated Natural Language Processing (NLP)-based Security Property Generator (NSPG) to address challenges in hardware security validation.
• HS-BERT Introduction: The core technical innovation is HS-BERT, the first hardware security-specific language model developed to extract dedicated security properties from hardware documentation.
• Training Corpus: The model was trained using documentation derived from diverse SoC architectures, including RISC-V, OpenRISC, MIPS, OpenSPARC, and OpenTitan.
• High Extraction Rate: During evaluation on five untrained OpenTitan hardware IP documents, NSPG extracted 326 security properties from a total of 1723 sentences.
• Validated Impact: The extracted properties were crucial in identifying eight confirmed security bugs within the OpenTitan SoC design presented at the Hack@DAC 2022 hardware hacking competition.

Technical Details

• Method: The approach uses NLP to process natural language descriptions (hardware documentation) to automatically generate formalized security properties necessary for hardware security validation.
• Architecture: The proposed model, HS-BERT, is a specialized variant of the BERT architecture, fine-tuned specifically for the semantic context of hardware security requirements and properties found in technical specifications.
• Data Requirement: The efficiency of the validation process hinges on the quality and volume of hardware documentation used as input.
• Application Target: The technology is aimed at System-on-Chips (SoCs) which integrate multiple Intellectual Property (IP) cores, often introducing complex, inherent security vulnerabilities.

Implications

• Scaling Hardware Assurance: The introduction of NSPG and HS-BERT provides a scalable and robust solution to the hardware security challenge, moving beyond traditional, time-consuming expert intervention, which often limited validation to only a few IPs.
• Benefit to RISC-V/Open-Source Hardware: Given that the model was trained on RISC-V and OpenTitan (a major open-source hardware effort), this technology is highly relevant for ensuring the security integrity of complex, open-source SoC designs, fostering greater trust in collaborative hardware development.
• Improved Design Validation: By rapidly generating a comprehensive set of security properties, the method allows hardware designers and validators to perform much more thorough and efficient security checks early in the design phase, potentially reducing costly security patches or recalls post-production.
• Shifting Security Paradigm: This work marks a significant step in integrating advanced LLM capabilities directly into the hardware verification pipeline, suggesting that AI can become a foundational tool for complex, system-level security assurance.