The development of globalized semiconductor manufacturing processes and supply chains has lead to an increased interest in hardware security as new types of hardware based attacks, called hardware Trojans, are being observed in industrial and military electronics. To combat this, a technique was developed to help analyze hardware designs at the register-transfer-level (RTL) and locate points of interest within a design that might be vulnerable to attack. This method aims to eventually enable the creation of an end-to-end design hardening solution that analyzes existing designs and suggests countermeasures for potential Trojan attacks. The method presented in this work uses a set of base heuristics to evaluate the signals and logic within an RTL design. These signals and their assignments are ranked according to different heuristic selection criteria to determine if they belong to one of three types for potential behavior modification Trojans. The first type aims to identify locations for highly destructive Trojans that could completely inhibit device function. The second corresponds to locations where an intermittent issue could be created, such as errors in calculation edge cases. The final type considers critical signals used to connect submodules within a design, potentially limiting communication or injecting false data into calculations if attacked. Once ranked, the top-most location for each of these three groups is reported in a ranked list. From this list, markers can be automatically placed in copies of the original design files to indicate where a potential Trojan attack could occur. This approach was validated by using it to analyze two hardware designs. The results were investigated manually, where high-level understanding of the designs was used to evaluate the potential implications of each location selected. This validation demonstrated that this automatic process can not only identify signals and locations similar to what a domain-expert might select for Trojan insertion manually but can also locate novel sites for potential Trojans that may not be apparent by an initial human evaluation.
Electrical and Computer Engineering
Jennifer L. Dworak
Eric C. Larson
Number of Pages
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License
Ellington, Wesley Layton, "Heuristic-Based Threat Analysis of Register-Transfer-Level Hardware Designs" (2020). Electrical Engineering Theses and Dissertations. 35.