簡易檢索 / 詳目顯示
| 研究生: |
黃韋珀 Huang, Wei-Po |
|---|---|
| 論文名稱: |
使用交叉查核檢測 RISC-V 核心中的特洛伊木馬 Trojan Horse Detection for RISC-V Cores Using Cross-Auditing |
| 指導教授: |
黃錫瑜
Huang, Shi-Yu |
| 口試委員: |
王行健
Wang, Sying-Jyan 呂學坤 Lu, Shyue-Kung 李昆忠 Lee, Kuen-Jong |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 電機工程學系 Department of Electrical Engineering |
| 論文出版年: | 2024 |
| 畢業學年度: | 112 |
| 語文別: | 中文 |
| 論文頁數: | 36 |
| 中文關鍵詞: | 硬體安全 、交叉審計 、硬體木馬 |
| 外文關鍵詞: | cross-auditing, Hardware Trojan Horse, threat model, pre-silicon verification |
| 相關次數: | 點閱:36 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
應用在安全關鍵中,植入在 CPU 核心中的惡意木馬(Trojan Horse)可能對 SoC 的安全造成嚴重威脅。本研究提出一種使用交叉審計的「木馬檢測框架」。我們的框架將目標 RISC-V 核心與另一個參考 RISC-V 核心配對,使用一系列的基準程式(Benchmark Program)進行功能模擬。比較兩個核心的「關鍵輸出」(Care outputs)以揭示目標核心中潛在的木馬。一系列不同型態知名的惡意硬體木馬被植入到一個開源的 RISC-V 核心中,以評估該架構的有效性。我們發現,通過一系列benchmark program的測試只要惡意木馬被觸發,我們就能成功檢測到幾乎每個植入的惡意木馬。此外,我們引入了控制流交叉查核的應用,以幫助更早地檢測到木馬的啟動和控制流程的改變。該方法使我們能夠準確指出木馬啟動和修改控制流的確切時刻來實現早期診斷。我們的實驗證實,只要有控制流程發生變化,我們即可及早識別木馬的觸發時機。
In security-critical applications, malicious Trojan Horses embedded in a CPU core could impose great threats on the security of an SoC. In this work, we propose a “Trojan-Horse detection framework” using a cross-auditing scheme. Our framework takes a target RISC-V core, and then pairs it up with another reference RISC-V core to conduct the functional simulation using a set of benchmark programs. The “care outputs” of both cores are compared to reveal the potential Trojan Horses in the target core. A set of well-known Trojan Horses are implanted into an open-source RISC-V core to evaluate the effectiveness of this framework. We found that we can successfully detect almost every implanted Trojan Horse as long as it has been activated and manifested by the benchmark programs. In addition, we introduced the use of control flow cross-auditing to aid in the early detection of Trojan activation and control flow alteration. This method allows us to achieve early diagnosis by pinpointing the exact moment when a Trojan activates and modifies the control flow. Our experiments confirmed that we can indeed identify Trojan activation early if there is a change in the control flow.
[1] S. Bhunia, M. Hsiao, M. Banga, and S. Narasimhan, “Hardware Trojan Attacks: Threat Analysis and Countermeasures,” Proceedings of the IEEE, vol. 102, no. 8, pp. 1229-1247, 2014.
[2] M. Tehranipoor and F. Koushanfar, “A Survey of Hardware Trojan Taxonomy and Detection,” IEEE Design and Test of Computers, vol. 27, no. 1, pp. 10-25, 2010.
[3] J. Rajesh et al., “Hardware trojan attacks in soc and noc,” in The Hardware Trojan War. Springer, 2018, pp. 55–74.
[4] Xiaolong Guo, R. G. Dutta, Yier Jin, F. Farahmandi, and P. Mishra, "Pre-silicon security verification and validation: A formal perspective," 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 1-6, 2015.
[5] H. Salmani, M. Tehranipoor, and R. Karri, "On Design vulnerability analysis and trust benchmark development", Proc. of IEEE Int’l Conf. on Computer Design (ICCD), pp. 471-474, 2013.
[6] B. Shakya, T. He, H. Salmani, D. Forte, S. Bhunia, and M. Tehranipoor, “Benchmarking of Hardware Trojans and Maliciously Affected Circuits”, Journal of Hardware and Systems Security (HaSS), pp. 85-102, April 2017.
[7] S. Bhunia, M. S. Hsiao, M. Banga and S. Narasimhan, "Hardware Trojan Attacks: Threat Analysis and Countermeasures," in Proceedings of the IEEE, vol. 102, no. 8, pp. 1229-1247, Aug. 2014.
[8] M. R. Fadiheh, D. Stoffel, C. Barrett, S. Mitra, and W. Kunz, “Processor Hardware Security Vulnerabilities and their Detection by Unique Program Execution Checking”, Proc. of IEEE Design Automation and Test in Europe, pp. 994-999, 2019.
[9] Z. Liu, O. Arias, W. Fu, Y. Jin, and X. Guo, “Inter-IP Malicious Modification Detection through Static Information Flow Tracking”, Proc. of IEEE Design Automation and Test in Europe, pp. 600-603, 2022.
[10] J. Rajendran, V. Vedula, and R. Karri, “Detecting Malicious Modifications of Data in Third-Party Intellectual Property Cores”, Proc. of IEEE Design Automation Conf., pp. 1-6, 2015.
[11] IEEE Standard for SystemVerilog–Unified Hardware Design, Specification, and Verification Language, IEEE 1800-2012 Std., 2013.
[12] M. Orenes-Vera, A. Manocha, D. Wentzlaff and M. Martonosi, "AutoSVA: Democratizing Formal Verification of RTL Module Interactions," 2021 58th ACM/IEEE Design Automation Conference (DAC), pp. 535-540, 2021.
[13] P. Bhamidipati, S. M. Achyutha, and R. Vemuri, "Security Analysis of a System-on-Chip Using Assertion-Based Verification," Proc. of IEEE Int’l Midwest Symposium on Circuits and Systems (MWSCAS), pp. 826-831, 2021.
[14] A. Palumbo, L. Cassano, P. Reviriego, G. Bianchi, and M. Ottavi, “A Lightweight Security Checking Module to Protect Microprocessors against Hardware Trojan Horses”, Proc. of IEEE Symp. on Defect and Fault Tolerance in VLSI and Nanotechnology Systems, pp. 1-6, 2021.
[15] H. Chi, K. Lee, and T. Jao, “Lightweight Hardware-Based Memory Protection Mechanism on IoT Processors”, Proc. of IEEE Asian Test Symp., pp. 13-18, 2021.
[16] M. Tehranipoor, R. Karri, F. Koushanfar, and M. Potkonjak, “Trusthub,” http:// trust-hub.org.
[17] M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg, “Meltdown,” arXiv preprint arXiv:1801.01207, 2018.
[18] P. Kocher, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom, “Spectre attacks: Exploiting speculative execution,” arXiv preprint arXiv:1801.01203, 2018.
[19] SCR1 RISC-V Core – https://github.com/syntacore/scr1.
[20] “EDA cloud Cell-based Flow” Taiwan Semiconductor Research Institute, TSRI.