Advertisement

Automated Test Generation for Detection of Malicious Functionality

  • Farimah Farahmandi
  • Yuanwen Huang
  • Prabhat Mishra
Chapter

Abstract

Test generation has been widely used during pre-silicon as well as post-silicon validation to detect design bugs. By applying specific test vectors, we can compare the design outputs with the golden (expected) outputs to detect a violation. Hardware Trojans can be viewed as covert bugs that are maliciously implanted into a design such that they can be activated only under very rare conditions. Due to their stealthy nature, it is challenging to generate effective tests to detect hardware Trojans. In this chapter, we describe different test generation approaches for detection of hardware Trojans. We first introduce random test generation and formal methods based test generation, followed by two hybrid approaches: test generation using ATPG and model checking, test generation using concrete simulation and symbolic execution.

References

  1. 1.
    A. Ahmed, P. Mishra, QUEBS: qualifying event based search in concolic testing for validation of RTL models, in IEEE International Conference on Computer Design (ICCD), pp. 185–192 (2017)Google Scholar
  2. 2.
    F.F. Alif Ahmed, P. Mishra, Directed test generation using concolic testing of rtl models, in Design Automation and Test in Europe (DATE) (IEEE, Piscataway, 2018), pp. 1538–1543Google Scholar
  3. 3.
    A. Biere, A. Cimatti, E.M. Clarke, O. Strichman, Y. Zhu, Bounded model checking. Adv. Comput. 58, 117–148 (2003)CrossRefGoogle Scholar
  4. 4.
    R. Chakraborty, F. Wolff, S. Paul, C. Papachristou, S. Bhunia, MERO: a statistical approach for hardware trojan detection, in International Workshop on Cryptographic Hardware and Embedded Systems (IEEE, Piscataway, 2009), pp. 396–410Google Scholar
  5. 5.
    M. Chen, P. Mishra, Functional test generation using efficient property clustering and learning techniques. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. (TCAD) 29(3), 396–404 (2010)CrossRefGoogle Scholar
  6. 6.
    M. Chen, P. Mishra, Decision ordering based property decomposition for functional test generation, in Design Automation and Test in Europe (DATE) (IEEE, Piscataway, 2011), pp 167–172Google Scholar
  7. 7.
    M. Chen, P. Mishra, Property learning techniques for efficient generation of directed tests. IEEE Trans. Comput. (TC) 60(6), 852–864 (2011)MathSciNetzbMATHGoogle Scholar
  8. 8.
    M. Chen, P. Mishra, D. Kalita, Automatic RTL test generation from SystemC TLM specifications. ACM Trans. Embed. Comput. Syst. (TECS) 11(2), article 38 (2012)CrossRefGoogle Scholar
  9. 9.
    M. Chen, X. Qin, P. Mishra, Learning-oriented property decomposition for automated generation of directed tests. Springer J. Electron. Test. (JETTA) 30(3), 287–306 (2014)CrossRefGoogle Scholar
  10. 10.
    A. Cimatti, E. Clarke, F. Giunchiglia, M. Roveri, NUSMV: a new symbolic model checker. Int. J. Softw. Tools Technol. Transfer 2(4), 410–425 (2000)CrossRefGoogle Scholar
  11. 11.
    J. Cruz, Y. Huang, P. Mishra, S. Bhunia, An automated configurable Trojan insertion framework for dynamic trust benchmarks, in Design Automation and Test in Europe (DATE) (IEEE, Piscataway, 2018)Google Scholar
  12. 12.
    J. Cruz, P. Mishra, S. Bhunia, The metric matters: how to measure trust, in Design Automation Conference (DAC), Las Vegas, 2–6 June 2019 (2019)CrossRefGoogle Scholar
  13. 13.
    N. Dang, A. Roychoudhury, T. Mitra, P. Mishra, Generating test programs to cover pipeline interactions, in ACM/IEEE Design Automation Conference (DAC) (2009), pp. 142–147Google Scholar
  14. 14.
    F. Farahmandi, P. Mishra, Automated test generation for debugging arithmetic circuits, in Design Automation and Test in Europe (DATE) (IEEE, Piscataway, 2016), pp. 1351–1356Google Scholar
  15. 15.
    F. Farahmandi, P. Mishra, Automated test generation for debugging multiple bugs in arithmetic circuits. IEEE Trans. Comput. (TC) 68(2), 182–197 (2019)MathSciNetCrossRefGoogle Scholar
  16. 16.
    N. Fern, S. Kulkarni, K.-T.T. Cheng, Hardware trojans hidden in RTL don’t cares—Automated insertion and prevention methodologies, in Test Conference (ITC), 2015 IEEE International (IEEE, Piscataway, 2015), pp. 1–8Google Scholar
  17. 17.
    N. Fern, I. San, C.K. Koç, K.-T.T. Cheng, Hardware trojans in incompletely specified on-chip bus systems, in Proceedings of the 2016 Conference on Design, Automation and Test in Europe (EDA Consortium, San Jose, 2016), pp. 527–530Google Scholar
  18. 18.
    N. Fern, I. San, K.-T.T. Cheng, Detecting hardware trojans in unspecified functionality through solving satisfiability problems, in Design Automation Conference (ASP-DAC), 2017 22nd Asia and South Pacific (IEEE, Piscataway, 2017), pp. 598–504Google Scholar
  19. 19.
    X. Guo, R.G. Dutta, Y. Jin, F. Farahmandi, P. Mishra, Pre-silicon security verification and validation: a formal perspective, in ACM/IEEE Design Automation Conference (DAC) (IEEE, Piscataway, 2015)CrossRefGoogle Scholar
  20. 20.
    Y. Huang, S. Bhunia, P. Mishra, MERS: statistical test generation for side-channel analysis based trojan detection, in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Series CCS New York, NY, USA (ACM, New York, 2016), pp. 130–141. [Online]. Available: http://doi.acm.org/10.1145/2976749.2978396
  21. 21.
    Y. Huang, S. Bhunia, P. Mishra, Scalable test generation for Trojan detection using side channel analysis, in IEEE Trans. Inf. Forensics Secur. 13(11), 2746–2760 (2018)CrossRefGoogle Scholar
  22. 22.
    A.A. Jonathan Cruz, F. Farahmandi, P. Mishra, Hardware trojan detection using atpg and model checking, in International Conference on VLSI Design (IEEE, Piscataway, 2018), pp. 91–96Google Scholar
  23. 23.
    H.-M. Koo, P. Mishra, Functional test generation using property decompositions for validation of pipelined processors, in Design Automation and Test in Europe (DATE) (IEEE, Piscataway, 2006), pp. 1240–1245Google Scholar
  24. 24.
    H.-M. Koo, P. Mishra, Functional test generation using design and property decomposition techniques. ACM Trans. Embed. Comput. Syst. (TECS) 8(4), article 32 (2009)CrossRefGoogle Scholar
  25. 25.
    Y. Lyu, X. Qin, M. Chen, P. Mishra, Directed test generation for validation of cache coherence protocols, in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD) (IEEE, Piscataway, 2018)Google Scholar
  26. 26.
    Y. Lyu, A. Ahmed, P. Mishra, Automated activation of multiple targets in RTL models using concolic testing, in Design Automation and Test in Europe (DATE) (IEEE, Piscataway, 2019)Google Scholar
  27. 27.
    P. Mishra, M. Chen, Efficient techniques for directed test generation using incremental satisfiability, in International Conference on VLSI Design (2009), pp. 65–70Google Scholar
  28. 28.
    P. Mishra, N. Dutt, Graph-based functional test program generation for pipelined processors, in Design Automation and Test in Europe (DATE) (IEEE, Piscataway, 2004), pp. 182–187Google Scholar
  29. 29.
    P. Mishra, N. Dutt, Functional coverage driven test generation for validation of pipelined processors, in Design Automation and Test in Europe (DATE) (IEEE, Piscataway, 2005), pp. 678–683Google Scholar
  30. 30.
    P. Mishra, N. Dutt, Specification-driven directed test generation for validation of pipelined processors. ACM Trans. Des. Autom. Electron. Syst. (TODAES) 13(2), 36, article 42 (2008)CrossRefGoogle Scholar
  31. 31.
    X. Qin, P. Mishra, Automated generation of directed tests for transition coverage in cache coherence protocols, in Design Automation and Test in Europe (DATE) (IEEE, Piscataway, 2012)Google Scholar
  32. 32.
    X. Qin, P. Mishra, Directed test generation for validation of multicore architectures. ACM Trans. Des. Autom. Electron. Syst. (TODAES) 17(3), article 24, 21 (2012)CrossRefGoogle Scholar
  33. 33.
    X. Qin, P. Mishra, Scalable test generation by interleaving concrete and symbolic execution, in International Conference on VLSI Design (IEEE, Piscataway, 2014), pp. 104–109Google Scholar
  34. 34.
    X. Qin, M. Chen, P. Mishra, Synchronized generation of directed tests using satisfiability solving, in International Conference on VLSI Design (2010), pp. 351–356Google Scholar
  35. 35.
    J. Rajendran, V. Vedula, R. Karri, Detecting malicious modifications of data in third-party intellectual property cores, in ACM/IEEE Design Automation Conference (DAC) (IEEE, Piscataway, 2015), pp. 112–118Google Scholar
  36. 36.
    S. Saha, R. Chakraborty, S. Nuthakki, Anshul, D. Mukhopadhyay, Improved test pattern generation for hardware trojan detection using genetic algorithm and boolean satisfiability, in Cryptographic Hardware and Embedded Systems (CHES) (Springer, Berlin, 2015), pp. 577–596Google Scholar
  37. 37.
    S. Vasudevan, E.A. Emerson, J.A. Abraham, Efficient model checking of hardware using conditioned slicing. Electron. Notes Theor. Comput. Sci. 128(6), 279–294 (2005)CrossRefGoogle Scholar
  38. 38.
    A. Waksman, M. Suozzo, S. Sethumadhavan, FANCI: Identification of stealthy malicious logic using boolean functional analysis, in ACM SIGSAC Conference on Computer and Communications Security (IEEE, Piscataway, 2013), pp. 697–708Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Farimah Farahmandi
    • 1
  • Yuanwen Huang
    • 2
  • Prabhat Mishra
    • 1
  1. 1.University of FloridaGainesvilleUSA
  2. 2.GoogleMountain ViewUSA

Personalised recommendations