Institute for Communication Technologies and Embedded Systems

QFlow: Quantitative Information Flow for Security-Aware Hardware Design in Verilog

Reimann, L. M. ,  Hanel, L. ,  Šišejković, D.Merchant, F.Leupers, R.
Book Title:
Proceedings of the International Conference on Computer Design (ICCD)
p.p. 603-607
Oct. 2021
The enormous amount of code required to design modern hardware implementations often leads to critical vulnerabilities being overlooked. Especially vulnerabilities that compromise the confidentiality of sensitive data, such as cryptographic keys, can have a major impact on the trustworthiness of an entire system. A promising methodology to prevent such vulnerabilities is information flow analysis. Using this method one can elaborate whether information from sensitive signals flows towards outputs or untrusted components of the system. Most of these analytical strategies rely on the non-interference property, stating that the untrusted targets must not be influenced by the source’s data, which is shown to be too inflexible for many applications. To address this issue, there are approaches to quantify the information flow between components such that insignificant leakage can be neglected. Due to the high computational complexity of this quantification, approximations are needed, which introduce mispredictions of vulnerabilities. To tackle those limitations, we reformulate the approximations. Hence, it is possible to detect a broader spectrum of vulnerabilities compared to state-of-the-art tools. These vulnerabilities are caused by design flaws and malicious modifications and are endangering the confidentiality of sensitive data. Further, we propose a tool QFlow with a higher detection rate than previous tools. It can be used even by non-experienced users to identify data leakages in hardware designs, thus facilitating a security-aware design process.