QFlow: Quantitative Information Flow for Security-Aware Hardware Design in Verilog

TL;DR

QFlow introduces a quantitative information flow analysis tool for hardware design in Verilog, enabling detection of data leaks with higher accuracy and usability, thus improving security in hardware development.

Contribution

The paper presents a reformulated approximation method for information flow quantification and a new tool, QFlow, that outperforms previous tools in detecting hardware data leaks.

Findings

QFlow has a higher detection rate than previous tools.

It is user-friendly for non-experts in hardware security.

The approach effectively identifies data leakages in hardware designs.

Abstract

The enormous amount of code required to design modern hardware implementations often leads to critical vulnerabilities being overlooked. Especially vulnerabilities that compromise the confidentiality of sensitive data, such as cryptographic keys, have a major impact on the trustworthiness of an entire system. Information flow analysis can elaborate whether information from sensitive signals flows towards outputs or untrusted components of the system. But most of these analytical strategies rely on the non-interference property, stating that the untrusted targets must not be influenced by the source's data, which is shown to be too inflexible for many applications. To address this issue, there are approaches to quantify the information flow between components such that insignificant leakage can be neglected. Due to the high computational complexity of this quantification, approximations are needed, which introduce mispredictions. To tackle those limitations, we reformulate the approximations. Further, we propose a tool QFlow with a higher detection rate than previous tools. It can be used by non-experienced users to identify data leakages in hardware designs, thus facilitating a security-aware design process.