FuCE: Fuzzing+Concolic Execution guided Trojan Detection in Synthesizable Hardware Designs

TL;DR

This paper introduces FuCE, a novel framework combining fuzzing and concolic execution to detect stealthy hardware trojans in high-level synthesis designs efficiently and scalably.

Contribution

It presents a new automated detection method that overcomes scalability issues of prior techniques by integrating fuzzing with concolic execution for HLS trojan detection.

Findings

Detects stealthy trojans faster with fewer test cases

Achieves high branch coverage in detection process

Operates without manual pre-processing

Abstract

High-level synthesis (HLS) is the next emerging trend for designing complex customized architectures for applications such as Machine Learning, Video Processing. It provides a higher level of abstraction and freedom to hardware engineers to perform hardware software co-design. However, it opens up a new gateway to attackers to insert hardware trojans. Such trojans are semantically more meaningful and stealthy, compared to gate-level trojans and therefore are hard-to-detect using state-of-the-art gate-level trojan detection techniques. Although recent works have proposed detection mechanisms to uncover such stealthy trojans in high-level synthesis (HLS) designs, these techniques are either specially curated for existing trojan benchmarks or may run into scalability issues for large designs. In this work, we leverage the power of greybox fuzzing combined with concolic execution to explore deeper segments of design and uncover stealthy trojans. Experimental results show that our proposed framework is able to automatically detect trojans faster with fewer test cases, while attaining notable branch coverage, without any manual pre-processing analysis.