Toward Automated Potential Primary Asset Identification in Verilog Designs

TL;DR

This paper introduces an automated method to identify potential security assets in Verilog hardware designs, aiding security analysis and reducing manual effort by analyzing patterns in open-source IPs.

Contribution

It presents a novel automated approach inspired by manual methods to identify primary security assets in Verilog designs, based on pattern analysis in open-source IPs.

Findings

Identified common patterns indicating security assets in hardware designs

Reduced manual effort in security asset identification

Validated approach on multiple open-source IP families

Abstract

With greater design complexity, the challenge to anticipate and mitigate security issues provides more responsibility for the designer. As hardware provides the foundation of a secure system, we need tools and techniques that support engineers to improve trust and help them address security concerns. Knowing the security assets in a design is fundamental to downstream security analyses, such as threat modeling, weakness identification, and verification. This paper proposes an automated approach for the initial identification of potential security assets in a Verilog design. Taking inspiration from manual asset identification methodologies, we analyze open-source hardware designs in three IP families and identify patterns and commonalities likely to indicate structural assets. Through iterative refinement, we provide a potential set of primary security assets and thus help to reduce the manual search space.