ThreatLens: LLM-guided Threat Modeling and Test Plan Generation for Hardware Security Verification

TL;DR

ThreatLens leverages large language models to automate hardware security threat modeling and test plan generation, reducing manual effort and improving coverage in complex designs.

Contribution

We introduce ThreatLens, a novel LLM-driven multi-agent framework that automates hardware security threat modeling and test plan creation, integrating retrieval-augmented generation and interactive feedback.

Findings

Automated threat modeling and test plan generation for NEORV32 SoC.

Enhanced security verification coverage and efficiency.

Validated effectiveness in real-world hardware scenarios.

Abstract

Current hardware security verification processes predominantly rely on manual threat modeling and test plan generation, which are labor-intensive, error-prone, and struggle to scale with increasing design complexity and evolving attack methodologies. To address these challenges, we propose ThreatLens, an LLM-driven multi-agent framework that automates security threat modeling and test plan generation for hardware security verification. ThreatLens integrates retrieval-augmented generation (RAG) to extract relevant security knowledge, LLM-powered reasoning for threat assessment, and interactive user feedback to ensure the generation of practical test plans. By automating these processes, the framework reduces the manual verification effort, enhances coverage, and ensures a structured, adaptable approach to security verification. We evaluated our framework on the NEORV32 SoC, demonstrating its capability to automate security verification through structured test plans and validating its effectiveness in real-world scenarios.