Automated Hardware Trojan Insertion in Industrial-Scale Designs

TL;DR

This paper introduces an automated, scalable method to insert hardware Trojan-like patterns into large industrial-scale SoC netlists, enabling realistic testing of detection tools without ethical concerns or design alterations.

Contribution

It presents a novel pipeline for generating stealthy, trigger-payload Trojan patterns in large netlists, bridging the gap between small benchmarks and real-world industrial designs.

Findings

State-of-the-art graph-learning models fail to detect the inserted Trojans.

The framework provides reproducible challenge instances for security research.

It enables stress-testing of Trojan detection tools on realistic, large-scale designs.

Abstract

Industrial Systems-on-Chips (SoCs) often comprise hundreds of thousands to millions of nets and millions to tens of millions of connectivity edges, making empirical evaluation of hardware-Trojan (HT) detectors on realistic designs both necessary and difficult. Public benchmarks remain significantly smaller and hand-crafted, while releasing truly malicious RTL raises ethical and operational risks. This work presents an automated and scalable methodology for generating HT-like patterns in industry-scale netlists whose purpose is to stress-test detection tools without altering user-visible functionality. The pipeline (i) parses large gate-level designs into connectivity graphs, (ii) explores rare regions using SCOAP testability metrics, and (iii) applies parameterized, function-preserving graph transformations to synthesize trigger-payload pairs that mimic the statistical footprint of stealthy HTs. When evaluated on the benchmarks generated in this work, representative state-of-the-art graph-learning models fail to detect Trojans. The framework closes the evaluation gap between academic circuits and modern SoCs by providing reproducible challenge instances that advance security research without sharing step-by-step attack instructions.