LAsset: An LLM-assisted Security Asset Identification Framework for System-on-Chip (SoC) Verification

TL;DR

LAsset is an automated framework utilizing large language models to identify security assets in SoC designs, significantly reducing manual effort and improving accuracy in security verification processes.

Contribution

The paper introduces LAsset, a novel LLM-based framework that automates security asset identification from hardware specifications and RTL descriptions.

Findings

Achieves up to 90% recall in SoC security asset identification.

Reaches 93% recall in IP design asset classification.

Reduces manual effort in security verification workflows.

Abstract

The growing complexity of modern system-on-chip (SoC) and IP designs is making security assurance difficult day by day. One of the fundamental steps in the pre-silicon security verification of a hardware design is the identification of security assets, as it substantially influences downstream security verification tasks, such as threat modeling, security property generation, and vulnerability detection. Traditionally, assets are determined manually by security experts, requiring significant time and expertise. To address this challenge, we present LAsset, a novel automated framework that leverages large language models (LLMs) to identify security assets from both hardware design specifications and register-transfer level (RTL) descriptions. The framework performs structural and semantic analysis to identify intra-module primary and secondary assets and derives inter-module relationships to systematically characterize security dependencies at the design level. Experimental results show that the proposed framework achieves high classification accuracy, reaching up to 90% recall rate in SoC design, and 93% recall rate in IP designs. This automation in asset identification significantly reduces manual overhead and supports a scalable path forward for secure hardware development.