VeriCWEty: Embedding enabled Line-Level CWE Detection in Verilog

TL;DR

This paper introduces VeriCWEty, an embedding-based framework for precise line-level CWE detection in Verilog code, addressing limitations of existing rule-based and structural methods.

Contribution

It presents a novel embedding approach that detects and classifies CWEs at module and line levels with high precision and accuracy.

Findings

Achieves 89% precision in identifying CWEs like CWE-1244 and CWE-1245.

Attains 96% accuracy in line-level bug detection.

Bridges the gap between semantic vulnerability detection and localization.

Abstract

Large Language Models (LLMs) have shown significant improvement in RTL code generation. Despite the advances, the generated code is often riddled with common vulnerabilities and weaknesses (CWEs) that can slip by untrained eyes. Attackers can often exploit these weaknesses to fulfill their nefarious motives. Existing RTL bug-detection techniques rely on rule-based checks, formal properties, or coarse-grained structural analysis, which either fail to capture semantic vulnerabilities or lack precise localization. In our work, we bridge this gap by proposing an embedding-based bug-detection framework that detects and classifies bugs at both module and line-level granularity. Our method achieves about 89% precision in identifying common CWEs such as CWE-1244 and CWE-1245, and 96% accuracy in detecting line-level bugs.