EISec: Exhaustive Information Flow Security of Hardware Intellectual Property Utilizing Symbolic Execution

Hardware IPs are assumed to be roots-of-trust in complex SoCs. However, their design and security verification are still heavily dependent on manual expertise. Extensive research in this domain has shown that even cryptographic modules may lack information flow security, making them susceptible to remote attacks. Further, when an SoC is in the hands of the attacker, physical attacks such as fault injection are possible. This paper introduces EISec, a novel tool utilizing symbolic execution for exhaustive analysis of hardware IPs. EISec operates at the pre-silicon stage on the gate level netlist of a design. It detects information flow security violations and generates the exhaustive set of control sequences that reproduces them. We further expand its capabilities to quantify the confusion and diffusion present in cryptographic modules and to analyze an FSM's susceptibility to fault injection attacks. The proposed methodology efficiently explores the complete input space of designs utilizing symbolic execution. In short, EISec is a holistic security analysis tool to help hardware designers capture security violations early on and mitigate them by reporting their triggers.