Due to the globalization of the integrated circuit (IC) supply chain, the reduction of manufacturing costs and the need for shorter time to market, commercial-off-the-shelf ICs are now prevalent in modern electronic systems. However, the wide usage of such components breeds major security and trust concerns. Validating the security and trustworthiness of these components is extremely challenging since the end user does not have access to the design details. Furthermore, the cost to patch hardware level design flaws and/or hardware Trojans always costs more than patching eventual software vulnerabilities.
This project develops an automated trustworthiness and security analysis framework to help end-users address their concerns by reconstructing the behavioral description of commercial-off-the-shelf ICs and analyzing such description for functionality identification and detection of design flaws and/or potentially inserted hardware Trojans and backdoors. This tool suite offers an all-in-one technology to allow engineers to quickly go from physical circuit structure/netlists to behavior/specification and validate the security and trustworthiness of any digital ICs, through data-path and state register identification, state transition graph construction and decomposition, data flow recovery, high-level behavioral design reconstruction, and whitelist- and blacklist-based functionality determination and hardware Trojan/backdoor detection. As a Transition to Practice (TTP) project, the research team is also closely collaborating with an industrial partner in developing, integrating, and validating the tool suite, so that a holistic and practice-oriented hardware security tool suite is provided for protecting the IC supply chain.