Security Assessment of High-Level Synthesis

“…Our results demonstrate faster coverage of rare targets and more effective detection of trojans hidden in rare locations across a variety of benchmark designs compared to earlier methods. The complete GreyConE+ framework has the potential to significantly enhance the automated detection of security vulnerabilities in HLS designs [48]. The efficiency of GreyConE+ in terms of time, number of test cases, and memory requirements is highly desirable for use in cloud environments, where time, energy, and storage are valuable resources.…”

“…Existing research has predominantly focused on testing Hardware HWIPs at RTL or gate-level designs, leaving a significant gap in exploring testing methodologies at higher levels of abstraction, particularly in the context of HLS tailored for FPGA-cloud environments [48]. However, vulnerabilities at these higher abstraction levels tend to be more intricate and stealthy, especially when HLS IPs contain malicious functionalities like hidden trojan logic, which can pose substantial risks to cloud environments by leaking sensitive information and tampering with cloud computation and data.…”

“…Therefore, verifying the security aspects of HLS IPs is crucial for CSPs to ensure accurate functionality. [8] Gate level ATPG binning + SAT formulation ISCAS85, ISCAS89, ITC99 ✗ Huang et al [28] Gate level Guided ATPG ISCAS85, ISCAS89 ✗ Liu et al [45] Gate level Genetic algorithm + SMT formulation TrustHub [55] ✗ Ahmed et al [5] Register transfer level Concolic testing TrustHub [55] ✓ Ahmed et al [4] Register Transfer Level Greedy concolic testing TrustHub [55] ✓ Lyu et al [44] Register Transfer Level Parallelism + concolic testing TrustHub [55] ✓ Veerana et al [58] HLS/SystemC Property checking S3C [59] ✓ Le et al [36] HLS/SystemC Guided greybox fuzzing S3C [59] ✗ Bin et al [38] HLS/SystemC Selective concolic testing S3C [59] ✗ Vafaei et al [57] C-level(from RTL) Symbolic Execution TrustHub [55] ✓ GreyConE [19] HLS/SystemC,C/C++ Greybox Fuzzing(GF) + Concolic Execution(CE) S3C [59],S2C [51] ✗ GreyConE+(Ours) HLS/SystemC,C/C++ Selective Instrumentation with GF + CE S3C [59], S2C [51],SC [40],Rosetta [66] ✓ functionalities like Trojans in IP designs introduces potential threats, including the risk of IP malfunctions, leakage of sensitive information, and potential damage to underlying hardware [48,58]. Vulnerabilities within third party HLS IPs might arise during the design phase, presenting similarities to security challenges encountered in untrusted electronics supply chains and the insertion of Trojans in pre-silicon hardware.…”

GreyConE: Greybox Fuzzing + Concolic Execution Guided Test Generation for High Level Designs

“…Our results demonstrate faster coverage of rare targets and more effective detection of trojans hidden in rare locations across a variety of benchmark designs compared to earlier methods. The complete GreyConE+ framework has the potential to significantly enhance the automated detection of security vulnerabilities in HLS designs [48]. The efficiency of GreyConE+ in terms of time, number of test cases, and memory requirements is highly desirable for use in cloud environments, where time, energy, and storage are valuable resources.…”

“…Existing research has predominantly focused on testing Hardware HWIPs at RTL or gate-level designs, leaving a significant gap in exploring testing methodologies at higher levels of abstraction, particularly in the context of HLS tailored for FPGA-cloud environments [48]. However, vulnerabilities at these higher abstraction levels tend to be more intricate and stealthy, especially when HLS IPs contain malicious functionalities like hidden trojan logic, which can pose substantial risks to cloud environments by leaking sensitive information and tampering with cloud computation and data.…”

“…Therefore, verifying the security aspects of HLS IPs is crucial for CSPs to ensure accurate functionality. [8] Gate level ATPG binning + SAT formulation ISCAS85, ISCAS89, ITC99 ✗ Huang et al [28] Gate level Guided ATPG ISCAS85, ISCAS89 ✗ Liu et al [45] Gate level Genetic algorithm + SMT formulation TrustHub [55] ✗ Ahmed et al [5] Register transfer level Concolic testing TrustHub [55] ✓ Ahmed et al [4] Register Transfer Level Greedy concolic testing TrustHub [55] ✓ Lyu et al [44] Register Transfer Level Parallelism + concolic testing TrustHub [55] ✓ Veerana et al [58] HLS/SystemC Property checking S3C [59] ✓ Le et al [36] HLS/SystemC Guided greybox fuzzing S3C [59] ✗ Bin et al [38] HLS/SystemC Selective concolic testing S3C [59] ✗ Vafaei et al [57] C-level(from RTL) Symbolic Execution TrustHub [55] ✓ GreyConE [19] HLS/SystemC,C/C++ Greybox Fuzzing(GF) + Concolic Execution(CE) S3C [59],S2C [51] ✗ GreyConE+(Ours) HLS/SystemC,C/C++ Selective Instrumentation with GF + CE S3C [59], S2C [51],SC [40],Rosetta [66] ✓ functionalities like Trojans in IP designs introduces potential threats, including the risk of IP malfunctions, leakage of sensitive information, and potential damage to underlying hardware [48,58]. Vulnerabilities within third party HLS IPs might arise during the design phase, presenting similarities to security challenges encountered in untrusted electronics supply chains and the insertion of Trojans in pre-silicon hardware.…”

GreyConE: Greybox Fuzzing + Concolic Execution Guided Test Generation for High Level Designs

Iterative Mitigation of Insecure Resource Sharing Produced by High-level Synthesis

Secure by construction