On Modeling and Detecting Trojans in Instruction Sets
(2024) In IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems p.1-1- Abstract
- Amid growing concerns about hardware security, comprehensive security testing has become essential for chip certification. This paper proposes a deep-testing method for identifying Trojans of particular concern to middle-to-high-end users, with a focus on illegal instructions. A hidden instruction Trojan can employ a low-probability sequence of normal instructions as a boot sequence, which is followed by an illegal instruction that triggers the Trojan. This enables the Trojan to remain deeply hidden within the processor. It then exploits an intrusion mechanism to acquire Linux control authority by setting a hidden interrupt as its payload. We have developed an unbounded model checking (UMC) technique to uncover such Trojans. The proposed... (More)
- Amid growing concerns about hardware security, comprehensive security testing has become essential for chip certification. This paper proposes a deep-testing method for identifying Trojans of particular concern to middle-to-high-end users, with a focus on illegal instructions. A hidden instruction Trojan can employ a low-probability sequence of normal instructions as a boot sequence, which is followed by an illegal instruction that triggers the Trojan. This enables the Trojan to remain deeply hidden within the processor. It then exploits an intrusion mechanism to acquire Linux control authority by setting a hidden interrupt as its payload. We have developed an unbounded model checking (UMC) technique to uncover such Trojans. The proposed UMC technique has been optimized with slicing based on the input cone, head-point replacement, and backward implication. Our experimental results demonstrate that the presented instruction Trojans can survive detection by existing methods, thus allowing normal users to steal root user privileges and compromising the security of processors. Moreover, our proposed deep-testing method is empirically shown to be a powerful and effective approach for detecting these instruction Trojans. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/e56bb614-defa-4b61-900c-84be117e257a
- author
- Zhang, Ying ; He, Aodi ; Li, Jiaying ; Rezine, Ahmed ; Peng, Zebo ; Larsson, Erik LU ; Yang, Tao ; Jiang, Jianhui and Li, Huawei
- organization
- publishing date
- 2024-04-16
- type
- Contribution to journal
- publication status
- epub
- subject
- in
- IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
- pages
- 1 - 1
- publisher
- IEEE - Institute of Electrical and Electronics Engineers Inc.
- external identifiers
-
- scopus:85190743209
- ISSN
- 0278-0070
- DOI
- 10.1109/TCAD.2024.3389558
- language
- English
- LU publication?
- yes
- id
- e56bb614-defa-4b61-900c-84be117e257a
- date added to LUP
- 2024-06-11 10:51:20
- date last changed
- 2024-06-12 04:01:39
@article{e56bb614-defa-4b61-900c-84be117e257a, abstract = {{Amid growing concerns about hardware security, comprehensive security testing has become essential for chip certification. This paper proposes a deep-testing method for identifying Trojans of particular concern to middle-to-high-end users, with a focus on illegal instructions. A hidden instruction Trojan can employ a low-probability sequence of normal instructions as a boot sequence, which is followed by an illegal instruction that triggers the Trojan. This enables the Trojan to remain deeply hidden within the processor. It then exploits an intrusion mechanism to acquire Linux control authority by setting a hidden interrupt as its payload. We have developed an unbounded model checking (UMC) technique to uncover such Trojans. The proposed UMC technique has been optimized with slicing based on the input cone, head-point replacement, and backward implication. Our experimental results demonstrate that the presented instruction Trojans can survive detection by existing methods, thus allowing normal users to steal root user privileges and compromising the security of processors. Moreover, our proposed deep-testing method is empirically shown to be a powerful and effective approach for detecting these instruction Trojans.}}, author = {{Zhang, Ying and He, Aodi and Li, Jiaying and Rezine, Ahmed and Peng, Zebo and Larsson, Erik and Yang, Tao and Jiang, Jianhui and Li, Huawei}}, issn = {{0278-0070}}, language = {{eng}}, month = {{04}}, pages = {{1--1}}, publisher = {{IEEE - Institute of Electrical and Electronics Engineers Inc.}}, series = {{IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems}}, title = {{On Modeling and Detecting Trojans in Instruction Sets}}, url = {{http://dx.doi.org/10.1109/TCAD.2024.3389558}}, doi = {{10.1109/TCAD.2024.3389558}}, year = {{2024}}, }