Hardware is the New Software: Finding Exploitable Bugs in Hardware Designs
Abstract:
Bugs in hardware designs can create vulnerabilities that open the machine
to malicious exploit. Despite mature functional validation tools and new
research in designing secure hardware, the question of how to find and
recognize those bugs remains open. My students and I have developed two
tools in response to this question. The first is a security specification
miner; it semi-automatically identifies security-critical properties of a
design specified at the register transfer level. The second tool, Coppelia,
is a symbolic execution engine that explores a hardware design and
generates complete exploits for the security bugs it finds. We use Coppelia
and our set of generated security properties to find new bugs in the
open-source RISC-V and OR1k CPU architectures.