Exploring the Abyss? Unveiling Systems-on-Chip Hardware Vulnerabilities Beneath Software

Due to the increasing size and complexity of system-on-chips (SoCs), new threats and vulnerabilities are emerging, mainly related to flaws at the system level. Due to the lack of decisive security requirements and properties from the perspective of the SoC designer, the system-level verification process, whose violation may lead to exploiting a hardware vulnerability, is not studied comprehensively. To enable more comprehensive verification of system-level properties, this paper presents a framework known as HUnTer (Hardware Underath Trigger) for identifying sets of instructions (sequences) at the processor unit (PU) that reveal the underlying hardware vulnerabilities. HUnTer automates (i) threat modeling, (ii) threat-based formal verification, (iii) generating counterexamples, and (iv) generating snippet code to exploit the vulnerability. Furthermore, the HUnTer framework defines a unique security coverage metric (HUnT_Coverage) to measure the performance and effectiveness of vulnerability exploits. To demonstrate the high effectiveness of the proposed framework, we conduct a wide variety of case studies using the HUnTer framework on RISC-V-based open-source SoC architecture and attains the security coverage of 86% as an average for 11 benchmarks of the Trust-Hub database.