摘要
信息时代使得信息安全变得日益重要。攻击方为了获取想要的信息,除了使用软件方面的手段,如病毒、蠕虫、软件木马等,也使用硬件手段来威胁设备、系统和数据的安全,如在芯片中植入硬件木马等。如果将硬件木马植入信息处理的核心--处理器,那将风险更高、危害更大。然而,硬件木马位于信息系统底层核心的层面,难以被检测和发现出来。硬件木马是国内外学术界研究的热点课题,尤其是在设计阶段结合源代码的硬件木马检测问题,是新问题,也是有实际需要的问题。在上述背景下,围绕源代码中硬件木马的检测和验证展开了研究。基于硬件木马危害结果属性,在学术上提出基于安全风险的模型和验证规则,给出相应的描述形式,从理论上说明安全验证规则在减少验证盲目性、缩小可疑代码范围、提高评估效率的作用,实验表明,基于安全风险规则的验证,可以避免验证的盲目性和测试空间向量膨胀的问题,有效验证疑似硬件木马的存在和危害,对源代码安全评估是有一定效果的。
With the advent of the information age,information security has become increasingly important.In order to obtain the desired information,attackers not only use software means,such as viruses,worms,software trojans,but also use hardware means to threaten the security of devices,systems and data,such as hardware Trojans embedded in chips.If the hardware Trojan horse is embedded in the processor,which is the core of information processing,the risk will be higher and the harm will be greater.However,the hardware Trojan horse is located at the bottom of the information system core level,which is difficult to detect and discover.Hardware Trojan Horse is a hot topic in academic circles at home and abroad.Especially in the design stage,the problem of hardware Trojan Horse detection combined with source code is not only a new problem,but also a necessary one.This paper is based on the above background and combined with the actual needs of domestic chip RTL source code security risk assessment to carry out related work,mainly for the detection and verification of hardware Trojan in RTL source code.The main contents and contributions of this paper are as follows.Aiming at the problem that RTL level hardware Trojan has not yet given its characteristic attributes academically,the description form of hardware Trojan's attribute is given Based on the harm result attribute of Hardware Trojan,the model and verification rules based on security risk are put forward academically,and the corresponding description form is given,this paper theoretically explains the role of security verification rules in reducing the blindness of verification,reducing the scope of suspicious code,and improving the efficiency of evaluation,it can avoid the blindness of verification and the expansion of test space vector,and effectively verify the existence and harm of suspected hardware Trojans,which is effective for RTL source code security assessment.
作者
赵剑锋
史岗
Zhao Jianfeng;Shi Gang(School of Cybersecurity,University of Chinese Academy of Sciences,Beijing 100049,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China)
出处
《信息安全学报》
CSCD
2024年第1期111-122,共12页
Journal of Cyber Security
基金
国家“核高基”科技重大专项基金项目(No.2013ZX01029003-001)
国家“八六三”高技术研究发展计划基金项目(No.2012AA01A401)资助。