On Modeling and Detecting Trojans in Instruction Sets

Amid growing concerns about hardware security, comprehensive security testing has become essential for chip certification. This paper proposes a deep-testing method for identifying Trojans of particular concern to middle-to-high-end users, with a focus on illegal instructions. A hidden instruction Trojan can employ a low-probability sequence of normal instructions as a boot sequence, which is followed by an illegal instruction that triggers the Trojan. This enables the Trojan to remain deeply hidden within the processor. It then exploits an intrusion mechanism to acquire Linux control authority by setting a hidden interrupt as its payload. We have developed an unbounded model checking (UMC) technique to uncover such Trojans. The proposed UMC technique has been optimized with slicing based on the input cone, head-point replacement, and backward implication. Our experimental results demonstrate that the presented instruction Trojans can survive detection by existing methods, thus allowing normal users to steal root user privileges and compromising the security of processors. Moreover, our proposed deep-testing method is empirically shown to be a powerful and effective approach for detecting these instruction Trojans.

He, AodiTongji University (author)
Li, JiayingTongji University (author)
Rezine, AhmedLinköping University (author)
Peng, ZeboLinköping University (author)
Larsson, ErikLund University,Lunds universitet,LTH Ingenjörshögskolan vid Campus Helsingborg,Institutioner vid LTH,Lunds Tekniska Högskola,Integrerade elektroniksystem,Forskargrupper vid Lunds universitet,LTH profilområde: Nanovetenskap och halvledarteknologi,LTH profilområden,LTH profilområde: AI och digitalisering,LTH School of Engineering in Helsingborg,Departments at LTH,Faculty of Engineering, LTH,Integrated Electronic Systems,Lund University Research Groups,LTH Profile Area: Nanoscience and Semiconductor Technology,LTH Profile areas,Faculty of Engineering, LTH,LTH Profile Area: AI and Digitalization,Faculty of Engineering, LTH(Swepub:lu)eit-eil (author)
Yang, TaoZhejiang Lab (author)
Jiang, JianhuiTongji University (author)
Li, HuaweiInstitute of Computing Technology Chinese Academy of Sciences (author)
Linköping UniversityTongji University (creator_code:org_t)

In:IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, s. 1-10278-0070

By the author/editor: Zhang, Ying; He, Aodi; Li, Jiaying; Rezine, Ahmed; Peng, Zebo; Larsson, Erik; show more...; Yang, Tao; Jiang, Jianhui; Li, Huawei; show less...

About the subject

ENGINEERING AND TECHNOLOGY: ENGINEERING AND ...; and Electrical Engin ...; and Computer Systems

Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.