Skip to main content

A Novel Security Vulnerability Detection Mechanism Using Information Flow Tracking on a given SOC

Conference: Verification Futures 2025 (click here to see full programme)
Speaker: Surinder Sood
Presentation Title: A Novel Security Vulnerability Detection Mechanism Using Information Flow Tracking on a given SOC
Abstract:

Non-Coherent access (NCA) is the mechanism used to exercise Non-Coherent (NC) transactions. These NC transactions commonly read or configure various System-on-Chip (SOC) registers. In SOC, NCA control mechanisms are implemented at various levels, defining restrictions on accessing sensitive resources from NC transactions generated by agents like Central processing unit (CPU), peripheral, co-processors, and so on. With increasing SOC complexity, the number of agents increases, and their communication path via interconnected Network-on-Chip (NOC) busses and routers NOC, referred to as Non-Coherent transaction path (NCP), gets more complex, resulting in multiple NCPs corresponding to the NCA of a single register from various agents. As a result, any NCP access violation across multiple NCPs can expose critical register data to unauthorized agents, allowing attackers to modify or access critical data via any malicious SW, as recently demonstrated by SW-Mounted physical Side-Channel attacks. Henceforth, in a complex SOC, validating multiple NCPs access control security vulnerabilities for numerous SOC registers is crucial. Therefore, in this paper we propose a novel approach to exploit all registers NCA security vulnerabilities in complex SOC. For the first time, the Information flow tracking (IFT) approach is utilized to define the allowable NCPs that can transfer data to the given register while respecting the SOC Access control architecture. This technique is used to threat model all SOC registers NCA. Where, we model the detected threats to mimic real-world attack scenarios by generating test scenarios and unified coverage, which is compatible with validation platforms like pre-silicon simulation, emulation, and post-silicon environment. The proposed methodology outperforms the current RAL-based access control validation method, which is limited to only a Simulation environment.

Speaker Bio:

ARM as a principal engineer, visiting Researcher at University of Manchester, and is a Senior member of IEEE-Circuit and Systems Society.

Key Points:
  • IFT
  • Threat modelling
  • Non coherent access
  • Close Menu