COVERT: Trojan Detection in COTS Hardware via Statistical Activation of Microarchitectural Events
By Mahmudul Hasan 1, Sudipta Paria 2, Swarup Bhunia 2 and Tamzidul Hoque 1
1 Department of Electrical Engineering and Computer Science, University of Kansas, Lawrence, KS 66045, USA
2 Department of Electrical and Computer Engineering, University of Florida, Gainesville, FL 32611, USA
Abstract
Commercial Off-The-Shelf (COTS) hardware, such as microprocessors, are widely adopted in system design due to their ability to reduce development time and cost compared to custom solutions. However, supply chain entities involved in the design and fabrication of COTS components are considered untrusted from the consumer’s standpoint due to the potential insertion of hidden malicious logic or hardware Trojans (HTs). Existing solutions to detect Trojans are largely inapplicable for COTS components due to their black-box nature and lack of access to a golden model. A few studies that apply require expensive equipment, lack scalability, and apply to a limited class of Trojans. In this work, we present a novel golden-free trust verification framework, COVERT, for COTS microprocessors, which can efficiently test the presence of hardware Trojan implants by identifying microarchitectural rare events and transferring activation knowledge from existing processor designs to trigger highly susceptible internal nodes. COVERT leverages Large Language Models to automatically generate test programs that trigger rare microarchitectural events, which may be exploited to develop Trojan trigger conditions. By deriving these events from publicly available Register Transfer Level implementations, COVERT can verify a wide variety of COTS microprocessors that inherit the same Instruction Set Architecture. We have evaluated the proposed framework on open-source RISC-V COTS microprocessors and demonstrated its effectiveness in activating combinational and sequential Trojan triggers with high coverage, highlighting the efficiency of the trust verification. By pruning rare microarchitectural events from mor1kx Cappuccino OpenRISC processor design, COVERT has been able to achieve more than 80% trigger coverage for the rarest 5% of events in or1k Marocchino and PicoRV32 as COTS processors.
Index Terms — Trojan Detection, Test Generation, Microarchitectural Events, COTS, Combinational and Sequential Trojans.
To read the full article, click here
Related Semiconductor IP
- eUSB2V2.0 Controller + PHY IP
- I/O Library with LVDS in SkyWater 90nm
- 50G PON LDPC Encoder/Decoder
- UALink Controller
- RISC-V Debug & Trace IP
Related Articles
- DRsam: Detection of Fault-Based Microarchitectural Side-Channel Attacks in RISC-V Using Statistical Preprocessing and Association Rule Mining
- A Survey on the Design, Detection, and Prevention of Pre-Silicon Hardware Trojans
- TROJAN-GUARD: Hardware Trojans Detection Using GNN in RTL Designs
- The Growing Imperative Of Hardware Security Assurance In IP And SoC Design
Latest Articles
- COVERT: Trojan Detection in COTS Hardware via Statistical Activation of Microarchitectural Events
- A Reconfigurable Framework for AI-FPGA Agent Integration and Acceleration
- Veri-Sure: A Contract-Aware Multi-Agent Framework with Temporal Tracing and Formal Verification for Correct RTL Code Generation
- FlexLLM: Composable HLS Library for Flexible Hybrid LLM Accelerator Design
- Secure Multi-Path Routing with All-or-Nothing Transform for Network-on-Chip Architectures