Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing hardware designs for vulnerabilities to side-channel attacks. One of the methods includes receiving a request to analyze a device hardware design for side-channel vulnerabilities in the device after being manufactured. Physical characteristics data is obtained representing one or more physical characteristics of the device based on the device hardware design. Information flow analysis is performed to identify one or more signals of interest corresponding to digital assets. From the physical characteristics data and the one or more signals of interest, data representing potentially vulnerable signals in the device hardware design is generated. A leakage model is generated for the potentially vulnerable signals that quantifies one or more leakage criteria for one or more structures of the device hardware design.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing information flow analysis on hardware designs to identify vulnerabilities. One of the methods includes generating input signals and feeding the generated input signals into the modified hardware design to generate a plurality of information flow signals, wherein the information flow signals each associate a respective input signal with a location in the modified hardware design to which the input signal was able to reach through logic circuitry of the modified hardware design. The generated information flow signals are evaluated according to one or more security criteria to generate security results. One or more security related applications are performed to generate information representing aspects of the design that are vulnerable to insecure behavior.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing information flow analysis on hardware designs to identify vulnerabilities. One of the methods includes receiving a set of security rules for a hardware design having information flow tracking logic. An information flow analysis process is performed to determine where design assets specified by the security rules flow in the hardware design. A user interface presentation is generated that presents a listing of modules through which the design asset flowed and an indication of when a flow of the design asset violated one or more of the security rules.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing hardware designs for vulnerabilities to side-channel attacks. One of the methods includes receiving a request to analyze a device hardware design for side-channel vulnerabilities in the device after being manufactured. Physical characteristics data is obtained representing one or more physical characteristics of the device based on the device hardware design. Information flow analysis is performed to identify one or more signals of interest corresponding to digital assets. From the physical characteristics data and the one or more signals of interest, data representing potentially vulnerable signals in the device hardware design is generated. A leakage model is generated for the potentially vulnerable signals that quantifies one or more leakage criteria for one or more structures of the device hardware design.