Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing hardware designs for vulnerabilities to side-channel attacks. One of the methods includes receiving a request to analyze a device hardware design for side-channel vulnerabilities in the device after being manufactured. Physical characteristics data is obtained representing one or more physical characteristics of the device based on the device hardware design. Information flow analysis is performed to identify one or more signals of interest corresponding to digital assets. From the physical characteristics data and the one or more signals of interest, data representing potentially vulnerable signals in the device hardware design is generated. A leakage model is generated for the potentially vulnerable signals that quantifies one or more leakage criteria for one or more structures of the device hardware design.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying security vulnerabilities introduced by transformations to a hardware design. One of the methods includes obtaining a security model for an initial electronic hardware design and a modified electronic hardware design. An analysis process is performed on the initial representation and on the modified representation of the electronic hardware design according to the security model. If the modified electronic hardware design introduced a security vulnerability relative to the initial electronic hardware design, information representing the introduced security vulnerability is provided.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing information flow analysis on hardware designs to identify vulnerabilities. One of the methods includes generating input signals and feeding the generated input signals into the modified hardware design to generate a plurality of information flow signals, wherein the information flow signals each associate a respective input signal with a location in the modified hardware design to which the input signal was able to reach through logic circuitry of the modified hardware design. The generated information flow signals are evaluated according to one or more security criteria to generate security results. One or more security related applications are performed to generate information representing aspects of the design that are vulnerable to insecure behavior.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing information flow analysis on hardware designs to identify vulnerabilities. One of the methods includes receiving a set of security rules for a hardware design having information flow tracking logic. An information flow analysis process is performed to determine where design assets specified by the security rules flow in the hardware design. A user interface presentation is generated that presents a listing of modules through which the design asset flowed and an indication of when a flow of the design asset violated one or more of the security rules.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying security vulnerabilities introduced by transformations to a hardware design. One of the methods includes obtaining a security model for an initial electronic hardware design and a modified electronic hardware design. An analysis process is performed on the initial representation and on the modified representation of the electronic hardware design according to the security model. If the modified electronic hardware design introduced a security vulnerability relative to the initial electronic hardware design, information representing the introduced security vulnerability is provided.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing hardware designs for vulnerabilities to side-channel attacks. One of the methods includes receiving a request to analyze a device hardware design for side-channel vulnerabilities in the device after being manufactured. Physical characteristics data is obtained representing one or more physical characteristics of the device based on the device hardware design. Information flow analysis is performed to identify one or more signals of interest corresponding to digital assets. From the physical characteristics data and the one or more signals of interest, data representing potentially vulnerable signals in the device hardware design is generated. A leakage model is generated for the potentially vulnerable signals that quantifies one or more leakage criteria for one or more structures of the device hardware design.

Abstract: The present disclosure includes systems and methods relating to information flow tracking and detection of unintentional design flaws of digital devices and microprocessor systems. In general, in one implementation, a technique includes: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving one or more security properties specifying a restriction relating to the one or more labels for implementing an information flow model; generating the information flow model; performing verification using the information flow model, wherein verification comprises verifying whether the information flow model passes or fails against the one of more security properties; and upon verifying that the information flow model passes, determining that an unintentional design flaw is not identified in the hardware design.

Abstract: The present disclosure includes systems and methods relating to information flow and analyzing faults in integrated circuits for digital devices and microprocessor systems. In general, one implementation, involves a technique including: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving one or more fault properties specifying at least a fault type relating to the one or more labels for implementing an information flow model indicating a fault path in the hardware configuration; determining, for each of the one or more fault properties, a label value by translating the fault property into the information flow model; and automatically assigning a respective label value to each of the one or more labels in the hardware design.

Abstract: The present disclosure includes systems and techniques relating to information flow and hardware security for digital devices and microprocessor systems. In general, in one implementation, a technique includes: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving a security property specifying a restriction relating to the one or more labels for implementing a secure information flow in the hardware configuration; designating each of the one or more labels to a corresponding security level in accordance with the specified restriction; and automatically assigning a respective value to each of the one or more labels in the hardware design, wherein each respective value is determined in accordance with the corresponding security level designated for each of the one or more labels.

Abstract: The present disclosure includes systems and methods relating to information flow and analyzing faults in integrated circuits for digital devices and microprocessor systems. In general, one implementation, involves a technique including: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving one or more fault properties specifying at least a fault type relating to the one or more labels for implementing an information flow model indicating a fault path in the hardware configuration; determining, for each of the one or more fault properties, a label value by translating the fault property into the information flow model; and automatically assigning a respective label value to each of the one or more labels in the hardware design.

Abstract: The present disclosure includes systems and methods relating to information flow tracking and detection of unintentional design flaws of digital devices and microprocessor systems. In general, in one implementation, a technique includes: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving one or more security properties specifying a restriction relating to the one or more labels for implementing an information flow model; generating the information flow model; performing verification using the information flow model, wherein verification comprises verifying whether the information flow model passes or fails against the one of more security properties; and upon verifying that the information flow model passes, determining that an unintentional design flaw is not identified in the hardware design.

Abstract: The present disclosure includes systems and techniques relating to information flow and hardware security for digital devices and microprocessor systems. In general, in one implementation, a technique includes: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving a security property specifying a restriction relating to the one or more labels for implementing a secure information flow in the hardware configuration; designating each of the one or more labels to a corresponding security level in accordance with the specified restriction; and automatically assigning a respective value to each of the one or more labels in the hardware design, wherein each respective value is determined in accordance with the corresponding security level designated for each of the one or more labels.