QTFlow: Quantitative Timing-Sensitive Information Flow for Security-Aware Hardware Design on RTL

• Published in: 2024 International VLSI Symposium on Technology, Systems and Applications (VLSI TSA) pp. 1 - 4
• Main Authors: Reimann, Lennart M., Prashar, Anshul, Ghinami, Chiara, Pelke, Rebecca, Sisejkovic, Dominik, Merchant, Farhad, Leupers, Rainer
• Format: Conference Proceeding
• Language: English
• Published: IEEE 22.04.2024
• Subjects: Benchmark testing; confidentiality; hardware security; Information leakage; Measurement; Open source hardware; quantitative information flow; Sequential circuits; Timing; timing channels; Very large scale integration
• DOI: 10.1109/VLSITSA60681.2024.10546389

In contemporary Electronic Design Automation (EDA) tools, security often takes a backseat to the primary goals of power, performance, and area optimization. Commonly, the security analysis is conducted by hand, leading to vulnerabilities in the design remaining unnoticed. Security-aware EDA tools assist the designer in the identification and removal of security threats while keeping performance and area in mind. Cutting-edge methods employ information flow analysis to identify inadvertent information leaks in design structures. Current information leakage detection methods use quantitative infor-mation flow analysis to quantify the leaks. However, handling sequential circuits poses challenges for state-of-the-art techniques due to their time-agnostic nature, overlooking timing channels, and introducing false positives. To address this, we introduce QTFlow, a timing-sensitive framework for quantifying hardware information leakages during the design phase. Illustrating its effectiveness on open-source benchmarks, QTFlow autonomously identifies timing channels and diminishes all false positives arising from time-agnostic analysis when contrasted with current state-of-the-art techniques.