Security data path verification
First Claim
1. A computer implemented method for security verification of a circuit design, the method comprising:
- receiving at first circuit model of the circuit design;
receiving one or more parameters identifying a first location within the circuit design that is a source of tainted data and a second location within the circuit design that is coupled to the first location;
receiving an indication of a portion of the circuit design to be modeled as a black box, the portion located along one more transmission paths between the first and second locations within the circuit design;
generating an abstracted version of the portion of the circuit design;
generating a second circuit model of the circuit design by modifying the first circuit model with the abstracted version of the portion of the circuit design; and
verifying, using the second circuit model, whether the tainted data can reach the second location within the circuit design from the first location within the circuit design.
3 Assignments
0 Petitions
Accused Products
Abstract
A formal verification approach verifies data access and data propagation paths in a circuit design by proving the unreachability of path cover properties of the circuit design. A security path verification system receives an original circuit model of a circuit design, along with parameters identifying a first location within the circuit design that is a source of tainted data and a second location within the circuit design that is coupled to the first location. The security path verification system also receives a selection of portions of the circuit design to be excluded from the verification analysis. Using an abstracted version of the exclude portions, the security verification system generates a second circuit model of the circuit design for use in determining whether the tainted data can reach the second location from the first location within the circuit design.
43 Citations
26 Claims
-
1. A computer implemented method for security verification of a circuit design, the method comprising:
-
receiving at first circuit model of the circuit design; receiving one or more parameters identifying a first location within the circuit design that is a source of tainted data and a second location within the circuit design that is coupled to the first location; receiving an indication of a portion of the circuit design to be modeled as a black box, the portion located along one more transmission paths between the first and second locations within the circuit design; generating an abstracted version of the portion of the circuit design; generating a second circuit model of the circuit design by modifying the first circuit model with the abstracted version of the portion of the circuit design; and verifying, using the second circuit model, whether the tainted data can reach the second location within the circuit design from the first location within the circuit design. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium containing computer program code for security verification of a circuit design, the code comprising code for:
-
receiving a first circuit model of the circuit design; receiving one or more parameters identifying a first location within the circuit design that is a source of tainted data and a second location within the circuit design that is coupled to the first location; receiving an indication of a portion of the circuit design to be modeled as a black box, the indicated portion located along one more transmission paths between the first and second locations within the circuit design; generating an abstracted version of the portion of the circuit design; generating a second circuit model of the circuit design by modifying the first circuit model with the abstracted version of the portion of the circuit design; and verifying, using the second circuit model, whether the tainted data can reach the second location within the circuit design from the first location within the circuit design. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A system for security verification of a circuit design, comprising:
-
non-transitory memory storing thereupon program code that comprises a sequence of instructions; a processor or a processor core that executes one or more threads of execution of a computing system, wherein the sequence of instructions executed by the processor or processor core causes the processor or processor core at least to receive a first circuit model of the circuit design;
receive one or more parameters identifying a first location within the circuit design that is a source of tainted data and a second location within the circuit design that is coupled to the first location;
receive an indication of a portion of the circuit design to be modeled as a black box, the portion located along one more transmission paths between the first and second locations within the circuit design;
generate an abstracted version of the portion of the circuit design;
generate a second circuit model of the circuit design by modifying the first circuit model with the abstracted version of the portion of the circuit design; and
verify, using the second circuit model, whether the tainted data can reach the second location within the circuit design from the first location within the circuit design. - View Dependent Claims (22, 23, 24, 25, 26)
-
Specification