ECE Seminar: Hardware is the New Software: Finding Exploitable Bugs in Hardware Designs
Bugs in hardware designs can create exploitable vulnerabilities. Today's hardware designs undergo extensive functional validation using formal verification and testing. However, these methods are not sufficient for security validation. Finding bugs that may critically affect security often requires semantic knowledge of the design and insight into the threat posed by any found bug. The questions of what constitutes a security bug and how to recognize those bugs that will open the design to malicious exploit remain open. In this talk I will discuss two tools my students and I developed in response to these questions. The first tool semi-automatically identifies security-critical properties of a design specified at the register transfer level. The second tool, Coppelia, is a symbolic execution engine we built to explore a hardware design and generate complete exploits for any bugs it finds. We use Coppelia and our set of generated security properties to find new bugs in open source RISC CPUs.