Isadora: Automated Information Flow Property Generation for Hardware Designs
This addresses the problem of manual security specification creation for hardware designers, though it appears incremental as it builds on existing techniques.
Isadora automates the generation of information flow properties for hardware designs, combining tracking and mining to produce security specifications without user input, and it aligns with expert-written properties in evaluations on RISC-V and SoC designs.
Isadora is a methodology for creating information flow specifications of hardware designs. The methodology combines information flow tracking and specification mining to produce a set of information flow properties that are suitable for use during the security validation process, and which support a better understanding of the security posture of the design. Isadora is fully automated; the user provides only the design under consideration and a testbench and need not supply a threat model nor security specifications. We evaluate Isadora on a RISC-V processor plus two designs related to SoC access control. Isadora generates security properties that align with those suggested by the Common Weakness Enumerations (CWEs), and in the case of the SoC designs, align with the properties written manually by security experts.