In contemporary Electronic Design Automation (EDA) tools, security often takes a backseat to the primary goals of power, performance, and area optimization. Commonly, the security analysis is conducted by hand, leading to vulnerabilities in the design remaining unnoticed. Security-aware EDA tools assist the designer in the identification and removal of security threats while keeping performance and area in mind. Cutting-edge methods employ information flow analysis to identify inadvertent information leaks in design structures. Current information leakage detection methods use quantitative information flow analysis to quantify the leaks. However, handling sequential circuits poses challenges for state-of-the-art techniques due to their time-agnostic nature, overlooking timing channels, and introducing false positives. To address this, we introduce QTFlow, a timing-sensitive framework for quantifying hardware information leakages during the design phase. Illustrating its effectiveness on open-source benchmarks, QTFlow autonomously identifies timing channels and diminishes all false positives arising from time-agnostic analysis when contrasted with current state-of-the-art techniques.

翻译：在当代电子设计自动化（EDA）工具中，安全性往往次于功耗、性能和面积优化等首要目标。通常安全分析由人工完成，导致设计中的漏洞未被察觉。安全感知型EDA工具可辅助设计者在兼顾性能与面积的前提下识别并消除安全威胁。前沿方法采用信息流分析来识别设计结构中的无意信息泄漏。现有信息泄漏检测方法通过定量信息流分析量化泄漏程度。然而，由于现有技术的时间无关特性，其在处理时序电路时面临挑战——忽略时间信道并引入误报。为此，我们提出QTFlow——一种在设计阶段量化硬件信息泄漏的时序敏感框架。通过在开源基准测试上验证其有效性，QTFlow可自主识别时间信道，并消除与当前最先进技术相比因时间无关分析产生的所有误报。