Rising device use and third-party IP integration in semiconductors raise security concerns. Unauthorized access, fault injection, and privacy invasion are potential threats from untrusted actors. Different security techniques have been proposed to provide resilience to secure devices from potential vulnerabilities; however, no one technique can be applied as an overarching solution. We propose an integrated Information Flow Tracking (IFT) technique to enable runtime security to protect system integrity by tracking the flow of data from untrusted communication channels. Existing hardware-based IFT schemes are either fine-, which are resource-intensive, or coarse-grained models, which have minimal precision logic, providing either control flow or data-flow integrity. No current security model provides multi-granularity due to the difficulty in balancing both the flexibility and hardware overheads at the same time. This study proposes a multi-level granularity IFT model that integrates a hardware-based IFT technique with a gate-level-based IFT (GLIFT) technique, along with flexibility, for better precision and assessments. Translation from the instruction level to the data level is based on module instantiation with security-critical data for accurate information flow behaviors without any false conservative flows. A simulation-based IFT model is demonstrated, which translates the architecture-specific extensions into a compiler-specific simulation model with toolchain extensions for Reduced Instruction Set Architecture (RISC-V) to verify the security extensions. This approach provides better precision logic by enhancing the tagged mechanism with 1-bit tags and implementing an optimized shadow logic that eliminates the area overhead by tracking the data for only security-critical modules.

翻译：随着设备使用量的增长以及半导体中第三方知识产权（IP）的集成，安全问题日益凸显。未经授权的访问、故障注入以及隐私侵犯是来自不可信实体的潜在威胁。已有多种安全技术被提出，旨在增强设备韧性，防范潜在漏洞；然而，尚无一种技术可作为普适性解决方案。我们提出一种集成式信息流追踪（IFT）技术，通过追踪来自不可信通信信道的数据流，实现运行时安全，以保护系统完整性。现有的基于硬件的IFT方案要么是资源密集型的细粒度模型，要么是精度逻辑极低的粗粒度模型，且仅能提供控制流或数据流完整性。由于难以同时兼顾灵活性与硬件开销，当前尚无安全模型能够提供多粒度支持。本研究提出一种多层级粒度IFT模型，该模型将基于硬件的IFT技术与基于门级的IFT（GLIFT）技术相结合，并兼具灵活性，以实现更高的精度与评估能力。从指令级到数据级的转换基于模块实例化，并采用安全关键数据，以确保信息流行为的准确性，避免出现任何虚假的保守流。我们展示了一种基于仿真的IFT模型，该模型将架构特定的扩展转化为编译器特定的仿真模型，并配套工具链扩展，用于精简指令集架构（RISC-V），以验证安全扩展。该方法通过引入1位标签增强标签机制，并实现优化的影子逻辑，仅追踪安全关键模块的数据，从而消除了面积开销，提供了更优的精度逻辑。