Design and manufacturing of integrated circuits predominantly use a globally distributed semiconductor supply chain involving diverse entities. The modern semiconductor supply chain has been designed to boost production efficiency, but is filled with major security concerns such as malicious modifications (hardware Trojans), reverse engineering (RE), and cloning. While being deployed, digital systems are also subject to a plethora of threats such as power, timing, and electromagnetic (EM) side channel attacks. Many Design-for-Security (DFS) solutions have been proposed to deal with these vulnerabilities, and such solutions (DFS) relays on strategic modifications (e.g., logic locking, side channel resilient masking, and dummy logic insertion) of the digital designs for ensuring a higher level of security. However, most of these DFS strategies lack robust formalism, are often not human-understandable, and require an extensive amount of human expert effort during their development/use. All of these factors make it difficult to keep up with the ever growing number of microelectronic vulnerabilities. In this work, we propose X-DFS, an explainable Artificial Intelligence (AI) guided DFS solution-space exploration approach that can dramatically cut down the mitigation strategy development/use time while enriching our understanding of the vulnerability by providing human-understandable decision rationale. We implement X-DFS and comprehensively evaluate it for reverse engineering threats (SAIL, SWEEP, and OMLA) and formalize a generalized mechanism for applying X-DFS to defend against other threats such as hardware Trojans, fault attacks, and side channel attacks for seamless future extensions.
翻译:集成电路的设计与制造主要依赖于涉及众多实体的全球化半导体供应链。现代半导体供应链旨在提升生产效率,却充斥着恶意修改(硬件木马)、逆向工程(RE)与克隆等重大安全隐患。数字系统在部署过程中同样面临功耗、时序与电磁(EM)侧信道攻击等大量威胁。为应对这些漏洞,学界已提出多种面向安全的设计(DFS)解决方案,此类方案通过对数字设计进行策略性修改(例如逻辑锁定、抗侧信道掩码技术与虚拟逻辑插入)来确保更高层级的安全。然而,现有DFS策略大多缺乏严谨的形式化框架,其决策过程往往难以被人理解,且在开发与应用阶段需耗费大量专家人力。这些因素导致现有方法难以应对日益增长的微电子安全漏洞。本研究提出X-DFS——一种可解释人工智能(AI)引导的DFS解决方案空间探索方法,该方法通过提供人类可理解的决策依据,在深化漏洞认知的同时,能显著缩短防护策略的开发与应用周期。我们实现了X-DFS系统,并针对逆向工程威胁(SAIL、SWEEP与OMLA)进行了全面评估,同时构建了可扩展的通用机制框架,为未来无缝扩展至硬件木马、故障攻击及侧信道攻击等威胁的防御奠定理论基础。