Hardware security is an important concern of system security as vulnerabilities can arise from design errors introduced throughout the development lifecycle. Recent works have proposed techniques to detect hardware security bugs, such as static analysis, fuzzing, and symbolic execution. However, the fundamental properties of hardware security bugs remain relatively unexplored. To gain a better understanding of hardware security bugs, we perform a deep dive into the popular OpenTitan project, including its bug reports and bug fixes. We manually classify the bugs as relevant to functionality or security and analyze characteristics, such as the impact and location of security bugs, and the size of their bug fixes. We also investigate relationships between security impact and bug management during development. Finally, we propose an abstract syntax tree-based analysis to identify the syntactic characteristics of bug fixes. Our results show that 53% of the bugs in OpenTitan have potential security implications and that 55% of all bug fixes modify only one file. Our findings underscore the importance of security-aware development practices and tools and motivate the development of techniques that leverage the highly localized nature of hardware bugs.

翻译：硬件安全是系统安全的重要关注点，因为整个开发生命周期中引入的设计错误都可能引发漏洞。近期研究提出了多种检测硬件安全漏洞的技术，例如静态分析、模糊测试和符号执行。然而，硬件安全漏洞的基本特性仍相对缺乏探索。为深入理解硬件安全漏洞，我们对流行的OpenTitan项目进行了深度分析，涵盖其漏洞报告与修复记录。我们以人工方式将漏洞划分为功能性漏洞和安全性漏洞，并分析其特性，包括安全漏洞的影响范围、出现位置及修复补丁的规模，同时探究开发过程中安全影响与漏洞管理之间的关联。最后，我们提出基于抽象语法树的分析方法，以识别漏洞修复的语法特征。研究结果表明：OpenTitan项目中53%的漏洞存在潜在安全影响，且55%的漏洞修复仅涉及单个文件。这些发现凸显了安全感知型开发实践与工具的重要性，并推动基于硬件漏洞高度局部化特性的技术研发。