Researchers from Boston University and University of Washington published a technical paper titled “ProcessorFuzz: Guiding Processor Fuzzing using Control and Status Registers.”
Abstract
“As the complexity of modern processors has increased over the years, developing effective verification strategies to identify bugs prior to manufacturing has become critical. Undiscovered micro-architectural bugs in processors can manifest as severe security vulnerabilities in the form of side channels, functional bugs, etc. Inspired by software fuzzing, a technique commonly used for software testing, multiple recent works use hardware fuzzing for the verification of Register-Transfer Level (RTL) designs. However, these works suffer from several limitations such as lack of support for widely-used Hardware Description Languages (HDLs) and misleading coverage-signals that misidentify “interesting” inputs. Towards overcoming these shortcomings, we present ProcessorFuzz, a processor fuzzer that guides the fuzzer with a novel CSR-transition coverage metric. ProcessorFuzz monitors the transitions in Control and Status Registers (CSRs) as CSRs are in charge of controlling and holding the state of the processor. Therefore, transitions in CSRs indicate a new processor state, and guiding the fuzzer based on this feedback enables ProcessorFuzz to explore new processor states. ProcessorFuzz is agnostic to the HDL and does not require any instrumentation in the processor design. Thus, it supports a wide range of RTL designs written in different hardware languages. We evaluated ProcessorFuzz with three real-world open-source processors — Rocket, BOOM, and BlackParrot. ProcessorFuzz triggered a set of ground-truth bugs 1.23× faster (on average) than DIFUZZRTL. Moreover, our experiments exposed 8 new bugs across the three RISC-V cores and one new bug in a reference model. All nine bugs were confirmed by the developers of the corresponding projects.”
Find the technical paper here. Published September 2022.
Authors: Sadullah Canakci, Chathura Rajapaksha, Anoop Mysore Nataraja, Leila Delshadtehrani, Michael Taylor, Manuel Egele, Ajay Joshi
arXiv:2209.01789v1.
Related Reading
Security-related Technical Papers
Semiconductor Security Knowledge Center
Design For Security Now Essential For Chips, Systems
How good methodologies can help limit breaches.
Chip Backdoors: Assessing The Threat
Steps are being taken to minimize problems, but they will take years to implement.
Leave a Reply