Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

(Security) Assertions by Large Language Models (2306.14027v2)

Published 24 Jun 2023 in cs.CR and cs.AI

Abstract: The security of computer systems typically relies on a hardware root of trust. As vulnerabilities in hardware can have severe implications on a system, there is a need for techniques to support security verification activities. Assertion-based verification is a popular verification technique that involves capturing design intent in a set of assertions that can be used in formal verification or testing-based checking. However, writing security-centric assertions is a challenging task. In this work, we investigate the use of emerging LLMs for code generation in hardware assertion generation for security, where primarily natural language prompts, such as those one would see as code comments in assertion files, are used to produce SystemVerilog assertions. We focus our attention on a popular LLM and characterize its ability to write assertions out of the box, given varying levels of detail in the prompt. We design an evaluation framework that generates a variety of prompts, and we create a benchmark suite comprising real-world hardware designs and corresponding golden reference assertions that we want to generate with the LLM.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (44)
  1. M. Rostami, F. Koushanfar, and R. Karri, “A Primer on Hardware Security: Models, Methods, and Metrics,” Proceedings of the IEEE, vol. 102, no. 8, pp. 1283–1295, Aug. 2014. [Online]. Available: http://ieeexplore.ieee.org/document/6860363/
  2. K. Xiao et al., “Hardware Trojans: Lessons Learned after One Decade of Research,” ACM Transactions on Design Automation of Electronic Systems (TODAES), vol. 22, no. 1, pp. 6:1–6:23, May 2016. [Online]. Available: http://doi.org/10.1145/2906147
  3. A. Chakraborty et al., “Keynote: A Disquisition on Logic Locking,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 39, no. 10, pp. 1952–1972, Oct. 2020, conference Name: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.
  4. K. Basu et al., “CAD-Base: An Attack Vector into the Electronics Supply Chain,” ACM Transactions on Design Automation of Electronic Systems, vol. 24, no. 4, pp. 38:1–38:30, Apr. 2019. [Online]. Available: https://doi.org/10.1145/3315574
  5. P. Kocher et al., “Spectre Attacks: Exploiting Speculative Execution,” in 2019 IEEE Symposium on Security and Privacy (SP), May 2019, pp. 1–19, iSSN: 2375-1207.
  6. M. Lipp et al., “Meltdown: Reading Kernel Memory from User Space,” Communications of the ACM, vol. 63, no. 6, pp. 46–56, 2020.
  7. Y. Kim et al., “Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors,” in 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA), Jun. 2014, pp. 361–372, iSSN: 1063-6897.
  8. T. S. Tan and B. A. Rosdi, “Verilog HDL Simulator Technology: A Survey,” Journal of Electronic Testing, vol. 30, no. 3, pp. 255–269, Jun. 2014. [Online]. Available: https://doi.org/10.1007/s10836-014-5449-5
  9. C. Kern and M. R. Greenstreet, “Formal verification in hardware design: a survey,” ACM Transactions on Design Automation of Electronic Systems, vol. 4, no. 2, pp. 123–193, Apr. 1999. [Online]. Available: https://doi.org/10.1145/307988.307989
  10. J. Rajendran, V. Vedula, and R. Karri, “Detecting Malicious Modifications of Data in Third-Party Intellectual Property Cores,” Proceedings of the 52nd Annual Design Automation Conference, pp. 1–6, 2015.
  11. T. Trippel et al., “Fuzzing Hardware Like Software,” USENIX Security Symposium, pp. 3237–3254, 2022.
  12. R. Kande et al., “TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities,” USENIX Security Symposium, pp. 3219–3236, 2022.
  13. A. Ardeshiricham, W. Hu, J. Marxen, and R. Kastner, “Register transfer level information flow tracking for provably secure hardware design,” in Design, Automation Test in Europe Conference Exhibition (DATE), 2017, Mar. 2017, pp. 1691–1696, iSSN: 1558-1101.
  14. C. Chen et al., “HyPFuzz: Formal-Assisted Processor Fuzzing,” arXiv preprint arXiv:2304.02485, 2023.
  15. H. Witharana, Y. Lyu, S. Charles, and P. Mishra, “A Survey on Assertion-based Hardware Verification,” ACM Computing Surveys, vol. 54, no. 11s, pp. 225:1–225:33, Sep. 2022. [Online]. Available: https://doi.org/10.1145/3510578
  16. Z. Ren and H. Al-Asaad, “Overview of assertion-based verification and its applications,” in International Conference on Embedded Systems, Cyber-physical Systems, & Applications (ESCS).   CSREA Press, 2016.
  17. S. Vasudevan et al., “GoldMine: Automatic assertion generation using data mining and static analysis,” in 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010), Mar. 2010, pp. 626–629, iSSN: 1558-1101.
  18. S. Hertz, D. Sheridan, and S. Vasudevan, “Mining Hardware Assertions With Guidance From Static Analysis,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 32, no. 6, pp. 952–965, Jun. 2013, conference Name: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.
  19. H. Witharana, A. Jayasena, A. Whigham, and P. Mishra, “Automated Generation of Security Assertions for RTL Models,” ACM Journal on Emerging Technologies in Computing Systems, Nov. 2022, just Accepted. [Online]. Available: https://doi.org/10.1145/3565801
  20. M. Chen et al., “Evaluating Large Language Models Trained on Code,” Jul. 2021, arXiv:2107.03374 [cs]. [Online]. Available: http://arxiv.org/abs/2107.03374
  21. G. Dessouky et al., “Hardfails: Insights into Software-Exploitable Hardware Bugs,” in Proceedings of the 28th USENIX Conference on Security Symposium, ser. SEC’19.   Santa Clara, CA, USA: USENIX Association, 2019, pp. 213–230.
  22. R. Mihalcea, H. Liu, and H. Lieberman, “NLP (Natural Language Processing) for NLP (Natural Language Programming),” in Computational Linguistics and Intelligent Text Processing, A. Gelbukh, Ed.   Springer Berlin Heidelberg, 2006, pp. 319–330.
  23. A. Radford et al., “Language models are unsupervised multitask learners,” OpenAI blog, vol. 1, no. 8, p. 9, 2019.
  24. J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, “BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding,” in Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers).   Minneapolis, Minnesota: Association for Computational Linguistics, Jun. 2019, pp. 4171–4186. [Online]. Available: https://aclanthology.org/N19-1423
  25. A. Vaswani et al., “Attention is All you Need,” in Advances in Neural Information Processing Systems, vol. 30.   Curran Associates, Inc., 2017. [Online]. Available: https://proceedings.neurips.cc/paper/2017/hash/3f5ee243547dee91fbd053c1c4a845aa-Abstract.html
  26. P. Gage, “A New Algorithm for Data Compression,” C Users Journal, vol. 12, no. 2, pp. 23–38, Feb. 1994.
  27. GitHub, “GitHub Copilot · Your AI pair programmer.” [Online]. Available: https://copilot.github.com/
  28. H. Pearce et al., “Asleep at the Keyboard? Assessing the Security of GitHub Copilot’s Code Contributions,” in 2022 IEEE Symposium on Security and Privacy (SP), May 2022, pp. 754–768, iSSN: 2375-1207.
  29. ——, “Examining Zero-Shot Vulnerability Repair with Large Language Models,” Aug. 2022, arXiv:2112.02125 [cs]. [Online]. Available: http://arxiv.org/abs/2112.02125
  30. M. Shoeybi et al., “Megatron-LM: Training Multi-Billion Parameter Language Models Using Model Parallelism,” Mar. 2020, arXiv:1909.08053 [cs]. [Online]. Available: http://arxiv.org/abs/1909.08053
  31. E. Nijkamp et al., “A Conversational Paradigm for Program Synthesis,” Mar. 2022, arXiv:2203.13474 [cs]. [Online]. Available: http://arxiv.org/abs/2203.13474
  32. H. Pearce, B. Tan, and R. Karri, “DAVE: Deriving Automatically Verilog from English,” in Proceedings of the 2020 ACM/IEEE Workshop on Machine Learning for CAD.   Virtual Event Iceland: ACM, Nov. 2020, pp. 27–32. [Online]. Available: https://dl.acm.org/doi/10.1145/3380446.3430634
  33. W. Zhong, C. Li, J. Ge, and B. Luo, “Neural Program Repair : Systems, Challenges and Solutions,” in 13th Asia-Pacific Symposium on Internetware.   Hohhot China: ACM, Jun. 2022, pp. 96–106. [Online]. Available: https://dl.acm.org/doi/10.1145/3545258.3545268
  34. H. Pearce et al., “Can OpenAI Codex and Other Large Language Models Help Us Fix Security Bugs?” arXiv:2112.02125 [cs], Apr. 2022, arXiv: 2112.02125. [Online]. Available: http://arxiv.org/abs/2112.02125
  35. C. Wang, Y. Cai, Q. Zhou, and H. Wang, “ASAX: Automatic security assertion extraction for detecting Hardware Trojans,” in 2018 23rd Asia and South Pacific Design Automation Conference (ASP-DAC), Jan. 2018, pp. 84–89, iSSN: 2153-697X.
  36. C. Deutschbein and C. Sturton, “Mining Security Critical Linear Temporal Logic Specifications for Processors,” in 2018 19th International Workshop on Microprocessor and SOC Test and Verification (MTV), Dec. 2018, pp. 18–23, iSSN: 2332-5674.
  37. C. B. Harris and I. G. Harris, “GLAsT: Learning formal grammars to translate natural language specifications into hardware assertions,” in Design, Automation Test in Europe Conf. Exhibition (DATE), 2016, pp. 966–971.
  38. R. Zhang and C. Sturton, “Transys: Leveraging Common Security Properties Across Hardware Designs,” in 2020 IEEE Symposium on Security and Privacy (SP).   San Francisco, CA, USA: IEEE, May 2020, pp. 1713–1727. [Online]. Available: https://ieeexplore.ieee.org/document/9152775/
  39. C. Chen et al., “Trusting the Trust Anchor: Towards Detecting Cross-Layer Vulnerabilities with Hardware Fuzzing,” 59th ACM/IEEE Design Automation Conference, p. 1379–1383, 2022.
  40. A.-R. Sadeghi, J. Rajendran, and R. Kande, “Organizing The World’s Largest Hardware Security Competition: Challenges, Opportunities, and Lessons Learned,” Great Lakes Symposium on VLSI, p. 95–100, 2021.
  41. lowRISC contributors, “Open source silicon root of trust (RoT) | OpenTitan.” [Online]. Available: https://opentitan.org/
  42. Siemens, “Modelsim,” https://eda.sw.siemens.com/en-US/ic/modelsim/, 2021, Last accessed on 04/08/2021.
  43. S. Thakur, “Finetuned codegen-2B-Verilog model,” https://huggingface.co/shailja, 2022, Last accessed on 01/05/2022.
  44. OpenAI, “ChatGPT: Optimizing Language Models for Dialogue,” https://openai.com/blog/chatgpt/, 2022, Last accessed on 01/05/2022.
Citations (35)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now