@inproceedings{77910ff7e5a248c7a07d4feff42ff68b,
title = "Don t CWEAT it: Toward CWE analysis techniques in early stages of hardware design",
abstract = "To help prevent hardware security vulnerabilities from propagating to later design stages where fixes are costly, it is crucial to identify security concerns as early as possible, such as in RTL designs. In this work, we investigate the practical implications and feasibility of producing a set of security-specific scanners that operate on Verilog source files. The scanners indicate parts of code that might contain one of a set of MITRE s common weakness enumerations (CWEs). We explore the CWE database to characterize the scope and attributes of the CWEs and identify those that are amenable to static analysis.We prototype scanners and evaluate them on 11 open source designs - 4 system-on-chips (SoC) and 7 processor cores - and explore the nature of identified weaknesses. Our analysis reported 53 potential weaknesses in the OpenPiton SoC used in Hack@DAC-21, 11 of which we confirmed as security concerns.",
keywords = "CWE, Hardware Security, Linting, RTL",
author = "Baleegh Ahmad and Liu, {Wei Kai} and Luca Collini and Hammond Pearce and Fung, {Jason M.} and Jonathan Valamehr and Mohammad Bidmeshki and Piotr Sapiecha and Steve Brown and Krishnendu Chakrabarty and Ramesh Karri and Benjamin Tan",
note = "Funding Information: We thank Verific Design Automation for generously providing academic access to linkable libraries, examples, and documentation for their RTL parsers. This research work is supported in part by a gift from Intel Corporation. This work does not in any way constitute an Intel endorsement of a product or supplier. We acknowledge the support of the Natural Sciences and Engineering Research Council of Canada (NSERC), RGPIN-2022-03027. Publisher Copyright: {\textcopyright} 2022 Copyright held by the owner/author(s). Publication rights licensed to ACM.; 41st IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2022 ; Conference date: 30-10-2022 Through 04-11-2022",
year = "2022",
month = oct,
day = "30",
doi = "10.1145/3508352.3549369",
language = "English (US)",
series = "IEEE/ACM International Conference on Computer-Aided Design, Digest of Technical Papers, ICCAD",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "Proceedings of the 41st IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2022",
}