(Security) Assertions by Large Language Models

Rahul Kande; Hammond Pearce; Benjamin Tan; Brendan Dolan-Gavitt; Shailja Thakur; Ramesh Karri; Jeyavijayan Rajendran

doi:10.1109/TIFS.2024.3372809

(Security) Assertions by Large Language Models

Rahul Kande, Hammond Pearce, Benjamin Tan, Brendan Dolan-Gavitt, Shailja Thakur, Ramesh Karri, Jeyavijayan Rajendran

Electrical and Computer Engineering

Research output: Contribution to journal › Article › peer-review

Abstract

The security of computer systems typically relies on a hardware root of trust. As vulnerabilities in hardware can have severe implications on a system, there is a need for techniques to support security verification activities. Assertion-based verification is a popular verification technique that involves capturing design intent in a set of assertions that can be used in formal verification or testing-based checking. However, writing security-centric assertions is a challenging task. In this work, we investigate the use of emerging large language models (LLMs) for code generation in hardware assertion generation for security, where primarily natural language prompts, such as those one would see as code comments in assertion files, are used to produce SystemVerilog assertions. We focus our attention on a popular LLM and characterize its ability to write assertions out of the box, given varying levels of detail in the prompt. We design an evaluation framework that generates a variety of prompts, and we create a benchmark suite comprising real-world hardware designs and corresponding golden reference assertions that we want to generate with the LLM.

Original language	English (US)
Pages (from-to)	1
Number of pages	1
Journal	IEEE Transactions on Information Forensics and Security
Volume	19
DOIs	https://doi.org/10.1109/TIFS.2024.3372809
State	Published - 2024

Keywords

AI
assertion generation
Benchmark testing
ChatGPT
Codes
Codex
Hardware
hardware
hardware security
LLM
Security
Source coding
Task analysis
vulnerability detection
Writing

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Computer Networks and Communications

Access to Document

10.1109/TIFS.2024.3372809

Cite this

@article{c417a3fa75394f27a4175f02872b123e,

title = "(Security) Assertions by Large Language Models",

abstract = "The security of computer systems typically relies on a hardware root of trust. As vulnerabilities in hardware can have severe implications on a system, there is a need for techniques to support security verification activities. Assertion-based verification is a popular verification technique that involves capturing design intent in a set of assertions that can be used in formal verification or testing-based checking. However, writing security-centric assertions is a challenging task. In this work, we investigate the use of emerging large language models (LLMs) for code generation in hardware assertion generation for security, where primarily natural language prompts, such as those one would see as code comments in assertion files, are used to produce SystemVerilog assertions. We focus our attention on a popular LLM and characterize its ability to write assertions out of the box, given varying levels of detail in the prompt. We design an evaluation framework that generates a variety of prompts, and we create a benchmark suite comprising real-world hardware designs and corresponding golden reference assertions that we want to generate with the LLM.",

keywords = "AI, assertion generation, Benchmark testing, ChatGPT, Codes, Codex, Hardware, hardware, hardware security, LLM, Security, Source coding, Task analysis, vulnerability detection, Writing",

author = "Rahul Kande and Hammond Pearce and Benjamin Tan and Brendan Dolan-Gavitt and Shailja Thakur and Ramesh Karri and Jeyavijayan Rajendran",

note = "Publisher Copyright: {\textcopyright} 2005-2012 IEEE.",

year = "2024",

doi = "10.1109/TIFS.2024.3372809",

language = "English (US)",

volume = "19",

pages = "1",

journal = "IEEE Transactions on Information Forensics and Security",

issn = "1556-6013",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - (Security) Assertions by Large Language Models

AU - Kande, Rahul

AU - Pearce, Hammond

AU - Tan, Benjamin

AU - Dolan-Gavitt, Brendan

AU - Thakur, Shailja

AU - Karri, Ramesh

AU - Rajendran, Jeyavijayan

PY - 2024

Y1 - 2024

N2 - The security of computer systems typically relies on a hardware root of trust. As vulnerabilities in hardware can have severe implications on a system, there is a need for techniques to support security verification activities. Assertion-based verification is a popular verification technique that involves capturing design intent in a set of assertions that can be used in formal verification or testing-based checking. However, writing security-centric assertions is a challenging task. In this work, we investigate the use of emerging large language models (LLMs) for code generation in hardware assertion generation for security, where primarily natural language prompts, such as those one would see as code comments in assertion files, are used to produce SystemVerilog assertions. We focus our attention on a popular LLM and characterize its ability to write assertions out of the box, given varying levels of detail in the prompt. We design an evaluation framework that generates a variety of prompts, and we create a benchmark suite comprising real-world hardware designs and corresponding golden reference assertions that we want to generate with the LLM.

AB - The security of computer systems typically relies on a hardware root of trust. As vulnerabilities in hardware can have severe implications on a system, there is a need for techniques to support security verification activities. Assertion-based verification is a popular verification technique that involves capturing design intent in a set of assertions that can be used in formal verification or testing-based checking. However, writing security-centric assertions is a challenging task. In this work, we investigate the use of emerging large language models (LLMs) for code generation in hardware assertion generation for security, where primarily natural language prompts, such as those one would see as code comments in assertion files, are used to produce SystemVerilog assertions. We focus our attention on a popular LLM and characterize its ability to write assertions out of the box, given varying levels of detail in the prompt. We design an evaluation framework that generates a variety of prompts, and we create a benchmark suite comprising real-world hardware designs and corresponding golden reference assertions that we want to generate with the LLM.

KW - AI

KW - assertion generation

KW - Benchmark testing

KW - ChatGPT

KW - Codes

KW - Codex

KW - Hardware

KW - hardware

KW - hardware security

KW - LLM

KW - Security

KW - Source coding

KW - Task analysis

KW - vulnerability detection

KW - Writing

UR - http://www.scopus.com/inward/record.url?scp=85187333960&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85187333960&partnerID=8YFLogxK

U2 - 10.1109/TIFS.2024.3372809

DO - 10.1109/TIFS.2024.3372809

M3 - Article

AN - SCOPUS:85187333960

SN - 1556-6013

VL - 19

SP - 1

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

ER -

(Security) Assertions by Large Language Models

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this