Paper 2024/983
SoCureLLM: An LLM-driven Approach for Large-Scale System-on-Chip Security Verification and Policy Generation
Abstract
Contemporary methods for hardware security verification struggle with adaptability, scalability, and availability due to the increasing complexity of the modern system-on-chips (SoCs). Large language models (LLMs) have emerged as a viable approach to address these shortcomings in security verification because of their natural language understanding, advanced reasoning, and knowledge transfer capabilities. However, their application to large designs is limited by inherent token limitation and memorization constraints. In this paper, we introduce SoCureLLM, an LLM-based framework that excels in identifying security vulnerabilities within SoC designs and creating a comprehensive security policy database. Our framework is adaptable and adept at processing varied, large-scale designs, overcoming the abovementioned issues of LLM. In evaluations, SoCureLLM detected 76.47% of security bugs across three vulnerable RISC-V SoCs, outperforming the state-of-the-art security verification methods. Furthermore, assessing three additional large-scale RISC-V SoC designs against various threat models led to the formulation of 84 novel security policies, enriching the security policy database. Previously requiring extensive manual effort to craft, these newly generated security policies can be used as guidelines for developing secured SoC designs.
Note: This paper has been accepted at IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2025.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Published elsewhere. IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2025
- Keywords
- Large Language ModelHardware SecurityVerificationSecurity Bug DetectionPolicy Generation
- Contact author(s)
-
shams tarek @ ufl edu
dsaha @ ufl edu
sujansaha @ ufl edu
tehranipoor @ ece ufl edu
farimah @ ece ufl edu - History
- 2024-12-09: revised
- 2024-06-18: received
- See all versions
- Short URL
- https://ia.cr/2024/983
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/983, author = {Shams Tarek and Dipayan Saha and Sujan Kumar Saha and Mark Tehranipoor and Farimah Farahmandi}, title = {{SoCureLLM}: An {LLM}-driven Approach for Large-Scale System-on-Chip Security Verification and Policy Generation}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/983}, year = {2024}, url = {https://eprint.iacr.org/2024/983} }