Paper 2025/546

BugWhisperer: Fine-Tuning LLMs for SoC Hardware Vulnerability Detection

Shams Tarek, University of Florida
Dipayan Saha, University of Florida
Sujan Kumar Saha, University of Florida
Farimah Farahmandi, University of Florida
Abstract

The current landscape of system-on-chips (SoCs) security verification faces challenges due to manual, labor-intensive, and inflexible methodologies. These issues limit the scalability and effectiveness of security protocols, making bug detection at the Register-Transfer Level (RTL) difficult. This paper proposes a new framework named BugWhisperer that utilizes a specialized, fine-tuned Large Language Model (LLM) to address these challenges. By enhancing the LLM's hardware security knowledge and leveraging its capabilities for text inference and knowledge transfer, this approach automates and improves the adaptability and reusability of the verification process. We introduce an open-source, fine-tuned LLM specifically designed for detecting security vulnerabilities in SoC designs. Our findings demonstrate that this tailored LLM effectively enhances the efficiency and flexibility of the security verification process. Additionally, we introduce a comprehensive hardware vulnerability database that supports this work and will further assist the research community in enhancing the security verification process.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. IEEE VLSI Test Symposium (VTS) 2025
Keywords
Large Language ModelFine-tuningHardware SecuritySecurity VerificationHardware Vulnerability Database
Contact author(s)
shams tarek @ ufl edu
dsaha @ ufl edu
sujansaha @ ufl edu
farimah @ ece ufl edu
History
2025-03-25: approved
2025-03-24: received
See all versions
Short URL
https://ia.cr/2025/546
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/546,
      author = {Shams Tarek and Dipayan Saha and Sujan Kumar Saha and Farimah Farahmandi},
      title = {{BugWhisperer}: Fine-Tuning {LLMs} for {SoC} Hardware Vulnerability Detection},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/546},
      year = {2025},
      url = {https://eprint.iacr.org/2025/546}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.