Research On Detection Techniques Of Instruction-triggered Hardware Trojan Horse

In the current information age, the information security is of great importance. However, thepresent situation of information security is unsatisfactory, and the attacking technologies emergein an endless stream. Especially hardware Trojan has become a new serious threat to informationsecurity. Being different from traditional malware, hardware Trojan closely depends on systeminfrastructure, which has stronger concealment and destructiveness. Thus, it is critical to carryout the research on detection techniques of hardware Trojan horse. The research on detectiontechniques of hardware Trojan horse has great significance in both theory and practice.With the study object of instruction-triggered hardware Trojan horse, the main works andcreations are as follows:1. Instruction-triggered hardware Trojan model is constructed. On the basis of classicalThimbleby Trojan model, hardware Trojan model is constructed combined with characteristics ofhardware Trojan. The analysis of instruction-triggered hardware Trojan is emphasized in thisdissertation. Then based on hardware Trojan model, the model of instruction-triggered hardwareTrojan is proposed.2. An instruction-triggered hardware Trojan detection technology is proposed. According toinstruction-triggered hardware Trojan model, the instruction-triggered hardware Trojan detectiontechnology based on instruction sequence covering is proposed. By traversing every instructionof firmware and having real-time monitoring on circuit behaviors, whether there is a hardwareTrojan or not could be judged. Model checking traverses all system states in order to find out theillegal behavior, which is in accordance with the thought of hardware Trojan detection based oninstruction sequence covering, and is suitable for the detection on instruction-triggered hardwareTrojan horse. Therefore, the instruction-triggered hardware Trojan detection technology based onmodel checking is proposed. The model generation algorithm and the method to extractproperties which will be validated are presented. Experimental results show thatinstruction-triggered hardware Trojan could be effectively found by the detection technologyproposed in this dissertation.3. The binary variable interval analysis method based on abstract interpretation is proposed.Combined with characteristics of firmware binary code, the binary variable interval abstractdomain is defined based on the theory of abstract interpretation, which is divided into word-leveldata interval domain and bit-level data interval domain. Interval arithmetic methods under thetwo kinds of interval abstract domain are presented. Conversion algorithms between the two kinds of variable interval domain are proposed. It is demonstrated by experiments that the binaryinterval analysis method based on abstract interpretation can effectively and accuratelydetermine the interval scope of binary variables.4. The state reduction technology based on sensitive location identification is proposed. Inthe process of detection using model checking, the state explosion is inevitable. In order toovercome this problem, the sensitive variable and the sensitive location are defined based oncharacteristics of firmware. The state reduction technology based on recognition of sensitivelocation is proposed. To improve the recognition efficiency, the sensitive location recognitionmethod combined with the subprocess abstract information is presented. The experimentalresults indicate that this technology can effectively reduce the state scale and relief the stateexplosion problem.