Design Of Verilog Code Suspicious Vulnerability Detection System

The concept of hardware suspicious vulnerability includes hardware trojan,malicious circuits,and other pre-defined risk structures.In hardware vulnerability detection,with the advancement of the design and manufacturing process,the difficulty,time and cost of vulnerability detection are gradually increasing,so suspicious vulnerabilities should be found in design as early as possible.Verilog hardware description language(HDL)is widely used in chip design,field programmable gate array(FPGA)based design,intellectual property(IP)core development and other fields.Therefore,the research on suspicious vulnerability detection method of Verilog code is of great significance.In order to improve the detection efficiency of suspicious vulnerabilities in Verilog code,this paper gives the definition of characteristic attribute graph of Verilog code based on the characteristics of Verilog code and the concept of directed graph in graph theory,and presents a detection technique of suspicious vulnerabilities based on characteristic attribute graph.This technique obtains data flow graph and control flow graph by parsing the abstract syntax tree(AST)of input Verilog code,obtains the branching probability of control flow graph by static analysis and calculation,and finally obtains the characteristic attribute graph by correlating the two graphs.Process the vulnerability code through the above methods to form the suspicious vulnerability characteristic attribute graph,and the suspicious vulnerability feature library is designed and implemented.Then,the pruning algorithm customized according to the feature attribute graph and subgraph isomorphism algorithm are used in suspicious vulnerabilities match process,and the specific location of the vulnerability code and graphical representation of the detection results are given.After the system function is achieved,the graphical interface is designed and implemented to facilitate the use and promotion of the system.Through the test of detection function,vulnerability management and error handling,it is proved that the detection system has good interaction design and stability.For a series of projects input and 21 vulnerabilities from Trust Hub,the vulnerability inserted in module form and code fragment were tested respectively.The results showed that none of them missed detection,the vulnerability location had high accuracy,the system had a good ability to distinguish the vulnerabilities with similar structure and the presented pruning algorithm can improve both matching speed and accuracy.The detection system presented in this paper is easy to use and maintain,which is conducive to promotion;The system can be used as an independent detection system or cooperate with other hardware vulnerability detection methods,such as adding the vulnerabilities obtained by other methods to the library,which is convenient for later detection and maintenance.In addition,the detection method presented in this paper has a certain reference significance for research on suspicious vulnerability detection of other hardware description languages.