OpenTitan Security Verification: An Information Flow Tracking (IFT) Approach

Security verification for hardware is literally foundational: hardware resides on technology’s ground floor, so attacks on it can impact every floor above it, including operating systems, applications, and communications. To examine technology’s hardware foundation, a group of researchers recently used simulation-based hardware information-flow tracking (IFT) for hardware secu­rity verification. IFT uses knowledge of design assets to define security requirements, objectives, and boundaries. The researchers used IFT—as embodied in Cycuity’s Radix—to run a security verification on OpenTitan, an open-source hardware root of trust (RoT). Their effort focused on a key component of OpenTitan security: its one-time programmable (OTP) memory controller. The OTP plays a pivotal role in OpenTitan’s security because it holds data for three key operations: Secure boot Lifecycle provisioning Attestation The researchers discuss this project in the IEEE Security & Privacy article, “Secu ... Read full article.