attackdvi-AppearsinProceedingsofthe2011：attackdvi出现在诉讼中的2011.pdfVIP

Appears in Proceedings of the 2011 IEEE Symposium on Security Privacy Defeating UCI: Building Stealthy and Malicious Hardware Cynthia Sturton Matthew Hicks David Wagner Samuel T. King University of California, University of Illinois, University of California, University of Illinois, Berkeley Urbana-Champaign Berkeley Urbana-Champaign Abstract—In previous work Hicks et al. proposed a method called Unused Circuit Identification (UCI) for detecting ma- licious backdoors hidden in circuits at design time. The UCI algorithm essentially looks for portions of the circuit that go unused during design-time testing and flags them as potentially malicious. In this paper we construct circuits that have ma- licious behavior, but that would evade detection by the UCI algorithm and still pass design-time test cases. To enable our search for such circuits, we define one class of malicious circuits and perform a bounded exhaustive enumeration of all circuits in that class. Our approach is simple and straight forward, yet it proves to be effective at finding circuits that can thwart UCI. We use the results of our search to construct a practical attack on an open-source processor. Our malicious backdoor Figure 1. The UCI Algorithm. Suppose s carries the same value as t allows any user-level program running on the processor to enter for every test case executed during design-time testing. This means that the intervening logic could have been replaced by a single wire, without supervisor mode