Explore hardware security vulnerabilities and innovative tools for detecting exploitable bugs in this 20-minute conference talk from USENIX Enigma 2019. Delve into Cynthia Sturton's research at the University of North Carolina at Chapel Hill, focusing on two groundbreaking tools: a security specification miner and Coppelia, a symbolic execution engine. Learn how these tools identify security-critical properties and generate complete exploits for hardware designs. Discover the application of these techniques to find new bugs in open-source RISC-V and OR1k CPU architectures. Gain insights into software and hardware security, the process of classifying exploitable bugs, writing security properties, and the advantages of symbolic execution and backward search in bug detection.
Hardware Is the New Software - Finding Exploitable Bugs in Hardware Designs
USENIX Enigma Conference via YouTube
Overview
Syllabus
Intro
Software Security
Hardware Security
Classifying Exploitable Bugs
Writing Security Properties
Comparison to State of the Art
Symbolic Execution
Backward Search
Making it Work
Finding Bugs (ground truth: 31)
Finding New Bugs
Going Forward
Taught by
USENIX Enigma Conference
