News and Events
GOMAC is in session here in San Diego! Don’t forget, Graf Research is presenting:
Two posters on March 23 at 10:30am (P50-38 and P50-39).
A presentation of our paper residual risk on March 23 at 1:30pm (Session 38-5).
A booth during the ongoing Exhibits session where you can talk to our experts about how our tools can assist you in producing assured designs (Booth 713).
We look forward to seeing you there!
Come see our presentations, posters, and booth at GOMAC 2023! Click here for the full GOMAC 2023 program schedule.
Poster Session: The poster session is at 10:30am – 12:10pm, Thurs March 23. We hope to see you there!
Poster P50-38: “Generating Statistically Relevant Trojan Benchmarks for Microelectronics Quantifiable Assurance”
Poster P50-39: “Facilitating Assurance and Collaboration through Digital Threads in Microelectronics Experiments”
Presentation Session: We’re presenting our third paper in Session 38: Side-Channel Analysis, at 1:30 – 3:10pm, Thurs March 23.
Session 38-5: “Determining Residual Risk from Optimized Selection of Hardware Trojan Detection Strategies”
We will also be present in the ongoing Exhibits session at Booth 713 where you can talk to our experts about the software tools we offer, including Enverite design assurance solutions and our OpTrust service. We’ll be available at our booth all day on Tues March 21 and Wed March 22.
We’re presenting three papers at GOMAC 2023 in March – two posters and one presentation. Our papers discuss the quality of trojan benchmarks for microelectronics quantifiable assurance as well as a methodology for calculating the risk in hardware trojan detection strategies. We are also discussing our microelectronics lab experimentation platform, Benches, and how it can be used to capture digital threads of experiments. We will be demoing Benches at our booth, so definitely come check that out!
We’ll send out another update soon with information on our session numbers and dates. The team has put in significant effort, and we can’t wait for you to see it.
Poster
Generating Statistically Relevant Trojan Benchmarks for Microelectronics Quantifiable Assurance
Margaret Winslow, Whitney Bachelor, James Koiner, Kevin Paar, Scott Harper, Jonathan Graf
Abstract: Hardware trojan horse (HTH) detection metrics are used to quantify the value of trojan detection methods. These metrics, often in terms of probability of detection and probability of false alarm, can be used to help quantify the impact on design assurance when applying mitigations to a microelectronics circuit. A question arises, however, regarding how statistically sound the metric values must be to make reasonable trust and assurance decisions. Statistical relevance metrics have been used in many fields to justify confidence in claims, and benchmarks that can produce statistically relevant detection metrics are necessary to trust the quantification of microelectronics assurance. This work defines the requirements for generating statistically relevant detection metrics that are useful for quantifying microelectronics design assurance via testing with a strategically implemented circuit design benchmark set.
-----
Presentation
Determining Residual Risk from Optimized Selection of Hardware Trojan Detection Strategies
Zachary A. Collier, Whitney Batchelor, Margaret Winslow, Scott Harper, Jonathan Graf
Abstract: Game theory has been shown to have practical applications in the optimal selection of hardware trojan detection and prevention strategies for circuit design. Previous work has used quantitative metrics measuring performance and cost of a countermeasure to predict optimal defense strategy selections, while considering the goals and actions of an adversary. This was accomplished with a game theoretic model of the response of a defender and an attacker to possible design assurance strategy selections. To date, no concrete quantification of the changes in risk associated with the resulting design decisions has been presented. This work introduces a methodology for deriving and calculating the inherent risk, residual risk, and risk reduction that result from the game theoretic models of design decisions when evaluating hardware trojan detection and prevention strategies.
-----
Poster
Facilitating Assurance and Collaboration through Digital Threads in Microelectronics Experiments
Edward Carlisle IV, Scott Harper, Jonathan Graf
Abstract: Laboratory experimentation with circuits and systems can be a complex process. Exact repetition of processes such as radiation testing, second-party verification of conclusions drawn from side channel analysis, and preservation of experimental processes all require the full detail of an experiment to be captured when it is run. Capturing a digital thread of an experiment provides this capability but can be a complex process that is prone to human error if not fully automated. This paper presents an automated microelectronics lab experimentation platform called Benches. We describe how Benches automates the capture of the digital thread of a microelectronics experiment and how these digital threads facilitate assurance and collaboration.
This was the first in-person All-Company Event that Graf Research Corporation has hosted since 2019, and the fourth annual meeting overall. Several of our team members had never even met each other in person until now, and much of the team had never seen our Atlanta office. It was wonderful to get back in the rhythm of hosting this important annual meeting, and as usual everybody gave excellent presentations covering the company’s current research and products as well as ideas for our future business plan!
Outside of meeting hours, we ate a delicious dinner together at Wrecking Bar Brewpub, and some of us also went to the Georgia Aquarium and to Atlanta’s famous food hall, Ponce City Market. The fun and games were well-deserved!
After this all-company meeting, we’re all feeling energized and excited about continuing to transform our ideas into innovative research and products. That’s what makes these annual meetings so great—they get everybody’s minds together to focus on what we’re doing well and what new directions we can go in. Now we look forward to another great year of unleashing innovation at Graf Research Corporation!
We’re presenting two papers at the 2022 Anti-Tamper Conference in Laurel, Maryland.
-----
Anti-Tamper Implementation – An Irrefutable Logger in Microchip Polarfire Devices
Kevin Paar, Jonathan Graf, Scott Harper, Tim Dunham
Abstract: This paper discusses the implementation of a rich, irrefutable tamper logging solution for the Microchip Polarfire family of flash-based Field Programmable Gate Array (FPGA) ICs. Leveraging the unique capabilities of the Polarfire FPGA, the solution immediately journals incoming log entries into secure internal storage and later archives the log entries to an external non-volatile storage media. The solution utilizes rolling-key encryption, authentication, and chained hashing of the externally stored log entries to support verification and validation of log integrity. Implementing this system in Polarfire FPGAs requires a vastly different solution than similar logs implemented in Xilinx Kintex and Zynq UltraScale+ devices.
-----
Modernizing FPGA Design Assurance Software
Jonathan Graf, Scott Harper, Ali Asgar Sohanghpurwala, and Edward Carlisle IV
Abstract: We present five principles for modern FPGA design assurance tools: verification, auditing, quantification, automation, and interoperability. We claim these principles are mandatory for such tooling and explore three software tools in this context – DELV, Trace, and PV‐Bit. Our conclusion is that it is possible to create tools that follow the principles and that this approach quantifiably impacts FPGA design assurance.
Jonathan Graf will be giving a talk, “Synthesis Flow Integrity and Reproducibility via Trace,” to a meeting of USC, DoD, and DIB members of the FPGA community. The lecture will emphasize the importance and usefulness of our Trace product in EDA tools. Carlton Fraley, Steven Frederiksen, and Scott Harper have contributed to the lecture but will not be able to attend in person.
We’ve opened an office in Dayton, OH! This office is an important addition to the company because it puts us closer to our customers, including those at Wright-Patterson Airforce Base, making it easier for them to visit us for demos and meetings. Not only that, but we’re close to a number of great-looking restaurants as well as nature areas like Oakes Quarry Park and the Koogler Wetland/Prairie Reserve. We’re excited to get started here and to fill our desks with more smart people as we continue to grow!
The team has done it again! Last year we presented three papers at GOMAC, and this year, we’ll be presenting four! The whole team has put so much effort into this research, and we can’t wait to show off our achievements. GOMAC will be hosted in Miami, so the team hopes to thaw out a bit from winter in addition to giving great presentations on our latest work. Take a look below to learn more about what we’ll discuss. Come out and see us in our first in-person conference in 2 years!
-----
Modernizing FPGA Design Assurance Software
Jonathan Graf, Scott Harper, Ali Asgar Sohanghpurwala, Edward Carlisle IV
Abstract: This paper presents five key principles for modern FPGA design assurance tools: verification, auditing, quantification, automation, and interoperability. We claim these principals are mandatory for such tooling and explore three hardware design assurance software tools in this context – DELV, Trace, and PV-Bit. Our conclusion is that it is possible to create tools that follow the principles and that adherence to these principles quantifiably impacts design assurance.
-----
Advancing Strategy Selection for Hardware Trojan Detection with Subrational Behavior Models
Whitney Batchelor, Meg Winslow, Cody Crofford, Michael Blacconiere, Scott Harper, Jonathan Graf
Abstract: Game theory has been shown to have practical applications in the optimization of hardware Trojan detection and prevention strategy selection in circuit design. In previous work, metrics measuring the performance and cost of a countermeasure when considering the action of an adversary given their goals are quantified to predict optimal defense strategy selections. Those models assume an encounter between two rational players and build upon a security economic approach in the context of empirically derived countermeasure efficacy metrics. That is, both offensive and defensive players act in a rational manner, choosing the action resulting in their greatest financial gain (or lowest loss) when considering the likely action of their opponent. The assumption of rational players allows for a baseline analysis when optimizing detection strategy selection but does not consider human behaviors that may drive a sub-optimal decision. These behaviors may result from having risk adverse/seeking players, carrying bias towards certain methods, understanding the results from prior attacks and defensive mechanisms, and/or additional motivations. In this paper, we extend the rational game theoretic model previously evaluated in the quantitative assurance space with the concept of subrationality; that is, when the players have the option of making an informed but less optimal choice due to some definable bias. This work introduces three subrational models that simulate risk adverse and risk seeking players, knowledge of prior play, and random error with application to the previously developed models pertaining to the optimal selection of hardware Trojan detection strategies.
-----
Trace: Towards a Traceable Microelectronics Implementation Flow
Ali Asgar Sohanghpurwala, Carlton Fraley, Jonathan Graf, Scott Harper
Abstract: Microelectronics design processes often include implementation flows that perform incremental steps to convert human-readable source code or schematics into a binary executable or hardware circuit that can be deployed on the desired Microprocessor, FPGA, PCB, or ASIC technology. Available tools help users partially verify the output of these implementation flows, but a gap exists in assuring and preserving the integrity of those output products along with the source code and implementation settings that were used to produce them. Ideally, a security auditor should be able to prove or disprove the trustworthiness of specific design implementations deployed in the face of an advanced adversary. What is proposed here is progression towards a fully traceable and reproducible implementation flow that uses proven cryptographic principles to enable a tamper-resistant audit trail for Microelectronic design implementation along with companion tools for auditing and precisely reproducing the implementation process.
-----
Automated Analysis of a Thermally Triggered FPGA Hardware Trojan
Edward Carlisle IV, Scott Harper, James Koiner, Kevin Paar, Michael Capone, and Jonathan Graf
Abstract: This paper presents a remote hardware-in-the-loop Hardware Trojan Horse (HTH) analysis approach that automates the process of examining HTH effects and characterizing detection/mitigation effectiveness. We frame the discussion around a novel HTH that is triggered by variations in temperature and is implemented in the fabric of a Field Programmable Gate Array device. We demonstrate the characterization and activation of the HTH using a fully automated web-based lab bench platform.
With the covid-19 pandemic, Graf Research Corporation was regrettably unable to host its annual All-Company Event in 2020. However, this year we were thrilled to bring it back! In order to take precautions, the event went virtual this time around, so things were a little different. Despite this, we still had another excellent set of presentations from everyone at the company covering topics such as our current research and technologies as well as company culture, history, and values. These presentations are essential to getting everyone on the same page and familiarized with one another’s work.
The company event was split this year between the 20th and the 27th, and we held a casual evening gathering after each day. The Blacksburg folks hung out at Eastern Divide and Rising Silo Brewery, and the Atlanta people chatted over beers and roasted cauliflower at Wild Heaven and Best End Brewing Company.
Despite the fact that we couldn’t be together entirely in person, we’re pumped about all the new ideas and research the team is producing. Every team member plays a valuable part in the company, and we’re excited for what we’ve got planned this coming year.
We’re presenting three papers at GOMAC next week! It’s the most papers the company has ever had accepted to the conference in a single year—well done, team! In these papers, we are publicly announcing two new technologies for the first time and updating a third, presented by Dr. Edward Carlisle IV and Dr. Ali Asgar Sohanghpurwala. Be sure to check them out! They are:
1. "DELV: Datasheet/English to Logic Verification" (Session 3, Tuesday March 30)
2. "IP Integrity Flow: Ensuring IP Integrity in FPGA Synthesis" (Session 27, Thursday April 1)
3. "GameRunner: Automating Analysis and Optimization of Microelectronics Trust with Game Theory" (Session 38, Thursday April 1)
To learn more about them, take a look at the abstracts below!
-----
GameRunner: Automating Analysis and Optimization of Microelectronics Trust with Game Theory
Edward Carlisle IV, Jonathan Graf, Whitney Batchelor, Scott Harper
Abstract: This work presents GameRunner, a software tool to automate the process of recommending and applying an optimal hardware trojan horse detection strategy using our game theoretic analysis framework, OpTrust. GameRunner takes as inputs economic incentives and empirically derived test data and outputs optimal strategies for applying trojan detection methods. These strategies, or prescriptions, can be applied to a Jenkins workflow to automate the process of applying an optimal trojan detection method during a microelectronics design process. GameRunner also provides visualizations to aid in the analysis of the impact of input variables on game results. The architecture of the software tool is discussed along with examples of the novel analysis techniques and insights it enables.
-----
IP Integrity Flow: Ensuring IP Integrity in FPGA Synthesis
Ali Asgar Sohanghpurwala, Carlton Fraley, Scott Harper, Jonathan Graf, Alan Cook, Tim Dunham
Abstract: This work introduces the IP Integrity Flow (IIF), a solution that integrates with existing commercial EDA flows to provide a mechanism for auditing and verifying the integrity of IP that is included in an FPGA design throughout the synthesis flow and into deployment. The IIF approach was broken into three development objectives. The first objective was to define an IP isolation flow based on existing vendor tool functionality. The second objective was to develop a signature and authentication process where design artifacts are cryptographically signed at all stages of the implementation flow in a manner that enables both IP verification, tamper-resistant record keeping, and audit functionality based on cryptographically secure signatures. The third objective was to develop verification mechanisms that can determine whether specific isolated and authenticated IP is present in the final configuration bitstream. The approach described below accomplishes these objectives in a way that permits use of the signed artifacts throughout the entire synthesis flow – from HDL to bitstream, as well as into design deployment. A set of software tools was developed to augment the Xilinx implementation flow with secure signature, authentication, IP validation, and auditing capabilities. The objectives and architecture of the software are discussed here along with the secure, auditable workflows enabled by the IIF.
-----
DELV: Datasheet/English to Logic Verification
Edward Carlisle IV, James Koiner, Steven Frederiksen, Jonathan Graf, Scott Harper, John Aromando, Michael Hsiao
Abstract: This work presents the Datasheet/English to Logic Verification (DELV) tool, software that automates the process of generating verifiable statements from a design specification and performing logic verification. Our prototype extracts the contents of a PDF datasheet and formats them for consumption by our custom natural language engine. The DELV language engine then produces an intermediate representation for properties and actions defined in the datasheet. These properties are converted to SystemVerilog Assertions and evaluated against the design implementation. Our approach applies novel forms of normalization and leverages an extensible commonsense knowledge base of semantic mappings to support the wide range of complex natural language commonly found in datasheets.
We have received a patent on PV-Bit, our unique method of assessing the trustworthiness of FPGA bitstream contents, ensuring they are free from hardware Trojans or unwanted modifications.
Originally, we published a description of this method at GOMAC back in 2017. Since then, we realized we could take the verification method we presented there and patent it. Jonathan Graf, Scott Harper, and Ali Asgar Sohanghpurwala all contributed to the writing of the patent. Great work to all our people who put in the knowledge, effort, and time that made this patent possible!
——-
Private Verification for FPGA Bitstreams
US Patent No US 10,902,132 B2
Jonathan Graf, Ali Asgar Sohanghpurwala, Scott Harper
Abstract: An apparatus, method and system are disclosed which may be used for assessing the trustworthiness of a particular proprietary microelectronics device design representation in a manner that will maintain its confidentiality and, among other things, thwart attempts at unauthorized access, misappropriation and reverse engineering of the confidential proprietary aspects contained in the design representation and/or its bit stream design implementation format. The disclosed method includes performing a process for assessing/verifying a particular microelectronics device design representation and then providing some indication of the trustworthiness of that representation. An example utility/tool which implements the disclosed method is described that is particularly useful for trust assessment and verification of FPGA designs. The described utility/tool may be instantiated on a semiconductor device or implemented as a software utility executable on a mobile computing device or other information processing system, apparatus or network.
——-
You can take a look at our patent at this link.
A diagram from our PV-Bit patent.
Jonathan Graf will be a virtual presentation to the 2020 DARPA Electronics Resurgence Initiative Conference. His talk will cover “Quantitative Assurance and OpTrust.”
This Christmas, Graf Research Corporation celebrates the gift of having a new paper published in the Journal of Hardware and Systems Security! The paper is entitled “A practical application of game theory to optimize selection of hardware Trojan detection strategies.” Paper contributors included Jonathan Graf, Whitney Batchelor, Scott Harper, Ryan Marlow, Ed Carlisle, and Peter Athanas. The paper will appear in the journal next week, so be on the lookout for it!
And of course, Happy Holidays and Happy New Year to all!
-----
A practical application of game theory to optimize selection of hardware Trojan detection strategies
Jonathan Graf, Whitney Batchelor, Scott Harper, Ryan Marlow, Edward Carlisle IV, and Peter Athanas
Abstract: A wide variety of Hardware Trojan countermeasures have been developed, but less work has been done to determine which are optimal for any given design. To address this, we consider not only metrics related to the performance of the countermeasure, but also the likely action of an adversary given their goals. Trojans are inserted by an adversary to accomplish an end, so these goals must be considered and quantified in order to predict these actions. The model presented here builds upon a security economic approach that models the adversary and defender motives and goals in the context of empirically derived countermeasure efficacy metrics. The approach supports formation of a two-player strategic game to determine optimal strategy selection for both adversary and defender. A game may be played in a variety of contexts, including consideration of the entire design lifecycle or only a step in product development. As a demonstration of the practicality of this approach, we present an experiment that derives efficacy metrics from a set of countermeasures (defender strategies) when tested against a taxonomy of Trojans (adversary strategies). We further present a software framework, GameRunner, that automates not only the solution to the game but also mathematical and graphical exploration of “what if” scenarios in the context of the game. GameRunner can also issue “prescriptions,” a set of commands that allows the defender to automate the application of the optimal defender strategy to their circuit of concern. Finally, we include a discussion of ongoing work to include additional software tools, a more advanced experimental framework, and the application of irrationality models to account for players who make subrational decisions.
Centennial Tower, seen right behind the SkyView Atlanta Ferris wheel!
We’ve moved our new Atlanta office to the beautiful 101 Marietta St building! We’re very excited to have a facility in one of downtown Atlanta’s famous landmarks. We’ve got a great view of the Ferris wheel, Centennial Park, and the Georgia Tech campus, and we’re happy about having more space at the office.
View from the parking garage at night.
In keeping with tradition, we’ve hosted our second annual all-company event, this time at Mountain Lake Resort in Pembroke, Virginia. Too bad it was so foggy when we got there! But no worries—as before, everyone gave presentations covering the company’s current research and potential new directions, and we heard a lot of ideas for services and products the company could offer its customers. Great job, team! In the evening, we had a chance to converse more casually at Harvest Porch and had fun chatting and playing games.
We consider our all-company events to be vital to the company’s success. They generate new ideas, give the team a chance to get to know each other, and get everyone excited for the company’s future. We look forward to following up all these great ideas in the coming weeks to start work towards transforming them into a reality.
Graf Research Corporation will be returning to GOMAC, this time in Albuquerque, New Mexico. In addition to marveling at the ridges of the Sandia mountains and the wine-colored sunsets of New Mexico, we’ll be presenting our paper, “Introducing a Trust Metric Foundation and Deriving Trust-for-Buck.” Paper contributors include Scott Harper, Jonathan Graf, Whitney Batchelor, Tim Dunham, and Peter Athanas. If you’re going to GOMAC, come out and say hello to us!
-----
Hardware Trojan Detection using Xilinx Vivado
Scott Harper, Jonathan Graf, Whitney Batchelor, Tim Dunham, Peter Athanas
Abstract: This study defines a flexible quantitative metric for measuring trust-related aspects across a broad range of domains and a means of using that foundation to derive domain-specific measurements. A Trust Basis Metric is described here along with examples that build on its foundation to measure assurances and identify cost-effective trust-enhancing investments. Our primary motivation in performing this study was to quantitatively determine the best increase in trust per dollar (Trust-for-Buck) when investing in current device manufacture and distribution flows for microelectronic components.
Graf Research Corporation has hosted its first annual all-company event. What a blast! As part of the event, everyone in the company got together to present ideas on leadership, company culture, business growth, research and development, and much more—they did a great job, too! After the presentations, the company hosted a tailgate for the team and their families that included cornhole, foosball, and shuffleboard, with catering from Due South BBQ. Later in the evening, we attended the Georgia Tech vs. Virginia Tech football game (as VT fans, we won’t discuss the outcome…).
Collaboration has always been of paramount importance at Graf Research, and we hope that this event continues to foster camaraderie among the company’s team members. A lot of great ideas are churning, and we’re excited for the new directions the company is headed in.
Warm congratulations to our very own Ali Asgar Sohanghpurwala, who has completed his PhD in Computer Engineering at Virginia Tech! His thesis was on “Exploits in Concurrency for Boolean Satisfiability” and presents an incredible new approach to parallel SAT solving. He has now transitioned out of his part-time role to become a full-time Senior Research Engineer with Graf Research at our new Atlanta, Georgia office!
100% of Graf Research engineers either hold or are in the process of completing advanced engineering degrees. Ali sets a good example to those in-process that finishing while working is possible!
Today we opened our long-planned Atlanta office! This places us near the campus of Georgia Tech, ranked among the best universities in the world and one of our longest-running research partners. Atlanta is also one of the best big cities in the US and a top-5 upcoming US tech mecca. Very excited to open the office and give our first two Atlanta employees a place to work together!
Graf Research Office is on Peachtree St in Atlanta
Graf Research Corporation will head to the IEEE National Aerospace and Electronics Conference in Fairborn, OH, to present our paper “Hardware Trojan Detection using Xilinx Vivado.” Paper contributors include Ryan Marlow, Scott Harper, Whitney Batchelor, and Jon Graf. Ryan Marlow will be the presenter.
-----
Hardware Trojan Detection using Xilinx Vivado
Ryan Marlow, Scott Harper, Whitney Batchelor, Jonathan Graf
Abstract: Modern commercial EDA tools provide end users with a framework for application specific customizations through a general-purpose programming language interface to an underlying circuit object model. Xilinx Vivado exposes that information through Tcl. This work demonstrates an implementation of a static hardware detection algorithm utilizing this interface of Vivado.
