Evaluating security requirements in a general-purpose processor by combining assertion checkers with code coverage

The problem of malicious inclusions in hardware is an emerging threat, and detecting them is a difficult challenge. In this research, we enhance an existing method for creating assertion-based dynamic checkers, and demonstrate how behavioral security requirements can be derived from a processor´s architectural specification, then converted into security checkers that are part of the processor´s design. The novel contributions of this research are: - We demonstrate the method using a set of assertions, derived from the architectural specification, on a full-scale open-source general-purpose processor design, called OpenRISC. Previous work used only a single assertion on a toy processor design. - We demonstrate the use of our checker-generator tool, called psl2hdl, which was created for this research. - We illustrate how the method can be used in concert with code coverage techniques, to either detect malicious inclusions or greatly narrow the search for malicious inclusions that use rare-event triggers.