Timely detection of Hardware Trojans (HTs) has become a major challenge for secure integrated circuits. We present a run-time methodology for HT detection that employs a multi-parameter statistical traffic modeling of the communication channel in a given System-on-Chip (SoC), named as SIMCom. The main idea is to model the communication using multiple side-channel information like the Hurst exponent, the standard deviation of the injection distribution, and the hop distribution jointly to accurately identify HT-based online anomalies (that affects the communication without affecting the protocols or control signals). At design time, our methodology employs a “property specification language” to define and embed assertions in the RTL, specifying the correct communication behavior of a given SoC. At run-time, it monitors the anomalies in the communication behavior by checking the execution patterns against these assertions. For illustration, we evaluate SIMCom for three SoCs, i.e., SoC1 (four single-core MC8051 and UART modules), SoC2 (four single-core MC8051, AES, ethernet, memctrl, BasicRSA, RS232 modules), and SoC3 (four single-core LEON3 connected with each other and AES, ethernet, memctrl, BasicRSA, RS23s modules microcontrollers). The experimental results show that with the combined analysis of multiple statistical parameters, SIMCom is able to detect all the benchmark Trojans (available on trust-hub) with less than 1% area and power overhead.

及时检测硬件木马（HT）已成为安全集成电路的主要挑战。我们提出了一种用于HT检测的运行时方法，该方法在给定的片上系统（SoC）（称为SIMCom）中采用了通信通道的多参数统计流量建模。主要思想是使用多个辅助信道信息（例如Hurst指数，注入分布的标准偏差和跳数分布）对通信进行建模，以准确识别基于HT的在线异常（在不影响协议或控制信号）。在设计时，我们的方法采用“属性规范语言”在RTL中定义和嵌入断言，从而指定给定SoC的正确通信行为。在运行时，它通过检查这些断言的执行模式来监视通信行为中的异常。为了说明起见，我们评估了SIMCom的三种SoC，即SoC1（四个单核MC8051和UART模块），SoC2（四个单核MC8051，AES，以太网，memctrl，BasicRSA，RS232模块）和SoC3（四个单核）。核心LEON3与AES，以太网，memctrl，BasicRSA，RS23s模块相互连接）。实验结果表明，通过对多个统计参数的组合分析，SIMCom能够以不到1％的面积和功耗开销检测所有基准木马（可在trust-hub上使用）。SoC2（四个单核MC8051，AES，以太网，memctrl，BasicRSA，RS232模块）和SoC3（四个单核LEON3相互连接，以及AES，以太网，memctrl，BasicRSA，RS23s模块微控制器）。实验结果表明，通过对多个统计参数的组合分析，SIMCom能够以不到1％的面积和功耗开销检测所有基准木马（在trust-hub上可用）。SoC2（四个单核MC8051，AES，以太网，memctrl，BasicRSA，RS232模块）和SoC3（四个单核LEON3相互连接，以及AES，以太网，memctrl，BasicRSA，RS23s模块微控制器）。实验结果表明，通过对多个统计参数的组合分析，SIMCom能够以不到1％的面积和功耗开销检测所有基准木马（在trust-hub上可用）。