Towards Completeness: Security Coverage Metrics for System Level Information Flow

Abstract:
The increasing use of complex, feature-rich systems necessitates robust security measures. A single vulnerability can trigger far-reaching and disastrous outcomes, such as rendering various Intellectual Properties (IPs) unavailable and causing system malfunction. It is crucial to integrate security policies early in the design phase and to define specific Security Properties (SPs) regarding threat models. To tackle various threat models and pinpoint potential violations, we assess the SPs using Security Coverage Metrics (SCMs). This paper provides an overview of SCMs targeting availability threats and related weaknesses for system level information flow. To implement the SCMs, we show SiMiT; a tool that leverages Virtual Prototypes (VP) and uses Static and Dynamic Information Flow Tracking (IFT) techniques. We demonstrate the applicability of the SCMs on an open-source RISC-V VP to show how these metrics advance the concept of security-aware Completeness Driven Development (CDD) and secure System-on-Chip (SOC) designs. Finally, we discuss the future direction of SCMs.