

# Execution Trace Mining for SoC Validation for Safe and Secure IoT Edge Node Design

2<sup>nd</sup> IFIP International IoT Conference Tampa, Florida, USA October 31<sup>st</sup> – November 1<sup>st</sup>, 2019

## Md Rubel Ahmed, Yuting Cao, Hao Zheng; University of South Florida

#### Introduction

SoC is the hardware foundation for IoT edge nodes. Ensuring security properties such as confidentiality and integrity is crucial for the trustworthiness of IoT devices. However, due to the high complexity of the global supply chain, ensuring the trustworthiness of diverse third party suppliers becomes very much challenging. Thorough validation of SoC foundation is critical to guarantee the safety and security of those IoT edge nodes. Comprehensive and well-defined specifications are necessary to perform rigorous and thorough validation of SoC designs. However, in reality, such specifications are hardly available, often incomplete and ambiguous[1]-[7]. In this work, we aim to address such a challenge by proposing a sequential pattern mining framework to automatically extract message flow specifications.

### 3. 4.

1.

2.

- Set of events
- □ Strong temporal dependency
- □ In constant environment, each execution holds the rules

Proposed algorithm works on execution traces captured by monitoring the messages among the IPs of an SoC

# Background

An SoC is a combination of reactive components, called IPs that work together to complete a set of intended tasks.



Fig. 1: An SoC prototype with different IPs

We can view a task as a message flow specification, for example, CPU downstream write.



We utilize association rule mining technique to mine sequential patterns from the execution traces. We also apply domain specific heuristic to reduce the huge search space of association rules.

trace.

Chain Patterns: We apply 3 inference rules two chain shorter patterns to form complex patterns. The iteration between mining and chaining keeps going until all the valid rules are found upto a user defined length I.



#### **Problems Addressed**

- Post-silicon validation
- Specification mining
- False positive specification
- Specification mining time
- We characterize the patterns to be mined as:



Fig. 3: Cost of Silicon validation getting worse (source: intel)



Fig. 4: Post-silicon trace mining

#### Mining Framework Flowchart

**Mine Patterns**: Using 100% confidence and recall to mine assertions that hold over all traces. The reason to mining assertion is to find out flows implemented by the IoT hardware core, which are invariant over different



Fig. 5: Mining framework

<u>Challenges</u>

□ High number of false positive patterns

- □ High concurrency yields poor correlation



Fig. 5: Possible branch in flows





| Pattern Length                                                                                                            | Total Search Space                                                                                                    | Mined Patter                                                              |
|---------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------|
| 2                                                                                                                         | 1806                                                                                                                  | 182                                                                       |
| 3                                                                                                                         | 74046                                                                                                                 | 115                                                                       |
| 4                                                                                                                         | 2961840                                                                                                               | 290                                                                       |
| 5                                                                                                                         | 115511760                                                                                                             | 495                                                                       |
| 6                                                                                                                         | 4.38944E+9                                                                                                            | 969                                                                       |
| 7                                                                                                                         | 1.62409E+11                                                                                                           | 1538                                                                      |
| 8                                                                                                                         | 5.84674E+12                                                                                                           | 3341                                                                      |
| Tab. 1: Result a                                                                                                          | analysis from 57 distinct me                                                                                          | ssage of an SoC                                                           |
|                                                                                                                           | Conclusion                                                                                                            |                                                                           |
| trustworthiness. Propo<br>making the task of eda<br>dealing with branchir<br>execution flows to be<br>and recall measure. | sed framework will p<br>ge node verification ea<br>ng problems that ma<br>missing due to high st                      | lay an importar<br>asier. We are cu<br>ay cause some<br>trictness in conf |
| trustworthiness. Propo<br>making the task of eda<br>dealing with branchir<br>execution flows to be<br>and recall measure. | sed framework will p<br>ge node verification ea<br>ng problems that ma<br>missing due to high st<br><b>References</b> | lay an importar<br>asier. We are cu<br>ay cause some<br>trictness in conf |