SPECIAL SECTION ON ADVANCED DATA ANALYTICS FOR LARGE-SCALE COMPLEX DATA

ENVIRONMENTS

Received August 30, 2017, accepted November 15, 2017, date of publication December 7, 2017,
date of current version February 14, 2018.

Digital Object Identifier 10.1109/ACCESS.2017.2780254

Towards Quantified Data Analysis of Information

Flow Tracking for Secure System Design
YU TAI , WEI HU, DEJUN MU, BAOLEI MAO, AND LU ZHANG

School of Automation, Northwestern Polytechnical University, Xi'an 710072, China

Corresponding author: Wei Hu (weihu@nwpu.edu.cn)

This work was supported in part by the Natural Science Foundation of China under Grant 61672433 and Grant 61303224, in part
by the Fundamental Research Fund for the Central Universities, China, under Grant 3102017OQD094, in part by the
Fundamental Research Fund for Shenzhen Science and Technology Innovation Committee under Grant 201703063000517, and
in part by the National Cryptography Development Fund under Grant MMJJ20170210.

ABSTRACT ​Computing hardware has become an attractive attack surface due to the
globalization of ​semi-conductor design and supply chain, and the wide integration of third-party
intellectual property cores. Recently, gate-level information ow tracking (GLIFT) has been
proposed to monitor the ow of information in secure hardware design by associating data
objects with sensitivity labels and tracking the ow of labeled data. GLIFT can be used to model
and verify security-related properties, such as con dentiality and integrity. However, existing
work in this realm only considers binary labels. These are inadequate for understanding
simultaneous information ow behaviors and the root source information ows. In this paper, we
propose a precise multi-bit GLIFT method to perform simultaneous multi-bit ow tracking for
understanding exactly which bits are affecting a data object at the same time. The proposed
method provides more detailed insights into simultaneous information ow behaviors and thus
allows proof of quantitative information ow data properties. We compare the complexity and veri
cation performance for different information ow models using primitive gates, IWLS benchmarks,
several cryptographic cores, and trust-HUB benchmarks. Experimental results have
demonstrated that our method can reason about multi-bit information ow behaviors and identify
potential security aws.

INDEX TERMS ​Hardware security, information ow security, information ow tracking, security

veri cation, multi- ow.

security since it is impossible to fully cover the design state

I. INTRODUCTION
With the consistent increase in the complexity of hardware
designs, globalization of hardware supply chain and wide
application of third party intellectual property (IP) cores, the
traditional system design ow can no longer guarantee design
space in testing and veri cation. As a result, design aws and
security vulnerabilities are inevitable. It is widely accepted that
function veri cation using traditional hardware design tools only
provides limited support for detecting security vulnerabilities.
For example, an implementation aw in the Qualcomm
TrustZone is used to break Android's full disk encryption design
feature [1]. Recent researches revealed that the estimated
possibility of design code aws and data security vulnerabilities
in computing secure system are more than designers might
previously have thought [2] [4].
As a possible solution, information ow tracking (IFT) has
been proposed to detect security vulnerabilities that can cause
violation of information ow security policies. It can be used
to specify and verify important security properties related to
the ow of information. IFT associates each data object with
a label and monitors the ow of labeled information through
the entire system and detects security vulnerabilities by
capturing harmful ow of information. IFT provides an
effective approach for enforcing information ow data
anal-ysis at various levels of the system stack, including
compiler/ programming language, operating system,
instruction set architecture and design bottom level. Among
existing IFT methods, gate level information ow tracking
(GLIFT) uses ne granularity labels and propagation policies.
It precisely measures information ows through Boolean
gates [5] and models all logical ows in a uni ed manner,
enabling the veri cation of important security properties
related to con - dentiality, integrity, and timing channel. Hu
et al established the fundamental theories and presented
complexity analysis of GLIFT [6], [7].

2169-3536 2017 IEEE. Translations and content mining are permitted for academic research only.

1822 Personal use is also permitted, but republication/redistribution requires IEEE permission. VOLUME 6, 2018

See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

  Tai ​et al.:​ Toward Quantified Data Analysis of IFT for Secure System Design
Y.

established to associate each data with a label for

All of the existing IFT methods tend to take a quantita-tive
approach and provide a binary answer for information ow
security properties. Giving a binary answer means that
these IFT techniques are capable of indicating existence of
information ows while failing to quantify the amount of
information owed. At the hardware level, the quantitative
approach is implemented using a single bit label for each
moni-toring how information and its label ows throughout the
system [12] [14]. IFT provides an effective approach for
preventing unintended interaction between different
compo-nents in a system. It is useful for deploying
information ow security and enforcing its security properties
at various levels of the entire system, including
compiler/programming
VOLUME 6, 2018

data bit. Such tracking at the gate level allows for de nition
of ne grained label propagation rules which can account for
multiple forms of ows including explicit, implicit and timing
ows [6], [8], [9]. However, the complexity of digital circuits
calls for study of more convoluted security properties such
as quanti ed metrics and comparative analysis. For
example, existing IFT methods can easily detect ow of the
secret key to the cipher text in a cryptographic algorithm,
while neither of them can quantify such information or detect
whether the key is maliciously leaked to the cipher.

In this work, we discuss how GLIFT technique can be

enhanced to simultaneously track multiple ows of
infor-mation by de ning multi-bit security labels and
designing novel label propagation rules. We show how
the multi- ow GLIFT technique can be used to analyze a
wider range of security properties and can be leveraged
to qualify the ow of information in hardware cores. Speci
cally, this paper makes the following contributions:

Proposing a precise multi- ow tracking method to prop-agate

labels for gate level information ow tracking;
Applying this multi- ow GLIFT method to implement
information ow security veri cation and proof
quanti-tative security properties of information ow;

Presenting comparative analysis to evaluate complexity using

IWLS benchmarks and prove security properties using
several RSA cores and trust-HUB benchmarks.

The remainder of the paper is organized as follows.

We brie y review related work in Section ​II. ​Section ​III
provides the concepts of two-level, multi-level and multi-
ow IFT. In Section ​IV, ​we propose a method for multi- ow
tracking and discuss the details of multi- ow security veri
cation. In Section ​V, ​we verify multi- ow properties using
a design example. Section ​VI ​presents experimental
results in terms of model complexity and security veri
cation. We conclude the paper in Section ​VII.

II. RELATED WORK

Information ow tracking (IFT) has been proved to be

effective in detecting security vulnerabilities and prevent-ing
attacks through side channels. IFT is a frequently used
method to analyze the security of a system [10], [11] and
detect information ows at the end-to-end level, which is
 work, we enhance GLIFT to track multiple ows
simultaneously by de ning multi- ow security labels and
enable analyzing a wider range of security properties.
language [15], operating system [16], [17], instruction set
architecture [18] and hardware level [18], [19]. However, the 1823
coarse-grained design rules are generally used in these
previous IFT methods, which lead to higher design
com-plexity [11], [20], the huge number of additional
overhead [16], [19] or overly conservative propagation
policies [21], [22]. IFT has been widely deployed to identify
security properties at hardware level. A novel technique is
that hard-ware IFT is proposed for hardware Trojan
detection through proof of security properties. [23]. Another
RTL certi cation method can precisely account for the ow of
sensitive infor-mation through both steady or transient
states [24]. It has shown in previous work that hardware IFT
can be used to separate timing and functional ows between
IP blocks in SoC systems [25], identify and eliminate timing
channels in I2C and USB [8], guarantee information ow
security in embedded systems [26], craft veri ably
information ow secure architectures [27], investigate
security violations due to timing side channels [9], and
detect the hardware Trojans through violating the
information ow security properties related to con dentiality
and integrity [23].

GLIFT uses ne granularity labels in propagation policies,

which has been proposed to precisely measure how
infor-mation ows through Boolean gates at hardware level
[5]. It captures and monitors all logical ows in a uni ed
man-ner that enables the veri cation of some properties
related to con dentiality, integrity, logical side channels and
some security properties related to information ow logic. In
addi-tion, the fundamental theories and the complexity
analysis of GLIFT are proposed respectively [6], [7]. Further,
The theoretical expansion of GLIFT provides a general
method to expand the GLIFT for multilevel security lattices
based on common two-level security labels [28], [29].
Furthermore, the security lattices model, rst proposed for
describing infor-mation ow channel and policy by Denning
[10], [12], can be modeled as a nite security lattice and
security classes indicating different security levels of data
objects. Recent work investigates the tradeoffs of logic
synthesis on preci-sion and complexity of GLIFT that can be
used to generate further simpli ed logic and reduce securicy
logic complexity for imprecise GLIFT models with selectively
introducing false positives [30]. Speci cally, register transfer
level IFT (RTLIFT) is proposed to implement high level IFT
using hardware description language (e.g., RTLIFT) [31].

Previous work focuses on binary security label (one-bit

label) tracking models for GLIFT, which proves binary
secu-rity properties and can not satisfy information ow
track-ing for modern high-performance architectures. A
binary decision is made regarding the ow of information
between various design points, which in turn restricts the
capabilities of these methods. Thus, it need to monitor
information ow using multi- ow model through multi- ow
label due to its multiple inputs simultaneously. In this
  Tai ​et al.:​ Toward Quantified Data Analysis of IFT for Secure System Design
Y.

cannot tell that the high intermediate result will leak

information while the nal high ciphertext is safe to
declassify. This is because GLIFT only indicates there is a
III. BACKGROUND AND MOTIVATION ow from the key or none. However, it does not tell how
many key bits are owing simultaneously to a speci c
In this section, we cover the ideas behind two-level and
ciphertext bit.
multi-level hardware IFT and their draw backs in modeling
multi- ow behaviors. We discuss the preliminary work in this 1824
section to enable a better understanding of our research.
We focus on various background literature including the
security lattices model, two-level IFT and multi-level IFT.

A. SECURITY LATTICES MODEL

The lattice model [12] was proposed by Denning for

describ-ing information ow policy. An information ow
policy can be modeled as a nite security lattice L D {SC,
v}, where SC is the set of security classes indicating
different security levels of data objects and v de nes the
partial order on these security classes. De ned function
L: x ! SC to represent safety data object x belongs to the
security class. The arrow indicates the direction of
information ows that re ect secu-rity policy and the partial
order de ned by the security lattice. The symbols in the
lattice represent security classes, such as SC D {Low,
High} for two-level security lattices or SC D {Unclassi ed,
Secret, Top Secret} for three-level security lattices.

B. THE GLIFT METHOD

GLIFT provides a model for understanding how data

propa-gates through a hardware design [5]. Each data bit is
assigned a label to characterize its security level (such as
con dential or unclassi ed). It adopts ne-grained labels to
implement strict and precise information ow analysis, this
label is propagated through the system under pre-de ned
policies to prevent unintended information ows. Each binary
bit is associated with a tag called taint (or taint label). When
the data is involved in computing in the system, the taint
label will be propagated through the system, too. The
information included in the data is regarded as tainted when
its taint is logic true and untainted when its taint is logic
false. Taint is propagated from the input to the output of the
hardware design if and only if the value of any tainted input
has an in uence on the output.

The original GLIFT method targets a two-level security

lattice low v high, stating that high information is never
allowed to ow to a low portion. Consider an AES example.
To analyze the security of the key, GLIFT usually labels the
entire key or individual key bits as high. The message needs
to be marked as low since the lattice only has two security
classi cations. After performing the ​key xor message
oper-ation, the intermediate encryption result and the
temporary ciphertext will become high due to a ow from the
key. When the entire encryption is complete, the nal
ciphertext will also be high. However, the GLIFT method
 Then, a two-level information ow model will be used to
understand the ow of ​HIGH information. Consider a
two-input AND (AND-2) gate and let input ​A​ be LOW while
An essential step for tracking multiple information ows
is to associate different data with labels of different VOLUME 6, 2018

security levels. Such extended GLIFT method targets

more general security lattices [12] to enable a ner classi
cation of security labels. This will allow understanding the
ow of information among hardware components of
different security levels (e.g., unclassified ethernet,
confidential cryptographic core, and secret boot ROM).
Still consider the AES core. Using a three-level security
lattice unclassified v confidential v secret, we can now
mark the key as secret, the message as confidential and
control inputs as unclassified. After performing the ​key
xor message o ​ peration, the temporary ciphertext will
become secret since it dominates the security label of
the message. A multi-level GLIFT model still cannot
provide answers to questions such as how many key bits
are owing to a ciphertext bit and are the message bits
owing simulta-neously to that bit?

To detect the security aw in the AES core using the

GLIFT method, we need to mark a single key bit each time
in order to determine that the marked key bit only ows to the
corresponding bit in the temporary ciphertext. This requires
running multiple analysis, which can cause overheads in
veri cation performance. Employing a multi-level GLIFT
method will enable tracking more information ows at the
same time. However, a security lattice with a large number
of security classes is required to understand the ow of each
individual key bit. This will soon become intractable due to
the exponential increase in complexity of multi-level GLIFT
model as the security lattice grows more complicated.

C. TWO-LEVEL INFORMATION FLOW TRACKING

Traditional information ow models target a conservative

security format. Under such model, all signals in the
com-puting design will ow to the higher security class. Let
LOW and HIGH denote two security classes respectively.
Consider a two-input AND (AND-2) gate and let input ​A be
LOW while input ​B be HIGH. A partial conservative
information ow model for AND-2 can be shown in Table ​1.

TABLE 1. ​A partial conservative information flow model for AND-2.

Binary security properties can be veri ed on a two-level

information ow model. The information ow security prop-erty
enforced by the corresponding security lattice states that
HIGH i​ nformation should never ow to a LOW p ​ ortion.
Two-level information ow models target a two-level security
lattice LOW v HIGH. Under such a lattice, all signals in the
hardware design will be classi ed as either LOW or HIGH.
  Tai ​et al.:​ Toward Quantified Data Analysis of IFT for Secure System Design
Y.

of a higher security level cannot ow to the output when an

input of lower security level dominates the output. The
difference is that the model allows a ner classi-cation of
input ​B be HIGH. The information ow model should security labels, which is desirable when reasoning about the
pre-cisely track when the HIGH information in ​B could security between multiple parties.
ow to the output ​O​. Table ​2 ​illustrates such a model.
For the two-level and multi-level information ow models,
According to the notion of information ow, the HIGH the output can only take one security label at any time.
information in ​B ows to ​O if and only if B has an effect on
the output. In two-level IFT, each binary data bit is
associated with a label to indicate its security level, e.g.,
trusted/untrusted, con dential/unclassi ed or low/high.
Two-level IFT provides a more precise approach that the
output in uenced by data actually is bounded to the most
restrictive security label. Consider the partial truth table in
Table 2, where ​A is LOW while ​B is HIGH. In the rst row,
both ​A and ​B have an in uence at (or dominate) the output,
thus the output should be set to LOW since LOW is a more
restrictive label. In the second and third rows, ​A (or ​B​)
determines the output, the output should take the security
label of ​A (or ​B)​ . In the fourth row, neither ​A nor ​B
dominates the output. In this case, the output should be
labeled as HIGH since a change in the HIGH input ​B could
lead to a change in the output. When considering a full truth
table, we can derive the GLIFT logic for AND-2.

TABLE 2. ​A partial two-level information flow model for AND-2.

D. MULTI-LEVEL INFORMATION FLOW TRACKING

Multi-level information ow models target more general

security lattices [12]. This will allow understanding of
infor-mation ow among hardware components of different
secu-rity levels (e.g., boot rom, cryptographic core, and
display port). Consider a three-input AND gate (AND-3)
process-ing information classi ed using a three-level
linear secu-rity lattice Unclassified v Secret v Top Secret.
Let input ​A be Unclassified, ​B be Secret and ​C be Top
Secret. The information ow model should precisely track
when Secret or Top Secret information ows to the output
O.​ Table ​3 ​gives such a model.

Consider the partial truth table in Table 3, let input ​A be

Unclassified, ​B be Secret and ​C be Top Secret respectively
in the three-level lattice. In the rst row, all ​A​, ​B and ​C have
an in uence at the output, thus the output should be set to
Unclassified. In the fth and sixth rows, both ​B ​and C
determine the output, the output should be set to S ​ ecret
since Secret is a more restrictive label. Similarly, information

TABLE 3. ​A partial multi-level information flow model for AND-3.
They can be used to determine if there is a ow. However,
they are inadequate in describing information ow
scenarios where information in multiple data objects ows
simultane-ously. As an example, all bits of the secret key
are required to ow to the ciphertext. We propose a multi-
ow IFT method for modeling such simultaneously
information ow behaviors.
E. MULTI-FLOW INFORMATION FLOW TRACKING
For the two-level and multi-level information ow models, the
output can only take one security label at any time. They
can be used to determine if there is a ow. However, they are
inadequate in describing information ow scenarios where
information in multiple data objects ows simultaneously. As
an example, all bits of the secret key are required to ow to
the ciphertext. In such cases, the two-level and multi-level
models will only indicate one of the key bits ows to the
ciphertext. We need a multi- ow IFT model that tracks the
ow of each data object through the hardware design.
VOLUME 6, 2018
Take the AES S-Box as an example. The multi- ow model
can be used to determine if all S-Box inputs ow to all the
S-Box output simultaneously. This model assigns an
eight-bit label to each input bit of the S-Box. By observing
the multi-ow label for an output, we mark a ow from an input
to the output when the label bit corresponding to that input is
set.
IV. MULTI-FLOW TRACKING METHODOLOGY
A. LABEL ENCODING AND MAPPING
To track multiple information ows simultaneously, we
need to expand the binary encoding security label for
two-level and multi-level IFT to a one-hot encoding. In
this way, each bit in the multi- ow security label only
tracks the propagation of one input bit.
For a better understanding, consider a four-bit signal
A.​ The two-level IFT method targets a two level security
label. Thus, we have the taint labels ​At[​ ​i]​ 2 f0; 1g, where
0 ​i 3. The multi-level IFT method allows a ner classi
cation of security labels. If each individual bit in ​A takes a
different label, we have the taint labels ​ALt​[​i]​ 2 f00; 01;
10; 11g. Using a binary encoding scheme, two bits will
be enough for encoding the taint labels. By comparison,
the multi- ow IFT method uses a one-hot encoding. Each
data bit will be assigned a four-bit label. Thus, the taint
label ​AMt​[​i]​ 2 f0000; 0001; 0010; 0100; 1000g. Here
0000 corresponds to the case when ​At​[​i​] D 0.
1825
  Tai ​et al.:​ Toward Quantified Data Analysis of IFT for Secure System Design
Y.

Now we de ne the rules for mapping the binary taint
labels to that for multi- ow. Given an ​n-​ bit signal ​B,​ we
need ​n-​ bit security labels in one-hot encoding for each
signal bit. Let ​Bt a ​ nd BMt b ​ e the taint labels for
two-level and multi- ow ​tracking respectively. When
0​
Bt[​ ​i​] D 0 (0 ​i n 1), we have ​BMt​[​i​] D ​n​ b​0. When ​Bt​[​i​] D
Here, ​A and ​B are the original inputs of AND; ​At and ​Bt are
the two-level security labels; ​AMt​, ​BMt and ​OMt are the multi-
ow security labels. We de ne an intermediate variable ​Ot,​ which
​ e use this
re ects the two-level security label for the output. W
variable as the select line to set and reset the multi-ow security
label. The label propagation policy is shown as
1826

1, we can map ​BMt​[​i​] to the rst vacant ​n​-bit one-hot

encoding code and mark that code as occupied.

B. LABEL PROPAGATION POLICY

The two-level IFT method provides a precise measurement

of if there is a ow. We need to expand the security label
used by GLIFT to track the propagation of each input data
bit to be monitored. Take AND-2 as an example, let ​A;​ ​B
and ​O ​be its inputs and output respectively. Use At​; Bt a
​ nd
Ot t​ o denote their security labels under two-level IFT. From
the label propagation policy for AND-2 under two-level IFT,
it can be formalized as Equation ​(1)​.

Ot ​D​ A Bt ​C​ B At C
​ ​ At Bt (1)

Equation ​(1) ​indicates that when ​A is logical 1 and ​B is

HIGH, the output will be HIGH; when ​B is logical 1 and ​A is
HIGH, the output will also be HIGH; Or when both ​A and ​B
​ IGH, the output will doubtlessly be ​HIGH. It cares o
are H ​ nly
about if there is any HIGH information ow from either ​A o ​ rB
to the output. However, when there is indeed a ow, i​ t does
not tell which input caused the ow. Understanding the
source of harmful information ows can be bene cial for
identifying a security vulnerability. To do this, we need a
label propagation policy that tracks the ows of information
from multiple variables simultaneously.

As mentioned, the two-level IFT model precisely indicates

if there is a ow. When there is no ow, the multi- ow label
should be all zeros. When there is a ow, the multi- ow label
should re ect where the ow was from. The subtle case is
when there are multiple HIGH inputs. The label propagation
policy should track the HIGH information ow from each input
to the output. Figure ​1 ​(a) shows the tracking logic for
implementing such a label propagation policy for AND-2.

FIGURE 1. ​Multi-flow tracking logic. (a) Tracking logic for AND-2.

(b) Tracking logic for OR-2.

 circuits. This can be a challenging task if we enumerate the
input/output relations in a brute force way. As an alternative
approach, we can synthesize the hardware design into
follows: design netlist consisting of a small set of logic primitives
(e.g., AND, OR, Invertor). Deriving multi- ow IFT logic for
these smaller primitives has signi cantly lower complexity.
With the multi- ow tracking logic for logic primitives, we can
1: input ​A, B then discretely map the logic primitives in the design netlist
to its corresponding multi- ow tracking logic in a constructive
2: input ​At, Bt
manner. Using this approach, multi- ow tracking logic can be
3: input ​[​w​ ​: 0] AMt, BMt generated for large hardware design in polynomial time.
Figure ​2 ​illustrates this constructive method.
4: output ​[​w​ ​: 0] OMt
D. MULTI-FLOW SECURITY PROPERTIES
5: output ​Ot
With the multi- ow IFT model, we can prove a different
6: assign ​Ot := A Bt​ ​C​ ​B At​ ​C​ ​At Bt
type of security other than binary. For a better
7: assign ​OMt := Ot ? (AMt​ ​C​ ​BMt) : 0 understanding, consider an RSA core.

VOLUME 6, 2018

The label propagation policy for invertor is relatively more

straightforward. This is because an invertor will only ip the
original input while not affecting the security label. The label
propagation policy for an invertor is shown as follows:

1: input ​[​w​ ​: 0] AMt

2: output ​[​w​ ​: 0] OMt

3: assign ​OMt :D​ ​AMt

The OR-2 gate is the dual of AND-2 according to

Demor-gan's law. Thus, its label propagation policy can be
derived by inverting the original inputs ​A and ​B​. Using the
same de nition as AND-2, it can be formalized as follows,
where
is the inversion operator.

1: input ​A, B

2: input ​At, Bt

3: input ​[​w​ ​: 0] AMt, BMt

4: output ​[​w​ ​: 0] OMt

5: variable ​Ot

6: assign ​Ot :D​ ​A Bt​ ​C​ ​B At​ ​C​ ​At Bt

7: assign ​OMt :D​ ​Ot ? (AMt​ ​C​ ​BMt) : 0

C. MULTI-FLOW IFT LOGIC GENERATION

To understand multi- ow behaviors of hardware designs, a

rst step is to create multi- ow tracking logic for digital
  Tai ​et al.:​ Toward Quantified Data Analysis of IFT for Secure System Design
Y.

In this section, we provide a security veri cation approach

using multi- ow IFT. We also provide an example of
back-ward tracking using multi- ow IFT model.

A. SECURITY VERIFICATION

Under the two-level GLIFT model, we can label the input as

HIGH and check if the output will be HIGH. It describes how
the GLIFT model can be used to verify such a security
prop-erty. With the multi-bit IFT model, we can prove a
different type of security property other than binary.

VOLUME 6, 2018

FIGURE 2. ​Constructive Method for Multi-flow IFT Logic.

Under the two-level IFT model, we can label the private

key and plaintext as HIGH and check if the ciphertext will be
HIGH. Formal proof will indicate that all the ciphertext bits
will be HIGH. Under the multi-level IFT model, we can label
the inputs in a ner granularity. For example, we can mark
the key as Top Secret and the plaintext as Secret. We can
then check what kind of security label the ciphertext will take
with a formal veri cation tool. Proof results will show that the
ciphertext bits will all be Top Secret. Here, the output labels
will be evaluated to the highest security label on the security
lattice. As a result, it does not reveal the ow from the
plaintext to the ciphertext.

set property ​key, plaintext : HIGH

assert property ​ciphertext : HIGH

assert property ​ready : HIGH

Under the multi- ow security model, we can use a

one-hot encoding to encode the key and plaintext and
track the propagation of each key or plaintext bit to the
ciphertext. By checking if all bits in the multi- ow security
label for the ciphertext are asserted, we can understand
if all key bits ow to every single bit of the ciphertext. This
can be done by summing up all security label bits for the
ciphertext and check if the sum is exactly the width of the
security label signal using an SMT solver.

V. MULTI-FLOW GLIFT SECURITY VERIFICATION


For a better understanding, consider the AES S-Box as
an example, all bits of the secret key are required to ow to
the ciphertext. In such cases, the two-level and multi-level
models will only indicate one of the key bits ows to the
ciphertext. We need a multi- ow IFT model that tracks the
ow of each key bit through the hardware design. The
multi-ow model can be used to determine if all S-Box inputs
ow to all the S-Box outputs simultaneously. This model
assigns an eight-bit label in one-hot encoding to each input
bit of the S-Box. By observing the multi- ow label for an
output, we mark a ow from an input to the output when the
label bit corresponding to that input is set.
results will show that the ciphertext bits will all be Top
Secret. Here, the output labels will be evaluated to be the
highest security label of the security lattice. As a result, it
does not reveal the ows from the lower 96 key bits to the
ciphertext.
Under the multi- ow security model, we can use the
encoding technique introduced in Section ​IV-A ​and track the
propagation of each key bit to the ciphertext. The following
gives a security theorem for the property, where key_i[w]
and cipher_i[w] are the multi- ow labels for the ​w-​ th bits of
key and ciphertext respectively. Here, we can contain all key
bits time and complete the veri cation in a single run.
1827

set ​key_t[i]​ ​D​ ​HIGH

set ​Others​ ​D​ ​LOW

for ​w​ in ​0​ to ​127​ do

assert ​cipher_t[w]​ ​DD​ ​HIGH

end for

If we mark all key bits as HIGH at the same time, the

GLIFT model cannot tell which key bit will ow to the output.
We have to set one key bit to HIGH each time and use a
formal tool to check all ciphertext bits to see if they will be
HIGH. This requires running 128 instances of the proof with
different security constraints on the key and thus cause signi
cant veri cation performance overheads.

Meanwhile, the two-level GLIFT model does not reveal how

severe the ow is. When multiple key bits are owing to each
ciphertext bit at the same time, it can be mathematically dif cult
to decode information about individual key bits.

Under the multi-level IFT model, we can label the inputs

in a ner granularity. For example, we can mark different
groups of the key bits as different security labels using the
lattice UNCLASSIFIED v SECRET v TOP SECRET and
then check the security label of the ciphertext. The following
shows a security theorem for this security property.

set ​key_t[127:96] :D​ ​TOP SECRET

set ​key_t[95:32] :D​ ​SECRET

set ​key_t[31:0] :D​ ​UNCLASSIFIED

set ​Default :D​ ​UNCLASSIFIED

assert ​cipher_t TOP SECRET

We can then check what kind of security label the

cipher-text will take with a formal veri cation tool. Proof
  Tai ​et al.:​ Toward Quantified Data Analysis of IFT for Secure System Design
Y.

for ​w​ in ​0​ to ​127​ do

set ​key_i[w] :D​ ​128'h0000_0000_0000_0001​ ​<<​ ​w

FIGURE 3. ​Backtracking method for AND-2.

end for
Let A, B and O denote the inputs and output of AND-2
set ​Others :D​ ​128'h0000_0000_0000_0000 while their security labels are denoted by At, Bt and Ot
respectively. The label policies and corresponding
assert ​cipher_i[w] 128'hFFFF_FFFF_FFFF_FFFF encoding implementations are shown in Table ​5.

1828

By checking if the multi-bit security labels for all bits of

the outputs are asserted, we can understand the severity
of the ow. When multiple input bits are owing to each
output bit at the same time, it can be mathematically dif
cult to decode information about individual key bits. By
comparison, when only a few key bits are owing, there
can be a signi cant defect in the cipher implementation.

B. AN EXAMPLE OF MULTI-FLOW MODEL

For a better understanding, consider signal ​A under the

multi-ow security label. Table ​4 ​shows the security labels
for different IFT models. Under the two-level method, we
have the taint labels ​At 2 f0; 1g. Thus, ​At is ont-bit wide
label. The multi-bit IFT method allows a ner expansion of
security labels. Each individual bit in ​A can take a
different label, we have ​Ai[​ ​w]​ 2 f000; 001; 010; 100g,
which can be encoded with three bits. Therefore, ​At is
three-bit wide for the multi-ow IFT method.

TABLE 4. ​Encoding method for security labels under different IFT models.

For the back tracking information ow models, we need

to measure where the unexpected information ow come
from. Take the AND-2 as an example. The multi-bit
model can be used to determine if all inputs ow to all the
output simultaneously. This model also indicates which
input leads to tainted output as Figure. ​3 ​shown.
 perform comparison of security veri cation performance
across different IFT models in Section ​VI-C.

TABLE 5. ​AND-2 labels under multi-flow IFT model. A. SCALABILITY ANALYSIS

As described in Section ​IV-C, ​the multi- ow IFT logic for

large circuits can be generated in a constructive manner by

VOLUME 6, 2018

The IFT logic for AND-2 can be derived from Table ​5,
which are shown in Equation ​(2) ​and ​(3) ​respectively.

Ot[​ 1]​ D
​ ​ At[​ 1]​ At[​ 0]​ Bt[​ 1]​ Bt[​ 0]

C ​At[​ 1] ​A Bt​[1] ​Bt[​ 0] (2)

Ot[​ 0]​ D
​ ​ At[​ 1]​ At[​ 0]​ Bt​[1]​ Bt[​ 0]

C ​At[​ 1] ​At​[0] ​Bt​[0] ​B (3)

For the three-input AND gate (AND-3), let A, B, C and O
denote the inputs and output of AND-3 while their security
labels are denoted by At, Bt, Ct and Ot respectively. From
Section ​IV-A, ​the security labels are set to three bits to
satisfy the requirements of three inputs. The label encoding
method are shown in Table ​6. ​Here, the taint label for the
output comes from 7 different taint sources of the inputs.
From Table ​6, ​the equations of IFT logic for AND-3 can be
derived under multi-ow model respectively.

TABLE 6. ​AND-3 labels under multi-flow IFT model.

For an n-bit label wide, there are elements in the

label propagation rule set of AND-2. Thus, label
propagation rule set enumeration soon becomes a
complicated and errorprone process as n grows.
Instead, we use a more ef cient way to derive IFT
logic for AND-2 under arbitrary level of linear lattices.

VI. EXPERIMENTAL RESULTS

In this section, we present experimental results. In

Section ​VI-A, ​we perform scalability analysis using
primitive gates to show how the complexity of the
multi-ow model grows with the number of ows. We
further present complexity analysis by comparing the
area of two-level, four-level and several multi- ow IFT
logic for IWLS benchmarks [32] in Section ​VI-B. ​We
  Tai ​et al.:​ Toward Quantified Data Analysis of IFT for Secure System Design
Y.
instantiating tracking logic for each logic primitive. Thus, the
scalability of tracking logic for logic primitives should re ect
the entire circuit scalability. We perform scalability analysis
using primitive gates when tracking different num-ber of
ows. We generate IFT logic for N input AND and OR gates
for scalability analysis under the multi- ow IFT model. The
resulting circuits are synthesized using ​Synopsys ​Design
Compiler ​and targeted to the SAED 90nm standard c​ ell
library for area. We use area of the tracking logic as a
measure of complexity. This is because area is proportional
to the number of gates, which positively correlates to formal
veri cation performance. Figure ​4 ​shows the results.
FIGURE 4. ​Area for N-Input AND and OR.
From Figure ​4, ​when the number of ows to be
moni-tored is doubled, the area for multi- ow tracking
logic also increases by about 1X. Thus, the complexity of
the multi- ow IFT model increases linearly to the number
of ows.
B. COMPLEXITY ANALYSIS
We further perform complexity analysis by comparing the
various models using ​IWLS benchmarks [32]. The
bench-marks are rst synthesized using ​Synopsys Design
Compiler and mapped to its internal technology library. The
synthe-sized netlist are then augmented with IFT logic by
map-ping the logic primitives to IFT libraries for the
two-level,
TABLE 7. ​Area, delay and power of IWLS benchmarks using two-level and multi-flow IFT. Area is in square micrometers (​um​ ); delay is in
nanoseconds (​ns​); power is in microwatts (​uW​ ).
multi-level and multi- ow IFT models using the constructive
method. The generated IFT logic circuits are then synthesized
and mapped again for area, delay and power reports. We
conducted experiments using several ​IWLS benchmarks to
obtain area, delay and power results to show the overheads of
multi- ow information ow tracking. Overheads in area, delay and
power are provided to show the complexity of IFT logic as
compared with the original circuit.
By comparison of the normalized average area for
2-level and 2-bit, we can see that the 2-bit IFT logic
doubles the area. However, the 2-bit model can track 2
bits while the 2-level model only tracks one. The increase
in complexity is due to the reason that the multi- ow IFT
method uses a one-hot encoding. However, the 2-level
IFT model still only tracks the information ows of the
highest security class. The 2-bit model can track
information ows with two different security classes. Thus,
the multi- ow IFT method can reduce the number of
security veri cations. By com-parison of 2-bit, 4-bit and
8-bit models, there is about 1.5 times increase in
average for area complexity of tracking logic when
doubling the number of ows to be tracked (in this case,
area of 2-bit as the statistical benchmarks). We can also
analyze delay and power for 2-lev, 2-bit, 4-bit and 8-bit
models. From Table ​7, ​take the ​alu4 as an example, the
2
area reports 10765/20915/30732/49360 ​um​ for 2-lev/
2-bit/4-bit/8-bit models, the delay reports 2.27/2.47/2.47/
2.71 ​ns for 2-lev/2-bit/4-bit/8-bit models and the power
reports 2.18/4.40/6.99/11.55 ​uW for 2-lev/2-bit/4-bit/8-bit
models.
C. SECURITY VERIFICATION ANALYSIS
We use several cryptographic cores and trust-HUB
bench-marks [33] for security veri cation analysis. We
compare the veri cation performance across two-level,
four-level and multi- ow IFT methods. We compare the veri
cation per-formance across two-level, four-level and multi-
ow IFT
2​
VOLUME 6, 2018 1829
   . Tai ​et al.:​ Toward Quantified Data Analysis of IFT for Secure System Design
Y

TABLE 8. ​Proof time results for Cryptographic cores and trust-HUB benchmarks.

properties, e.g., no
key bit information
should ow to a
given output.

VII.
CONCLUSIONS

This paper presents a new multi- ow method for label

prop-agating and information ow tracking for secure
hardware design. We propose a multi- ow IFT method to
methods. There is some difference in the types of security understand
properties that can be proved on different models. Take the
1830
​ esign shown in the second row of Table ​8 ​for
RSA-32 d
exam-ple, we label a signal key bit and would like to understand
where this key bit will ow using the two-level IFT model; we
mark two key bits with different labels and observe the output
labels using the four-level IFT model; we label 8 key bits and
track their propagation to each ciphertext bit using the multi- ow
model. We then use the ​Mentor Graphics Questa ​Formal ​tool to
obtain the veri cation time reports. Table ​8 gives the veri cation
time reports.

From Table ​8, ​the multi- ow model tends to take longer

veri cation time. However, it still can be bene cial because
this model tracks multiple ow during each proof. Still
consider the ​RSA-32 example, it takes the two-level model
18 seconds to prove where a single key bit can ow. It is
important to note that we cannot label multiple key bits for
the two-level model in this proof. Otherwise, we will not be
able to tell which key bit actually propagates to a speci c
output. To understand the propagation of all the key bits, we
need to label a different key bit each time and run multiple
veri cations. In case of a 32-bit RSA, this will require 32
proofs, which results in a total veri cation time of 18 32 D
576 sec. It is possible to label multiple key bits under the
multi-level IFT model. However, this model will evaluate the
output labels to the highest security class. We will not be
able to understand the propagation of key bits marked as
lower security classes. Thus, we still need to run 32 proofs.
By comparison, the multi- ow method can model
simultaneous information ow behaviors. We monitored the
propagation of 8 key bits within 31 sec. Understanding the
propagation of all key bits requires running a total of 4
proofs, which yields to a total proof time of 51 4 D 204 sec.

The multi- ow model can be more complex when

com-pared with the two-level or multi-level models.
However, it can be used to prove quanti ed security
properties, e.g., at least ​x bits of the key should ow to a
ciphertext bit. By comparison, the two-level and multi-level
models can be more ef cient in proving qualitative security
 [17] S. Vandebogart ​et al.,​ ``Labels and event processes in the asbestos operating
system,'' ​ACM Trans. Comput. Syst. (TOCS),​ vol. 25, no. 4, p. 11, 2007.

[18] G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas, ``Secure

program exe-cution via dynamic information ow tracking,'' ​ACM
SIGPLAN Notices,​ vol. 39, no. 11, pp. 85 96, 2004.

[19] D. Zhang, Y. Wang, G. E. Suh, and A. C. Myers, ``A hardware

design language for timing-sensitive information- ow security,'' in
Proc. 20th Int. ​Conf. Architectural Support Programm. Lang. Oper.
Syst. (ASPLOS),​ 2015,​ ​pp. 503 516.

VOLUME 6, 2018

security properties and perform information ow security veri

cation. Experimental results show that the proposed method
can detect security vulnerabilities with acceptable overhead
over the original GLIFT method and allows veri-fying
quantitative information ow security properties.

REFERENCES

[1] (2016). ​Extracting Qualcomm's Keymaster Keys Breaking Android Full

Disk Encryption.​ [Online]. Available: http://bits-please.blogspot.com/
2016/06/extractingqualcomms-keymaster-keys.html

[2] G. T. Becker, F. Regazzoni, C. Paar, and W. P. Burleson,

``Stealthy dopant-level hardware trojans,'' in ​Proc. 15th Int. Conf.
Cryptogr. Hardw. Embed-ded Syst. (CHES),​ 2013, pp. 197 214.

[3] R. Waugh. Could Allow Cyber-Criminals a Way. (May 2012).

Cyber-Attack Concerns Raised Over Boeing 787 Chip's `Back Door'.​
[Online]. ​ vailable:
A
http://www.dailymail.co.uk/sciencetech/article-2152284/

[4] M. Keating, ​The Simple Art of SoC Design: Closing the Gap Between RTL

and ESL.​ New York, NY, USA: Springer, 2011.

[5] M. Tiwari, H. M. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and

T. Sherwood, ``Complete information ow tracking from the gates
up,'' ​ACM SIGPLAN Notices​, vol. 44, no. 3, pp. 109 120, 2009.

[6] W. Hu ​et al.​, ``Theoretical fundamentals of gate level information

ow tracking,'' ​IEEE Trans. Comput.-Aided Des. Integr. Circuits
Syst.,​ vol. 30, no. 8, pp. 1128 1140, Aug. 2011.

[7] W. Hu ​et al.​, ``On the complexity of generating gate level

information ow tracking logic,'' ​IEEE Trans. Inf. Forensics Security,​
vol. 7, no. 3, pp. 1067 1080, Jun. 2012.

[8] J. Oberg, W. Hu, A. Irturk, M. Tiwari, T. Sherwood, and R. Kastner,

``Infor-mation ow isolation in i2c and usb,'' in ​Proc. 48th
ACM/EDAC/IEEE​ ​Design Autom. Conf. (DAC),​ Jun. 2011, pp. 254 259.

[9] J. Oberg, S. Meiklejohn, T. Sherwood, and R. Kastner,

``Leveraging gate-level properties to identify hardware timing
channels,'' ​IEEE Trans. ​Comput.-Aided Des. Integr. Circuits Syst.,​
vol. 33, no. 9, pp. 1288 1301,​ ​Sep. 2014.

[10] D. E. Denning, ``A lattice model of secure information ow,''

Commun.​ ​ACM​, vol. 19, no. 5, pp. 236 243, 1976.

[11] D. Volpano, C. Irvine, and G. Smith, ``A sound type system for secure
ow analysis,'' ​J. Comput. Secur.,​ vol. 4, nos. 2 3, pp. 167 187, 1996.
[12] D. E. Denning, ​Cryptography and Data Security​. Boston, MA, USA:
Addison-Wesley, 1982.

[13] J. McLean, ``Security models and information ow,'' in ​Proc. IEEE

Com-put. Soc. Symp. Res. Secur. Privacy,​ May 1990, pp. 180 187.

[14] J. W. Gray, III, ``Toward a mathematical foundation for information ow

security,'' ​J. Comput. Secur.,​ vol. 1, nos. 3 4, pp. 255 294, 1992.
[15] A. Sabelfeld and A. C. Myers, ``Language-based information- ow
secu-rity,'' ​IEEE J. Sel. Areas Commun.​, vol. 21, no. 1, pp. 5 19, Jan.
2003.
[16] M. Krohn ​et al.​, ``Information ow control for standard os abstractions,''
ACM SIGOPS Oper. Syst. Rev.​, vol. 41, no. 6, pp. 321 334, 2007.
  Tai ​et al.​: Toward Quantified Data Analysis of IFT for Secure System Design
Y.

31st Int. Conf. ​Comput. Design (ICCD),​ Oct.

2013, pp. 471 474.

[20] F. Pottier and V. Simonet, ``Information ow

inference for ML,'' ​ACM ​Trans. Programm. Lang.
Syst. (TOPLAS),​ vol. 25, no. 1, pp. 117 158, 2003.

[21] M. Dalton, H. Kannan, and C. Kozyrakis, YU TAI is currently pursuing the Ph.D. degree
``Raksha: A exible information ow with the School of
architecture for software security,'' ​ACM Automation,
SIGARCH Comput. Archit. ​News,​ vol. 35, Northwestern
no. 1, pp. 482 493, 2007. Poly-technical University,
Xi'an, China. From 2015
[22] G. Venkataramani, I. Doudalis, Y. Solihin, and M. to 2016, he was a Visiting
Prvulovic, ``FlexiTaint: A programmable accelerator
Graduate Student with
for dynamic taint propagation,'' in ​Proc. ​IEEE 14th
the Department of
Int. Symp. High Perform. Comput. Architecture,​
Feb. 2008,
Computer Science and
Engi-neering, University
pp. 173 184. of California at San
Diego, San Diego.
[23] W. Hu, B. Mao, J. Oberg, and R. Kastner,
``Detecting hardware trojans with gate-level His current research
information- ow tracking,'' ​Computer​, vol. 49, interests include
pp. 44 52, Aug. 2016. hardware security, logic
synthesis, and
[24] Y. Jin and Y. Makris, ``Proof carrying-based
information ow tracking for data secrecy optimization in
protection and hardware trust,'' in ​Proc. IEEE hard-ware information
VLSI Test​ ​Symp.​, Apr. 2012, pp. 252 257. ow.

[25] R. Kastner, J. Oberg, W. Hu, and A. Irturk,

``Enforcing information ow guarantees in
recon gurable systems with mix-trusted IP,''
in ​Proc. ERSA​, 2011, pp. 1 12.

[26] D. Mu, W. Hu, B. Mao, and B. Ma, ``A bottom-up

approach to veri able embedded system
information ow security,'' ​IET Inf. Secur.​, vol. 8, no.
1,

pp. 12 17, 2014.

[27] M. Tiwari ​et al.,​ ``Crafting a usable microkernel,

processor, and i/o system with strict and
provable information ow security,'' in ​Proc. 38th
Annu. ​Int. Symp. Comput. Architecture (ISCA),​
Jun. 2011, pp. 189 199.
[28] W. Hu, J. Oberg, J. Barrientos, D. Mu, and R.
Kastner, ``Expanding gate level information ow
tracking for multilevel security,'' ​IEEE
Embedded ​Syst. Lett.,​ vol. 5, no. 2, pp. 25 28, VOLUME 6, 2018
Jun. 2013.
[29] W. Hu ​et al.​, ``Gate-level information ow
tracking for security lattices,'' ​ACM Trans.
Des. Autom. Electron. Syst. (TODAES),​ vol.
​ 014.
20, no. 1, p. 2,​ 2

[30] W. Hu ​et al.​, ``Imprecise security: Quality

and complexity tradeoffs for hardware
information ow tracking,'' in ​Proc. IEEE/ACM
Int. Conf. ​Comput-Aided Des. (ICCAD)​, Nov.
2016, pp. 1 8.

[31] A. Ardeshiricham, W. Hu, J. Marxen, and R.

Kastner, ``Register transfer level information ow
tracking for provably secure hardware design,''
in ​Proc. Design, Autom. Test Eur. Conf. Exhib.
(DATE),​ Mar. 2017,
pp. 1691 1696.

[32] IWLS. 2005. ​IWLS Benchmarks Version 3.0​. Accessed: Oct.

2015.

[Online]. Available: http://iwls.org/iwls2005/benchmarks.html

[33] H. Salmani, M. Tehranipoor, and R. Karri,

``On design vulnerability anal-ysis and trust
benchmarks development,'' in ​Proc. IEEE
 1831

WEI HU received the Ph.D. degree in control theory and control

engineering from Northwestern Polytechnical University, Xi'an, China, in
2012.

He is currently an Associate Professor with the School of

Automation, Northwestern Poly-technical University. His research
interests include hardware security, logic synthesis, and formal veri
cation for hardware security, recon gurable computing, and embedded
systems.

DEJUN MU received the Ph.D. degree in control theory and control

engineering from Northwestern Polytechnical University, Xi'an, China, in
1994.

He is currently a Professor with the School of Automation,

Northwestern Polytechnical Univer-sity. His current research interests
include con-trol theories and information security, including network
information security, application speci c chips for information security,
and network control systems.

BAOLEI MAO is currently pursuing the Ph.D. degree from the

School of Automation, Northwestern Polytechnical University.
From 2013 to 2015, he was a Visiting Graduate Stu-dent with the
Department of Computer Science and Engineering, University of
California at San Diego, San Diego.

His current research interests include timing and power side

channel analysis, hardware information ow analysis, and formal veri
cation.

LU ZHANG received the B.E. degree from Northwestern Polytechnical

University, Xi'an, China, in 2012, where he is currently pursuing the
Ph.D. degree. He is a Visiting Graduate Stu-dent with the Department
of Computer Science and Engineering, University of California at San
Diego, San Diego.

His research interests include hardware-oriented security, design

automation, and embed-ded systems design and optimization.