SPELL: An End-to-End Tool Flow for LLM-Guided Secure SoC Design for Embedded Systems

Modern embedded systems and Internet of Things (IoT) devices contain system-on-chips (SoCs) as their hardware backbone, which increasingly contain many critical assets (secure communication keys, configuration bits, firmware, sensitive data, etc.). These critical assets must be protected against wide array of potential vulnerabilities to uphold the system's confidentiality, integrity, and availability. Today's SoC designs contain diverse intellectual property (IP) blocks, often acquired from multiple 3rd-party IP vendors. Secure hardware design using them inevitably relies on the accrued domain knowledge of well-trained security experts. In this letter, we introduce SPELL, a novel end-to-end framework for the automated development of secure SoC designs. It leverages conversational large language models (LLMs) to automatically identify security vulnerabilities in a target SoC and map them to the evolving database of common weakness enumerations (CWEs); SPELL then filters the relevant CWEs, subsequently converting them to systemverilog assertions (SVAs) for verification; and finally, addresses the vulnerabilities via centralized security policy enforcement. We have implemented the SPELL framework using popular LLMs, such as ChatGPT and GEMINI, to analyze their efficacy in generating appropriate CWEs from user-defined SoC specifications and implement corresponding security policies for an open-source SoC benchmark. We have also explored the limitations of existing pretrained conversational LLMs in this context.