ASPIRE: An Intermediate Representation for Abstract Security Policies

Modern System-on-Chip (SoC) architectures include various Intellectual Property (IP) cores that are security-sensitive. In order to protect the design against malicious attacks, every new SoC has to undergo the laborious process of identifying the security assets that are relevant to the existing security policies and rules. Unfortunately, very little research has been done in exploiting the potential of abstraction for specification of security policies. We introduce ASPIRE, an Abstract Security Policy Intermediate Representation, which specifies Temporal Logic and Information Flow security policies in a generalized format. In the ASPIRE methodology, we develop an abstract architecture and formulate ASPIRE for Abstract Security Policies (ASP) based on the abstract architecture. This abstract architecture is developed using the security assets that are identified from the abstract security policies. Further, an equivalence check is conducted for the ASPIRE representations related to abstract and concrete architectures in order to generate SystemVerilog Assertions (SVAs) to verify the concrete architectures. We demonstrate this methodology using several security policies for multiple test cases including OpenRISC-SoC, CVA6, Wishbone Bus, MUX, and AES-T100.