This article details a methodology to find bugs across multiple abstraction layers of the system, specifically at the hardware–software boundary. It describes how existing tools can help with such methodology and limitations. It describes he setup and the objectives of the security evaluation before discussing the methodology. The goal of any security evaluation is to establish a system’s conformance to a specification of security properties. This article focuses on a methodology that is targeted at finding precisely those bugs that arise from cross-layer interplay between software and hardware. In the context of system-on-chip (SoCs), both hardware and software play an important role. The security specification of the system under test may or may not be available. Its level of detail can vary and security properties may be expressed in a formal or informal way.
Copyright 2021 Elsevier B.V., All rights reserved.
- dynamic analysis
- security evaluation