西安电子科技大学学报 ›› 2023, Vol. 50 ›› Issue (3): 142-150.doi: 10.19665/j.issn1001-2400.2023.03.014

• 计算机科学与技术 & 网络空间安全 • 上一篇    下一篇

RELIC-GNN:一种高效的状态寄存器识别算法

董勐1(),高一鸣1(),潘伟涛1(),邱智亮1(),杨建磊2(),邸志雄3(),郑凌4()   

  1. 1.西安电子科技大学 空天地一体化综合业务网全国重点实验室,陕西 西安 710071
    2.北京航空航天大学 计算机学院,北京 100191
    3.西南交通大学 信息科学与技术学院,四川 成都 611756
    4.西安邮电大学 通信与信息工程学院,陕西 西安 710121
  • 收稿日期:2022-08-22 出版日期:2023-06-20 发布日期:2023-10-13
  • 通讯作者: 潘伟涛
  • 作者简介:董 勐(1995—),男,西安电子科技大学博士研究生,E-mail:mdong@stu.xidian.edu.cn;|高一鸣(1998—),男,西安电子科技大学硕士研究生,E-mail:gyming@stu.xidian.edu.cn;|邱智亮(1965—),男,教授,E-mail:zlqiu@mail.xidian.edu.cn;|杨建磊(1987—),男,副教授,E-mail:jianlei@buaa.edu.cn;|邸志雄(1984—),男,副教授,E-mail:dizhixiong2@126.com;|郑 凌(1989—),男,讲师,E-mail:lingzheng@xupt.edu.cn
  • 基金资助:
    国家自然科学基金(62102314);陕西省自然科学基础研究计划(2021JQ-708);陕西省教育厅专项科研计划(20JK0923);榆林市科技计划(YF-2020-183)

RELIC-GNN:an efficient state register identification algorithm

DONG Meng1(),GAO Yiming1(),PAN Weitao1(),QIU Zhiliang1(),YANG Jianlei2(),DI Zhixiong3(),ZHENG Ling4()   

  1. 1. State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an 710071,China
    2. School of Computer Science and Engineering,Beihang University,Beijing 100191,China
    3. School of Information Science and Technology,Southwest Jiaotong University,Chengdu 611756,China
    4. School of Communications and Information Engineering,Xi’an University of Posts and Telecommunications,Xi’an 710121,China
  • Received:2022-08-22 Online:2023-06-20 Published:2023-10-13
  • Contact: Weitao PAN

摘要:

随着集成电路(IC)设计水平化、制造全球化的发展,由第三方厂商生产的大量硬件集成电路被应用于芯片设计中,这引起了人们对芯片中被插入设计后门/硬件木马的担忧。逆向工程可以恢复出集成电路芯片的设计网表,设计人员通过提取高层描述并分析关键逻辑可以判断设计功能是否被篡改。然而,逆向网表的可读性差,其数据路径和控制逻辑混杂在一起,难以快速、准确地抽象出高层描述。文中将该问题等价定义为网表路径结构分类问题,并提出一种基于图神经网络的高效状态寄存器识别算法。首先对网表预处理,消除工艺库的差异并降低建模复杂度;其次将网表建模为有向图,并提取其中每个寄存器的路径结构;然后将路径结构输入到构建好的图神经网络模型中,为每个寄存器生成相应的特征;最后对嵌入的特征进行聚类,将寄存器分为状态寄存器和控制寄存器。实验结果证明,该算法可以在百万门级网表上正确运行,其平均识别准确率达到约88.37%,相较于现有算法,在识别精度、运行速度、可迁移性等方面均有提升。

关键词: 逆向工程, 寄存器分类, 控制逻辑提取, 图神经网络

Abstract:

With the horizontalization of integrated circuit (IC) design and globalization of manufacturing,a large number of hardware ICs produced by third-party vendors are used in the chip design,which raises concerns about design backdoors/hardware Trojan horses being inserted into chips.Reverse engineering can recover the design netlist of IC chips,and designers can determine whether the design functions have been tampered with by extracting high-level descriptions and analyzing the key logic.However,the poor readability of the reverse netlist with its data paths and control logic mixed makes it difficult to abstract the high-level descriptions quickly and accurately.In this paper,the problem is equivalently defined as the classification problem of the netlist path structure,and an efficient state register identification algorithm based on the graph neural network is proposed.First,pre-processing of the netlist is conducted to eliminate the differences of the process library and to reduce the modeling complexity.Second,the netlist is modeled as the directed graph and the path structure of each register is extracted.Then the graph neural network model is used to map corresponding features of each register with the path structure inputted.Finally,the features are clustered so as to classify the registers into status registers and control registers.Experimental results prove that the algorithm can run correctly on a million-gate netlist with the average recognition accuracy reaching 88.37%,which is improved in recognition accuracy,operation speed and migratability compared with the existing algorithms.

Key words: reverse engineering, register classification, control logic extraction, graph neural networks

中图分类号: 

  • TN406