Abstract:In recent years, there has been a notable surge in attention towards hardware security, driven by the increasing complexity and integration of processors, SoCs, and third-party IPs aimed at delivering advanced solutions. However, this complexity also introduces vulnerabilities and bugs into hardware systems, necessitating early detection during the IC design cycle to uphold system integrity and mitigate re-engineering costs. While the Design Verification (DV) community employs dynamic and formal verification strategies, they encounter challenges such as scalability for intricate designs and significant human intervention, leading to prolonged verification durations. As an alternative approach, hardware fuzzing, inspired by software testing methodologies, has gained prominence for its efficacy in identifying bugs within complex hardware designs. Despite the introduction of various hardware fuzzing techniques, obstacles such as inefficient conversion of hardware modules into software models impede their effectiveness. This Systematization of Knowledge (SoK) initiative delves into the fundamental principles of existing hardware fuzzing, methodologies, and their applicability across diverse hardware designs. Additionally, it evaluates factors such as the utilization of golden reference models (GRMs), coverage metrics, and toolchains to gauge their potential for broader adoption, akin to traditional formal verification methods. Furthermore, this work examines the reliability of existing hardware fuzzing techniques in identifying vulnerabilities and identifies research gaps for future advancements in design verification techniques.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is the detection of vulnerabilities and errors in hardware security verification, especially the early discovery of these problems in the complex integrated circuit (IC) design cycle. With the increase in the complexity and integration of processors, system - on - chips (SoCs) and third - party intellectual property (IP) modules, the risks of vulnerabilities and errors in hardware systems also increase. To ensure system integrity and reduce the cost of redesign, these vulnerabilities and errors need to be detected in the early stages of the IC design cycle. However, existing design verification (DV) methods such as dynamic verification and formal verification have some challenges: 1. **Dynamic verification**: These methods are difficult to deal with the scalability issues of complex designs and require a large amount of manual intervention, resulting in overly long verification times. 2. **Formal verification**: Although this method can alleviate deep - seated defects in hardware design, it cannot handle the increasingly large and complex modern processor designs and requires expert knowledge. To solve these problems, hardware fuzzing has been introduced as a new verification method. It draws on the fuzzing methods in software testing and has shown effectiveness in detecting vulnerabilities in complex hardware designs. However, hardware fuzzing still faces some obstacles, such as the difficulty of efficiently converting hardware modules into software models. Therefore, this paper aims to conduct in - depth research through a systematized knowledge (SoK) study on the basic principles, methods of existing hardware fuzzing and their applicability in different hardware designs. In addition, factors such as the golden reference model (GRM), coverage metrics and tool chains are also evaluated to measure their potential for wider adoption. At the same time, the paper also examines the reliability of existing hardware fuzzing techniques in identifying vulnerabilities and points out the gaps in future research on design verification techniques. In summary, the main problem that this paper solves is how to detect vulnerabilities and errors efficiently and automatically in complex hardware designs, thereby improving the existing design verification process.

The Emergence of Hardware Fuzzing: A Critical Review of its Significance

The Fuzz Odyssey: A Survey on Hardware Fuzzing Frameworks for Hardware Design Verification

MorFuzz: Fuzzing Processor Via Runtime Instruction Morphing Enhanced Synchronizable Co-simulation.

FuzzWiz -- Fuzzing Framework for Efficient Hardware Coverage

TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities

VGF: Value-Guided Fuzzing -- Fuzzing Hardware as Hardware

Beyond Random Inputs: A Novel ML-Based Hardware Fuzzing

The Art, Science, and Engineering of Fuzzing: A Survey

ProcessorFuzz: Guiding Processor Fuzzing using Control and Status Registers

HyPFuzz: Formal-Assisted Processor Fuzzing

When a Patch is Not Enough - HardFails: Software-Exploitable Hardware Bugs

Survey of OS Kernel Fuzzing

Development of a Multi-purpose Fuzzer to Perform Assessment as Input to a Cybersecurity Risk Assessment and Analysis System

Fuzzing: A Survey for Roadmap

An Endeavor to Industrialize Hardware Fuzzing: Automating NoC Verification in UVM

Fuzzerfly Effect: Hardware Fuzzing for Memory Safety

Firmware Fuzzing: the State of the Art

TaPaFuzz: Hardware-accelerated RISC-V bare-metal firmware fuzzing using rapid job launches

JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing

SoK: Prudent Evaluation Practices for Fuzzing

EM-Fuzz: Augmented Firmware Fuzzing Via Memory Checking