[ mainpage :: register :: training :: conference :: hitb-labs :: the venue ]
[ capture the flag (CTF) :: wireless village :: lock picking village (LPV) :: open-hack ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

OFFICIAL CONFERENCE VIDEOS HAVE BEEN RELEASED

HITBSecConf2008 - Malaysia (Day 1)

HITBSecConf2008 - Malaysia (Day 2)

Registration for HITBSecConf2009 - Dubai is also now open.

Mary Yeoh (Security Evaluation Lead, Intel Security Center of Excellence [SeCoE])

Filed under: Main Page — Administrator @ 9:10 am

Presentation Title: An Effective Methodology to Enable Security Evaluation at RTL Level and Automate Vulnerability Detection in Future Hardware

Presentation Abstract:

One of the major problems of the security evaluation is the dependencies on actual silicon and firmware to run penetration testing. Typically the security team is only given a short time frame to uncover security vulnerabilities at the post silicon phase. Any hardware fixes requiring a new stepping is very expensive. This work presents a new methodology to uncover and fix the hardware vulnerabilities at RTL level while the cost is still “free”, before the first tape-out of silicon.

A threat model is defined during the design and pre-silicon validation phase. With the Adversary, Access Control and the Asset identified, a penetration test plan is created after analysis on the RTL design. Using Coverage Based Validation (CBV), coverage points and e-checking are written, tests are generated and executed in the simulation environment. The detection of hardware vulnerability is now automated. Number of coverage points hit can be used to measure the product quality before the ship release. Dependencies of actual silicon and firmware have been removed and thus improve the overall throughout of security evaluation, i.e. finding more critical security vulnerabilities.

The methodology was first applied in the evaluation of the ICH10 Danbury Technology. The result is promising. Two security vulnerabilities were identified and fixed in Design Change Notice (DCN) before the A-0 silicon tape-out. First vulnerability exposes the protecting keys to external entity which defeats the security objective of Danbury Technology while the second vulnerability demonstrates an implementation issue that could render the use of Electronic Cookbook (ECB) mode of operation during data encryption. A group of coverage points were developed and integrated into the simulation environment to detect the same vulnerability in future hardware.

The methodology is capable to find vulnerabilities effectively. New stepping might be needed during post-silicon if the above vulnerabilities were discovered at the post-silicon phase. This methodology allows security vulnerabilities detection before the silicon tape-out and would save Intel the cost of fixes in the steppings.

About Mary

Mary Yeoh is security evaluation lead at Intel Malaysia working as part of Intel’s Security Center of Excellence (SeCoE). She specializes in hardware evaluation, pre-silicon penetration testing and exploit development. Currently she is leading the effort on security evaluation at RTL level. Prior to her involvement in security, she was a key hardware designer and validation architect in the development of several generation of Intel chipset, in which she also pioneered cluster level gate level simulation in Intel. She hold a degree from Monash University, Australia, in the field of Electrical & Computer Systems Engineering.



Event Organizer


Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By




Malaysian National Computer Confederation


Multimedia Development Corporation


Platinum Sponsors

Titanium Sponsor (Post Conference Reception)

Gold Sponsors

CTF Sponsor

CTF Prize Sponsor

Open-Hack Sponsor

Metro-e and Official Bandwidth Sponsor


Network Equipment Sponsor

Our Speakers are Supported By


Supporting Media:

Virus Bulletin

InfoSec News

InfoSec News

XAKEP (Russia)

Supporting Organizations


Professional Information Security Association - Hong Kong









Special Interest Group in Security & Information InteGrity Singapore