SHIFT: Selective Hardware Information Flow Tracking Driven by Deterministic Constraints

Information flow tracking technology is commonly used in the security analysis of hardware design. This technology protects the confidentiality and integrity of essential assets by instrumenting trace logic on each operation unit to detect whether critical information has been leaked or tampered with. However, as hardware design becomes increasingly large-scale and complex, the significant performance overhead introduced by instrumentation has become a major challenge. This paper proposes SHIFT (Selective Hardware Information Flow Tracking), a constraint-driven optimization technique. The core idea of SHIFT includes selective monitoring of operations and selective optimization of propagation logic. In the intermediate representation of the hardware design, SHIFT scans taint sources in the code statically using a conservative analysis algorithm to determine whether logic structures require monitoring and assigns optimization tags based on known conditions. During the synthesis process, these optimization tags are passed to the netlist, thereby enabling selective instrumentation of the trace logic on the cell. In the Trust-Hub AES test bench, SHIFT reduces the deployment time of the tracking model by 12.1%, decreases the number of cells by 19.9%, and reduces the synthesized area by 35.7%, Additionally, the security verification time of the flow model was reduced by 10.5%. In general, SHIFT reduces the overhead of deploying trace logic without introducing false positives.