GGrantIndex
← Search

CAREER: When Learning Meets Reasoning: Mitigating Security Risks with Large Language Models and Causality Inference

$288,214FY2024CSENSF

Kansas State University, Manhattan KS

Investigators

Abstract

This project addresses security vulnerabilities in hardware that can be exploited through software, posing risks to both semiconductor companies and end-users. As hardware designs become more complex, finding these security flaws becomes harder due to the heavy manual effort involved. Effective security for hardware and software systems requires deep knowledge of both software and hardware, and a collaborative approach between security experts and hardware designers. This project aims to create fully automated tools for security checks in these systems. These tools will use generated assertions to pinpoint hardware security issues without the need for human intervention or specialized security knowledge. This automation will help reduce labor costs and workload in the semiconductor industry. Additionally, a hardware security-oriented dataset will be developed to fine-tune or pre-train domain-specific large language models (LLMs). This will be a valuable resource for the security community. The project will also produce practical methods, like an online field-programmable gate array (FPGA) platform. These methods will be useful for training professionals in advanced embedded system development and verification, fostering industry collaboration, and supporting other researchers in this area. This project also includes creating tutorials and hands-on labs to engage and inspire undergraduates and K-12 students in early science and engineering activities. This CAREER project develops techniques to fully automate the security assessment process for hardware and software systems, ranging from user security requirements to the mitigation of malicious activities. The approach is threefold. First, it uses domain-specific LLMs or AI agents to automatically generate security assertions/properties based on user requirements or descriptions. A high-quality, hardware security-oriented dataset is assembled, which will be used to fine-tune or pre-train the LLMs for generating user-specified security assertions. Second, this project employs static analysis and conducts causal inference to identify sequences of instructions that could trigger micro-architectural malicious activities or security-related attacks. Third, it creates a cloud-based FPGA platform, enabling users to remotely test and validate their security solutions. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →