pith. sign in

arxiv: 2604.15073 · v1 · submitted 2026-04-16 · 💻 cs.CR

Emulation-based System-on-Chip Security Verification: Challenges and Opportunities

Tanvir Rahman , Shuvagata Saha , Ahmed Y. Alhurubi , Sujan Kumar Saha , Farimah Farahmandi , Mark Tehranipoor This is my paper

Pith reviewed 2026-05-10 10:46 UTC · model grok-4.3

classification 💻 cs.CR
keywords SoC securityhardware emulationpre-silicon verificationRTL designsassertion-based checkingadversarial testinginformation flow trackingside-channel evaluation
0
0 comments X

The pith

Hardware emulation enables higher-throughput RTL execution for realistic pre-silicon SoC security verification.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper argues that increasing SoC heterogeneity, deep hardware/software integration, and third-party IP have made security validation critical, where simulation and formal methods often miss vulnerabilities appearing only under realistic conditions. It surveys emulation as an emerging pre-silicon technology that supports higher-throughput execution of RTL designs while retaining fidelity for security analysis. Prior work is organized into six categories: assertion-based security checking, coverage-driven exploration, adversarial testing, information-flow tracking, fault injection, and side-channel-oriented evaluation. The survey details emulation workflows including instrumentation, stimulus generation, runtime monitoring, and evidence-driven analysis, along with challenges in observability, scalability, property specification, and security coverage metrics. Emerging directions such as AI-assisted emulation, digital security twins, chiplet-scale exploration, and cloud-scale secure emulation are presented as future foundations.

Core claim

Hardware emulation is emerging as an increasingly important pre-silicon verification technology because it enables higher-throughput execution of RTL designs under realistic hardware/software workloads while preserving sufficient fidelity for security-oriented analysis, positioning it as a promising foundation for the next generation of pre-silicon hardware security assurance.

What carries the argument

Emulation-enabled security verification workflows structured across six categories of prior work, covering instrumentation, stimulus generation, runtime monitoring, and evidence-driven analysis.

Load-bearing premise

The survey's organization of prior work into the six categories accurately and comprehensively represents the current state of emulation-based security verification without significant omissions.

What would settle it

A concrete security vulnerability in an SoC RTL design that thorough emulation-based verification misses but post-silicon testing reveals under the same realistic workloads.

Figures

Figures reproduced from arXiv: 2604.15073 by Ahmed Y. Alhurubi, Farimah Farahmandi, Mark Tehranipoor, Shuvagata Saha, Sujan Kumar Saha, Tanvir Rahman.

Figure 3
Figure 3. Figure 3: Separating platform type (Section III.B) from the workflow dimensions above enables more consistent comparison across prior work: the campaign driver explains how behaviors are explored, the integration style explains how emulation fits into the broader verification stack, and the observability choice explains the cost/diagnostic trade-off for evidence collection and debug. 5 Emulation-Based Security Verif… view at source ↗
read the original abstract

Increasing system-on-chip (SoC) heterogeneity, deep hardware/software integration, and the proliferation of third-party intellectual property (IP) have brought security validation to the forefront of semiconductor design. While simulation and formal verification remain indispensable, they often struggle to expose vulnerabilities that emerge only under realistic execution conditions, long software-driven interactions, and adversarial stimuli. In this context, hardware emulation is emerging as an increasingly important pre-silicon verification technology because it enables higher-throughput execution of RTL designs under realistic hardware/software workloads while preserving sufficient fidelity for security-oriented analysis. This paper presents a comprehensive survey and perspective on emulation-based security verification and validation. We organize the landscape of prior work across assertion-based security checking, coverage-driven exploration, adversarial testing, information-flow tracking, fault injection, and side-channel-oriented evaluation. We provide a structured view of emulation-enabled security verification workflows, including instrumentation, stimulus generation, runtime monitoring, and evidence-driven analysis. We also examine practical challenges related to observability, scalability, property specification, and the definition of security-oriented coverage metrics for emulation-based verification. Finally, we discuss emerging directions such as AI-assisted emulation, digital security twins, chiplet-scale security exploration, automated vulnerability assessment, and cloud-scale secure emulation. Overall, this paper positions emulation as a promising foundation for the next generation of pre-silicon hardware security assurance.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

0 major / 1 minor

Summary. The manuscript surveys emulation-based security verification for system-on-chip designs. It claims that hardware emulation is emerging as a key pre-silicon technology because it supports higher-throughput execution of RTL designs under realistic hardware/software workloads while retaining sufficient fidelity for security analysis. Prior work is organized into six categories (assertion-based security checking, coverage-driven exploration, adversarial testing, information-flow tracking, fault injection, and side-channel-oriented evaluation). The paper also describes emulation workflows (instrumentation, stimulus generation, runtime monitoring, evidence-driven analysis), examines challenges (observability, scalability, property specification, security-oriented coverage metrics), and outlines future directions (AI-assisted emulation, digital security twins, chiplet-scale exploration, automated vulnerability assessment, cloud-scale secure emulation).

Significance. This survey provides a structured perspective on an emerging area that bridges simulation and post-silicon testing for hardware security. By organizing the literature across the six categories and explicitly discussing workflows and metrics, it offers a useful reference point for researchers. The perspective on emulation's advantages under realistic conditions is grounded in the cited body of work rather than new derivations, and the forward-looking sections on AI and chiplet-scale directions add value for guiding future efforts.

minor comments (1)
  1. The abstract and introduction would benefit from a brief sentence explicitly listing the six categories to improve immediate readability for readers scanning the paper.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for their positive and constructive review of our manuscript. We appreciate the recognition of the survey's structure, its organization of prior work into six categories, and the value of the forward-looking sections on AI-assisted emulation and chiplet-scale directions. The recommendation for acceptance is encouraging.

Circularity Check

0 steps flagged

No significant circularity: literature survey with no derivations or predictions

full rationale

This paper is a structured survey of prior work on emulation-based SoC security verification. It organizes existing literature into six categories (assertion-based checking, coverage-driven exploration, adversarial testing, information-flow tracking, fault injection, side-channel evaluation) and discusses workflows, challenges, and future directions. No equations, derivations, fitted parameters, predictions, or self-referential definitions appear. Central claims rest on citations to external papers rather than internal reductions. The survey nature means no load-bearing steps reduce to the paper's own inputs by construction, satisfying the default expectation of no circularity for non-derivational work.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central positioning of emulation rests on the domain assumption that realistic workloads reveal vulnerabilities missed by simulation and formal methods; no free parameters or invented entities are introduced.

axioms (1)
  • domain assumption Emulation provides higher throughput than simulation while retaining sufficient fidelity for security analysis under realistic hardware/software workloads.
    Invoked in the abstract as the basis for claiming emulation is increasingly important.

pith-pipeline@v0.9.0 · 5558 in / 1191 out tokens · 47746 ms · 2026-05-10T10:46:55.022774+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

95 extracted references · 95 canonical work pages

  1. [1]

    Rethinking System- on-Chip Verification for Security Cross-Layer Interactions,

    H. Al-Shaikh, S. Saha, S. Kumar, F. Farahmandi, and M. Tehranipoor, “Rethinking System- on-Chip Verification for Security Cross-Layer Interactions,”IEEE Design & Test, 2025. 25

    work page 2025

  2. [2]

    System-on-chip platform security assurance: Architecture and validation,

    S. Rayet al., “System-on-chip platform security assurance: Architecture and validation,”Proc. IEEE, vol. 106, no. 1, pp. 21–37, 2017

    work page 2017

  3. [3]

    Challenges and trends in modern SoC verification: A holistic perspective,

    X. Chenet al., “Challenges and trends in modern SoC verification: A holistic perspective,” IEEE Design & Test, vol. 34, no. 5, pp. 7–22, 2017

    work page 2017

  4. [4]

    R. B. Lee,Security Basics for Computer Architects. Morgan & Claypool, 2022

    work page 2022

  5. [5]

    A survey on specification mining for hardware design and verifica- tion,

    S. Witharana and S. Ray, “A survey on specification mining for hardware design and verifica- tion,”ACM Comput. Surv., vol. 55, no. 9, pp. 1–38, 2022

    work page 2022

  6. [6]

    Hardware Trojans: Lessons learned after one decade of re- search,

    K. Xiao and M. Tehranipoor, “Hardware Trojans: Lessons learned after one decade of re- search,”ACM Trans. Design Autom. Electron. Syst., vol. 22, no. 1, pp. 1–23, 2016

    work page 2016

  7. [7]

    A survey of hardware security research on SoCs, FPGAs, and discrete components,

    F. Imesonet al., “A survey of hardware security research on SoCs, FPGAs, and discrete components,”ACM J. Emerg. Technol. Comput. Syst., 2023

    work page 2023

  8. [8]

    Ten years of speculative execution attacks: A survey,

    C. Xueet al., “Ten years of speculative execution attacks: A survey,”ACM Comput. Surv., 2020

    work page 2020

  9. [9]

    A comprehensive review of hardware Trojans and detection techniques,

    B. Aslanet al., “A comprehensive review of hardware Trojans and detection techniques,” Electronics, vol. 12, no. 6, p. 1333, 2023

    work page 2023

  10. [10]

    Mangard, E

    S. Mangard, E. Oswald, and T. Popp,Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, 2007

    work page 2007

  11. [11]

    Differential power analysis,

    P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” inAdvances in Cryptology— CRYPTO ’99, pp. 388–397, 1999

    work page 1999

  12. [12]

    Differential fault analysis of secret key cryptosystems,

    E. Biham and A. Shamir, “Differential fault analysis of secret key cryptosystems,” inAdvances in Cryptology—CRYPTO ’97, pp. 513–525, 1997

    work page 1997

  13. [13]

    The EM side-channel(s),

    D. Agrawal, J. R. Rao, and P. Rohatgi, “The EM side-channel(s),” inCryptographic Hardware and Embedded Systems (CHES), pp. 29–45, 2002

    work page 2002

  14. [14]

    Scalable formal hardware verification using modularity and abstraction,

    S. Guoet al., “Scalable formal hardware verification using modularity and abstraction,”IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., vol. 35, no. 7, pp. 1201–1214, 2016

    work page 2016

  15. [15]

    The state explosion problem,

    A. Valmari, “The state explosion problem,” inAdvanced Course on Petri Nets, pp. 429–528, Springer, 1996

    work page 1996

  16. [16]

    A practical approach to coverage in model checking,

    H. Chockleret al., “A practical approach to coverage in model checking,” inProc. CAV, pp. 66–78, 2001

    work page 2001

  17. [17]

    Detecting and preventing information leakage in hardware designs,

    W. Huet al., “Detecting and preventing information leakage in hardware designs,” inProc. ICCAD, pp. 1–8, 2016

    work page 2016

  18. [18]

    Hardware information flow tracking: Overview and advances,

    W. Huet al., “Hardware information flow tracking: Overview and advances,”IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., vol. 40, no. 4, pp. 1–20, 2021

    work page 2021

  19. [19]

    Information flow tracking for hardware security: A tutorial,

    F. Maragkouet al., “Information flow tracking for hardware security: A tutorial,”ACM Trans. Design Autom. Electron. Syst., 2022

    work page 2022

  20. [20]

    Fuzzing hardware like software,

    T. Trippelet al., “Fuzzing hardware like software,” inProc. USENIX Security, pp. 3237–3254, 2022. 26

    work page 2022

  21. [21]

    Fuzz, penetration, and AI testing for SoC security verification: Challenges and solutions,

    K. Z. Azaret al., “Fuzz, penetration, and AI testing for SoC security verification: Challenges and solutions,”IEEE Design & Test, 2022

    work page 2022

  22. [22]

    Electromagnetic analysis: Concrete results,

    K. Gandolfi, C. Mourtel, and F. Olivier, “Electromagnetic analysis: Concrete results,” in Cryptographic Hardware and Embedded Systems (CHES), pp. 251–261, 2001

    work page 2001

  23. [23]

    Challenges in large FPGA-based logic emulation systems,

    W. N. N. Hung and R. Sun, “Challenges in large FPGA-based logic emulation systems,” in Proc. Int. Symp. Physical Design, pp. 26–33, 2018

    work page 2018

  24. [24]

    Verification approach based on emulation technology,

    A. Koczor, L. Matoga, P. Penkala, and A. Pawlak, “Verification approach based on emulation technology,” inProc. IEEE Int. Symp. Des. Diagn. Electron. Circuits Syst. (DDECS), 2016, pp. 1–6

    work page 2016

  25. [25]

    SeVNoC: Security validation of system-on-chip designs with NoC fabrics,

    X. Menget al., “SeVNoC: Security validation of system-on-chip designs with NoC fabrics,” IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., vol. 42, no. 2, pp. 672–682, 2023

    work page 2023

  26. [26]

    Security and vulnerabil- ity implications of 3D ICs,

    Y. Xie, C. Bao, C. Serafy, T. Lu, A. Srivastava, and M. Tehranipoor, “Security and vulnerabil- ity implications of 3D ICs,”IEEE Trans. Multi-Scale Comput. Syst., vol. 2, no. 2, pp. 108–122, 2016

    work page 2016

  27. [27]

    DIFFuzzRTL: Differential fuzz testing to find information leakage in RTL designs,

    D. Huret al., “DIFFuzzRTL: Differential fuzz testing to find information leakage in RTL designs,” inProc. USENIX Security, pp. 2969–2986, 2021

    work page 2021

  28. [28]

    SoCFuzzer: A fuzzing framework for SoC security verification,

    M. M. Hossainet al., “SoCFuzzer: A fuzzing framework for SoC security verification,” inProc. DATE, 2023

    work page 2023

  29. [29]

    Hardware Trojan attacks: Threat analysis and countermeasures,

    S. Bhunia, M. S. Hsiao, M. Banga, and S. Narasimhan, “Hardware Trojan attacks: Threat analysis and countermeasures,”Proc. IEEE, vol. 102, no. 8, pp. 1229–1247, 2014

    work page 2014

  30. [30]

    Ten years of hardware Trojans: A survey from the attacker’s perspective,

    M. Xue, C. Gu, W. Liu, S. Yu, and M. O’Neill, “Ten years of hardware Trojans: A survey from the attacker’s perspective,”IET Comput. Digit. Tech., vol. 14, no. 6, pp. 231–246, 2020

    work page 2020

  31. [31]

    A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions,

    ¨O. Aslan, S. S. Aktu˘ g, M. Ozkan-Okay, A. A. Yilmaz, and E. Akin, “A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions,”Electronics, vol. 12, no. 6, p. 1333, 2023

    work page 2023

  32. [32]

    Hardware information flow tracking,

    W. Hu, A. Ardeshiricham, and R. Kastner, “Hardware information flow tracking,”ACM Com- put. Surv., vol. 54, no. 4, pp. 1–39, 2021

    work page 2021

  33. [33]

    Information flow tracking methods for protecting cyber-physical systems against hardware Trojans—a survey,

    S. Maragkou and A. Jantsch, “Information flow tracking methods for protecting cyber-physical systems against hardware Trojans—a survey,”arXiv:2301.02620, 2022

    work page arXiv 2022

  34. [34]

    FormalFuzzer: Formal verification assisted fuzz testing for SoC vulnerability detection,

    N. F. Dipu, M. M. Hossain, K. Z. Azar, F. Farahmandi, and M. Tehranipoor, “FormalFuzzer: Formal verification assisted fuzz testing for SoC vulnerability detection,” inProc. Asia South Pac. Des. Autom. Conf. (ASP-DAC), 2024, pp. 355–361

    work page 2024

  35. [35]

    SoCFuzzer: SoC vulnerability detection using cost function enabled fuzz testing,

    M. M. Hossain, A. Vafaei, K. Z. Azar, F. Rahman, F. Farahmandi, and M. Tehranipoor, “SoCFuzzer: SoC vulnerability detection using cost function enabled fuzz testing,” inProc. Design, Autom. Test Eur. Conf. Exhib. (DATE), 2023, pp. 1–6

    work page 2023

  36. [36]

    RFUZZ: Coverage-directed fuzz testing of RTL on FPGAs,

    S. Laeufer, J. Bachrach, A. Kurth, and K. Sen, “RFUZZ: Coverage-directed fuzz testing of RTL on FPGAs,” inProc. IEEE/ACM Int. Conf. Comput.-Aided Des. (ICCAD), 2018, pp. 1–8. 27

    work page 2018

  37. [37]

    Sharpen: SoC security verification by hardware penetration test,

    H. Al-Shaikh, A. Vafaei, M. M. M. Rahman, K. Z. Azar, F. Rahman, F. Farahmandi, and M. Tehranipoor, “Sharpen: SoC security verification by hardware penetration test,” inProc. Asia South Pac. Des. Autom. Conf. (ASP-DAC), 2023, pp. 579–584

    work page 2023

  38. [38]

    Palladium Emulation,

    Cadence Design Systems, “Palladium Emulation,” [Online]. Available:https://www.cadenc e.com/en_US/home/tools/system-design-and-verification/emulation-and-prototypi ng/palladium.html. Accessed: 2026-01-05

    work page 2026

  39. [39]

    ZeBu Emulation Systems,

    Synopsys, “ZeBu Emulation Systems,” [Online]. Available:https://www.synopsys.com/ver ification/emulation-prototyping/emulation.html. Accessed: 2026-01-05

    work page 2026

  40. [40]

    Veloce Strato CS emulation platform,

    Siemens EDA, “Veloce Strato CS emulation platform,” [Online]. Available:https://eda.sw .siemens.com/en-US/ic/hav/veloce-cs/strato-cs/. Accessed: 2026-01-05

    work page 2026

  41. [41]

    Co-modeling: A Powerful Capability for Hardware Emulation,

    R. Squiers, “Co-modeling: A Powerful Capability for Hardware Emulation,” Siemens Digital Industries Software, White Paper, 2019. [Online]. Available:https://resources.sw.sieme ns.com/en-US/white-paper-co-modeling-a-powerful-capability-for-hardware-emu lation/

    work page 2019

  42. [42]

    Early Software Development and Verifica- tion Methodology Using Hybrid Emulation Platform,

    W. Kim, H. Park, H. Kim, S. B. Choi, and S. Kim, “Early Software Development and Verifica- tion Methodology Using Hybrid Emulation Platform,” inDVCon Proceedings, 2017. [Online]. Available:https://dvcon-proceedings.org/wp-content/uploads/early-software-dev elopment-and-verification-methodology-using-hybrid-emulation-platform.pdf

    work page 2017

  43. [43]

    Hybrid Emulation for faster Android Home screen bring up and Software Development,

    R. Yadav, M. Khandelwal, S. Kalbande, G. Srivastava, and H. Kim, “Hybrid Emulation for faster Android Home screen bring up and Software Development,” inDVCon Proceedings, 2023. [Online]. Available:https://dvcon-proceedings.org/wp-content/uploads/90995.pdf

    work page 2023

  44. [44]

    Palladium emulation,

    Cadence Design Systems, “Palladium emulation,” Accessed: Mar. 18, 2026. [Online]. Available: https://www.cadence.com/en_US/home/tools/system-design-and-verification/emul ation-and-prototyping/palladium.html

    work page 2026

  45. [45]

    Veloce apps,

    Siemens EDA, “Veloce apps,” Accessed: Mar. 18, 2026. [Online]. Available:https://www.si emens.com/en-us/products/ic/hav/apps/

    work page 2026

  46. [46]

    Cadence Palladium Z1 enterprise emulation platform,

    Cadence Design Systems, “Cadence Palladium Z1 enterprise emulation platform,” Datasheet. Accessed: Mar. 18, 2026. [Online]. Available:https://www.cadence.com/content/dam/ca dence-www/global/en_US/documents/tools/system-design-verification/palladium-z 1-ds.pdf

    work page 2026

  47. [47]

    Synopsys extends leadership with enhanced verification continuum platform,

    Synopsys, “Synopsys extends leadership with enhanced verification continuum platform,” May 30, 2019. Accessed: Mar. 18, 2026. [Online]. Available:https://news.synopsys.com/2019 -05-30-Synopsys-Extends-Leadership-with-Enhanced-Verification-Continuum-Pla tform

    work page 2019

  48. [48]

    Fault Injection Attack Emulation Framework for early evalu- ation of IC security,

    H. Salmani and M. Tehranipoor, “Fault Injection Attack Emulation Framework for early evalu- ation of IC security,”ACM Trans. Des. Autom. Electron. Syst., vol. 26, no. 6, 2021, Art. no. 83

    work page 2021

  49. [49]

    SoFI: Security property-driven vulnerability assessments of ICs against fault-injection attacks,

    Z. Wang and M. Tehranipoor, “SoFI: Security property-driven vulnerability assessments of ICs against fault-injection attacks,”IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., vol. 40, no. 11, pp. 2312–2325, 2021. 28

    work page 2021

  50. [50]

    Hardware Emulation for Software Validation (Part 2): Hybrid Emulation and Trace-Based Debug,

    L. Rizzatti and R. Klein, “Hardware Emulation for Software Validation (Part 2): Hybrid Emulation and Trace-Based Debug,”Electronic Design, May 5, 2017. [Online]. Available: https://www.electronicdesign.com/technologies/test-measurement/article/21805 014/hardware-emulation-for-software-validation-part-2-hybrid-emulation-and-t race-based-debug

    work page 2017

  51. [51]

    TaintFuzzer: SoC security verification using taint inference-enabled fuzzing,

    M. M. Hossain, N. F. Dipu, K. Z. Azar, F. Rahman, F. Farahmandi, and M. Tehra- nipoor, “TaintFuzzer: SoC security verification using taint inference-enabled fuzzing,” inProc. IEEE/ACM Int. Conf. Comput.-Aided Des. (ICCAD), 2023, pp. 1–9

    work page 2023

  52. [52]

    FormalFuzzer: Formal-assisted fuzzing for SoC security,

    N. F. Dipuet al., “FormalFuzzer: Formal-assisted fuzzing for SoC security,”IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., 2024

    work page 2024

  53. [53]

    Veloce De-ICE App,

    Siemens EDA, “Veloce De-ICE App,” Accessed: Mar. 18, 2026. [Online]. Available:https: //www.siemens.com/en-us/products/ic/hav/apps/de-ice/

    work page 2026

  54. [54]

    Security verification with Radix,

    Cycuity, “Security verification with Radix,” Accessed: Mar. 18, 2026. [Online]. Available: https://cycuity.com/wp-content/uploads/2025/01/Cycuity_Security_Verification _2025.pdf

    work page 2026

  55. [55]

    Re- Pen: Reinforcement learning-enforced penetration testing for SoC security verification,

    H. Al Shaikh, S. Saha, K. Z. Azar, F. Farahmandi, M. Tehranipoor, and F. Rahman, “Re- Pen: Reinforcement learning-enforced penetration testing for SoC security verification,”IEEE Trans. Very Large Scale Integr. (VLSI) Syst., 2024

    work page 2024

  56. [56]

    ProcessorFuzz: Processor fuzzing with control and status registers guidance,

    S. Canakci, C. Rajapaksha, L. Delshadtehrani, A. Nataraja, M. B. Taylor, M. Egele, and A. Joshi, “ProcessorFuzz: Processor fuzzing with control and status registers guidance,” in Proc. IEEE Int. Symp. Hardware Oriented Security Trust (HOST), 2023, pp. 1–12

    work page 2023

  57. [57]

    Security assurance for system-on-chip designs with untrusted IPs,

    A. Basak, S. Bhunia, T. Tkacik, and S. Ray, “Security assurance for system-on-chip designs with untrusted IPs,”IEEE Trans. Inf. Forensics Security, vol. 12, no. 7, pp. 1515–1528, 2017

    work page 2017

  58. [58]

    In: ACM/IEEE Design Automation Con- ference

    S. Canakci, L. Delshadtehrani, F. Eris, M. B. Taylor, M. Egele, and A. Joshi, “Direct- Fuzz: Automated Test Generation for RTL Designs using Directed Graybox Fuzzing,” inProc. ACM/IEEE Design Automation Conference (DAC), 2021, pp. 529–534, doi: 10.1109/DAC18074.2021.9586289

    work page doi:10.1109/dac18074.2021.9586289 2021

  59. [59]

    High- Performance ARM-on-ARM Virtualization for Mul- ticore SystemC-TLM-Based Virtual Platforms,

    L. Wu, M. Rostami, H. Li, and A.-R. Sadeghi, “HFL: Hardware Fuzzing Loop with Reinforce- ment Learning,” inProc. Design, Automation & Test in Europe (DATE), 2025, pp. 1–7, doi: 10.23919/DATE64628.2025.10993080

    work page doi:10.23919/date64628.2025.10993080 2025

  60. [60]

    TaintFuzzer: Taint-guided fuzzing for SoC security,

    M. M. Hossainet al., “TaintFuzzer: Taint-guided fuzzing for SoC security,” inProc. ICCAD, 2023

    work page 2023

  61. [61]

    Hardware-Assisted Verification Market Size and Share Forecast Out- look 2025 to 2035,

    Future Market Insights, “Hardware-Assisted Verification Market Size and Share Forecast Out- look 2025 to 2035,” Aug. 1, 2025. Accessed: Mar. 11, 2026. [Online]. Available:https: //www.futuremarketinsights.com/reports/hardware-assisted-verification-market

    work page 2025

  62. [62]

    Hardware-Assisted Verification — Global Strategic Business Report,

    Research and Markets, “Hardware-Assisted Verification — Global Strategic Business Report,”

    work page

  63. [63]

    11, 2026

    Accessed: Mar. 11, 2026. [Online]. Available:https://www.researchandmarkets.com /reports/6070921/hardware-assisted-verification-global 29

    work page arXiv 2026

  64. [64]

    ESD Alliance Reports Electronic System Design Industry Posts$5.6 Billion Dollars in Revenue in Q3 2025,

    ESD Alliance (a SEMI Technology Community), “ESD Alliance Reports Electronic System Design Industry Posts$5.6 Billion Dollars in Revenue in Q3 2025,” Jan. 12, 2026. Accessed: Mar. 11, 2026. [Online]. Available:https://www.semi.org/en/semi-press-release/esd-a lliance-reports-electronic-system-design-industry-posts-5.6-billion-dollars -in-revenue-in-q3-2025

    work page 2025

  65. [65]

    VoltPillager: Hardware-based fault injection attacks against Intel SGX enclaves using the SVID voltage scaling interface,

    Z. Chen, G. Vasilakis, K. Murdock, E. Dean, D. Oswald, and F. D. Garcia, “VoltPillager: Hardware-based fault injection attacks against Intel SGX enclaves using the SVID voltage scaling interface,” inProc. USENIX Security Symposium, 2021

    work page 2021

  66. [66]

    Accurate robustness assessment of HDL models through iterative statistical fault injection,

    I. Tuzov, D. de Andr´ es, and J.-C. Ruiz, “Accurate robustness assessment of HDL models through iterative statistical fault injection,” inProc. IEEE European Dependable Computing Conf. (EDCC), 2018, pp. 1–8

    work page 2018

  67. [67]

    Security proper- ties driven pre-silicon laser fault injection assessment,

    N. Pundir, H. Li, L. Lin, N. Chang, F. Farahmandi, and M. Tehranipoor, “Security proper- ties driven pre-silicon laser fault injection assessment,” inProc. IEEE Int. Symp. Hardware Oriented Security and Trust (HOST), 2022, pp. 9–12

    work page 2022

  68. [68]

    MorFuzz: Fuzzing Processor via Run- time Instruction Morphing enhanced Synchronizable Co-simulation,

    J. Xu, Y. Liu, S. He, H. Lin, Y. Zhou, and C. Wang, “MorFuzz: Fuzzing Processor via Run- time Instruction Morphing enhanced Synchronizable Co-simulation,” inProc. 32nd USENIX Security Symposium (USENIX Security), 2023, pp. 1307–1324

    work page 2023

  69. [69]

    Advancing trustworthi- ness in system-in-package: A novel root-of-trust hardware security module for heterogeneous integration,

    M. S. U. I. Sami, T. Zhang, A. M. Shuvo, M. S. U. Haque, P. E. Calzada, K. Z. Azar, H. M. Kamali, F. Rahman, F. Farahmandi, and M. Tehranipoor, “Advancing trustworthi- ness in system-in-package: A novel root-of-trust hardware security module for heterogeneous integration,”IEEE Access, vol. 12, 2024, Art. no. 3375874

    work page 2024

  70. [70]

    Impact, vulnerabilities, and mitigation strategies for cyber-secure critical infrastructure,

    H. Riggs, S. Tufail, I. Parvez, M. Tariq, M. A. Khan, A. Amir, K. V. Vuda, and A. I. Sarwat, “Impact, vulnerabilities, and mitigation strategies for cyber-secure critical infrastructure,” Sensors, vol. 23, no. 8, p. 4060, 2023

    work page 2023

  71. [71]

    Beyond Random Inputs: A Novel ML-Based Hardware Fuzzing,

    M. Rostami, M. Chilese, S. Zeitouni, R. Kande, J. Rajendran, and A.-R. Sadeghi, “Beyond Random Inputs: A Novel ML-Based Hardware Fuzzing,”arXiv preprint arXiv:2404.06856, 2024

    work page arXiv 2024

  72. [72]

    Cascade: CPU fuzzing via intricate program gener- ation,

    F. Solt, K. Ceesay-Seitz, and K. Razavi, “Cascade: CPU fuzzing via intricate program gener- ation,” inProc. USENIX Security Symp., 2024, pp. 5341–5358

    work page 2024

  73. [73]

    Plundervolt: Software-based fault injection attacks against Intel SGX,

    K. Murdock, D. Oswald, F. D. Garcia, J. V. Bulck, D. Gruss, and F. Piessens, “Plundervolt: Software-based fault injection attacks against Intel SGX,” inProc. IEEE Symp. Security and Privacy (S&P), 2020

    work page 2020

  74. [74]

    Escalating privileges in Linux using voltage fault injection,

    N. Timmers and C. Mune, “Escalating privileges in Linux using voltage fault injection,” in Proc. Workshop Fault Diagnosis and Tolerance in Cryptography (FDTC), 2017

    work page 2017

  75. [75]

    EmFIA: A novel emulation-based fault injection vulnerability assessment framework at RTL level,

    T. Rahman, S. Saha, S. K. Saha, F. Farahmandi, and M. Tehranipoor, “EmFIA: A novel emulation-based fault injection vulnerability assessment framework at RTL level,” inProc. IFIP/IEEE 33rd Int. Conf. Very Large Scale Integration (VLSI-SoC), 2025, pp. 1–5, doi: 10.1109/VLSI-SoC64688.2025.11421747

    work page doi:10.1109/vlsi-soc64688.2025.11421747 2025

  76. [76]

    Laser-induced fault injection: A practical analysis,

    A. Vasselle, A. Morisset, M. Flottes, and B. Rouzeyre, “Laser-induced fault injection: A practical analysis,” inProc. IEEE Int. On-Line Testing Symp. (IOLTS), 2018. 30

    work page 2018

  77. [77]

    A survey on fault injection methods of digital integrated circuits,

    M. Eslami, B. Ghavami, M. Raji, and A. Mahani, “A survey on fault injection methods of digital integrated circuits,”Integration, vol. 71, pp. 154–163, 2020

    work page 2020

  78. [78]

    Fuzzing: a survey,

    J. Li, B. Zhao, and C. Zhang, “Fuzzing: a survey,”Cybersecurity, vol. 1, Art. no. 6, Jun. 2018, doi: 10.1186/s42400-018-0002-y

    work page doi:10.1186/s42400-018-0002-y 2018

  79. [79]

    Verification of Hardware and Software with Fuzzing: Challenges and Oppor- tunities,

    S. Xianget al., “Verification of Hardware and Software with Fuzzing: Challenges and Oppor- tunities,” inProc. ACM/IEEE, 2022, doi: 10.1145/3563768.3565549

    work page doi:10.1145/3563768.3565549 2022

  80. [80]

    MABFuzz: Multi-Armed Bandit Algorithms for Fuzzing Processors,

    V. Gohil, R. Kande, C. Chen, A.-R. Sadeghi, and J. Rajendran, “MABFuzz: Multi-Armed Bandit Algorithms for Fuzzing Processors,”arXiv preprint arXiv:2311.14594, 2023

    work page arXiv 2023

Showing first 80 references.