Trojan

About: Trojan is a research topic. Over the lifetime, 2028 publications have been published within this topic receiving 33209 citations.

A Framework for Modelling Trojans and Computer Virus Infection

Abstract: It is not possible to view a computer operating in the real world, including the possibility of Trojan horse programs and computer viruses, as simply a finite realisation of a Turing machine. We consider the actions of Trojan horses and viruses in real computer systems and suggest a minimal framework for an adequate formal understanding of the phenomena. Some conventional approaches, including biological metaphors, are shown to be inadequate; some suggestions are made towards constructing virally-resistant systems.

Design and analysis of ring oscillator based Design-for-Trust technique

Abstract: Due to the increasing opportunities for malicious inclusions in hardware, Design-for-Trust (DFTr) is emerging as an important IC design methodology. In order to incorporate the DFTr techniques into the IC development cycle, they have to be practical in terms of their Trojan detection capabilities, hardware overhead, and test cost. We propose a non-invasive DFTr technique, which can detect Trojans in the presence of process variations and measurement errors. This technique can detect Trojans that are inserted in all or a subset of the ICs. It is applicable to both ASICs and FPGA implementations. Circuit paths in a design are reconfigured into ring oscillators1 (ROs) by adding a small amount of logic. Trojans are detected by observing the changes in the frequency of the ROs. An algorithm is provided to secure all the gates, while reducing the hardware overhead. We analyzed the coverage, area and test time overhead of the proposed DFTr technique. To demonstrate its effectiveness in the real world, the proposed technique had been validated by a red-team blue-team approach.

Guided test generation for isolation and detection of embedded trojans in ics

Abstract: Testing the genuineness of a manufactured chip is an important step in an IC product life cycle. This becomes more prominent with the outsourcing of the manufacturing process, since the manufacturer may tamper the internal circuit behavior using Trojan circuits in the original design. Traditional testing methods cannot detect these stealthy Trojans because the triggering scenario, which activates it, is unknown. Recently, approaches based on side-channel analysis have shown promising results in detecting Trojans. In this paper, we propose a novel test generation technique that aims at magnifying the disparity between side-channel signal waveforms of tampered and genuine circuits to indicate the possibility of internal tampering. Experimental results indicate that our approach could magnify the likelihood of Trojans 4 to 20 times more than existing side-channel analysis based approaches.

A score-based classification method for identifying hardware-trojans at gate-level netlists

Abstract: Recently, digital ICs are often designed by outside vendors to reduce design costs in semiconductor industry, which may introduce severe risks that malicious attackers implement Hardware Trojans (HTs) on them. Since IC design phase generates only a single design result, an RT-level or gate-level netlist for example, we cannot assume an HT-free netlist or a Golden netlist and then it is too difficult to identify whether a generated netlist is HT-free or HT-inserted. In this paper, we propose a score-based classification method for identifying HT-free or HT-inserted gate-level netlists without using a Golden netlist. Our proposed method does not directly detect HTs themselves in a gate-level netlist but a net included in HTs, which is called Trojan net, instead. Firstly, we observe Trojan nets from several HT-inserted benchmarks and extract several their features. Secondly, we give scores to extracted Trojan net features and sum up them for each net in benchmarks. Then we can find out a score threshold to classify HT-free and HT-inserted netlists. Based on these scores, we can successfully classify HT-free and HT-inserted netlists in all the Trust-HUB gate-level benchmarks. Experimental results demonstrate that our method successfully identify all the HT-inserted gate-level benchmarks to be “HT-inserted” and all the HT-free gate-level benchmarks to be “HT-free” in approximately three hours for each benchmark.

System and method for detecting and mitigating dns spoofing trojans

Abstract: Embodiments of the present invention relate to a method and system for detecting and/or mitigating domain name system (DNS) spoofing Trojan horse (or Trojan) code. Trojan code (sometimes called malware or malicious software) is a common computer security problem. Some Trojans modify the DNS resolution mechanism employed by the infected computer, such that the computer traffic, when browsing the Internet, is routed to a location not intended by the rightful owner of the computer. The present invention can detect this phenomenon from a remote device or location and may take action to mitigate its effects.