Caspia Technologies, a pioneer in the development of AI-enhanced security verification solutions for advanced SoCs and systems, today announced details of the impact of its security linter called CODAx. The company reported that 16 security violations were found in a popular OpenRISC CPU core. This open-source core has been deployed in a variety of embedded applications, including telecommunications, portable media, home entertainment, and automotive.
CODAx uses over 150 security rules to perform comprehensive static checking on design RTL to flag code that can lead to security vulnerabilities. The CODAx rules benefit from Caspia Technologies security LLMs trained with the latest vulnerabilities, threat models and security AI agents. The easy-to-use tool analyzes the control and data-path portions of a design with a large and growing database of security rules. CODAx provides more secure and robust end products while enabling more efficient design flows with reduced time-to-market and lower secure development costs.
Approximately 32,000 lines of code in the OpenRISC CPU core were analyzed. CODAx detected six violations of control path security directives and 10 violations of data-path security directives. In contrast, the golden reference linter currently in use throughout the industry found only two of the 16 violations flagged by CODAx, illustrating the unique value of this new class of security linter. The complete analysis using CODAx took under 60 seconds.
Example vulnerabilities found include:
- Insecure state encoding schemes and transitions for finite state machines in the design. This practice can make the state machines susceptible to fault injection attacks and improper leakage of sensitive information.
- Improper initialized data-path registers upon reset. If these registers are left uninitialized, their state becomes undefined when the design is first brought out of reset. During this vulnerable window, before the registers are explicitly initialized by the logic, the design operates in an insecure state, increasing the risk of exploitation.
Caspia Technologies is actively engaging with approximately seven leading semiconductor technology suppliers spanning industries such as wireless, AI, AMS, DSP, automotive, and processor platforms, to demonstrate the value of CODAx and subsequently strengthen the security portion of the development flow.
Today’s security issues are addressed manually. Implementing a CODAx solution will enhance the productivity of the security team while addressing vulnerability attacks before they happen. As a result, the entire design flow will be more efficient while reducing the costs for running security tests.
“CODAx is the first solution in a robust roadmap of solutions that enhances design security and product assurance across the entire electronic development and delivery flow,” said Dr. Mark Tehranipoor, Department Chair & Intel Charles E. Young Chair in Cybersecurity at the University of Florida, and co-founder of Caspia Technologies. “I am delighted with the strong interest we are seeing in the market for CODAx and the significant demonstration of capability we achieved with the OpenRISC CPU analysis.”
Unique New Access Program for CODAx
Caspia also announced the details of a new program to enable testing of CODAx on open-source designs free of charge.
- Visit https://apps.caspia.ai/ in your web browser. You will find further information there on creating an account to access the platform.
- When logged in to the platform, users can run CODAx on various designs, including a RISC-V core and open-source hardware root-of-trust.
- The goal is to give users a feel for using the security tool and the rule-checks CODAx performs.
- Feedback from the community is welcome! Comments, questions, and additional assistance can be accessed by emailing support@caspiatechnologies.com.
