In This Story
A new project led by George Mason University’s Sai Manoj, an assistant professor in the Department of Electrical and Computer Engineering, tackles the onerous challenge of hardware verification. His solution will allow for significant cost savings and efficiencies in the verification process.
The three-year study, funded by the U.S. Office of Naval Research, is known as CogFuzz and combines artificial intelligence, graph learning, and advanced hardware security techniques to improve the way engineers verify system security.
Hardware verification is the process of pre-silicon verification, processors, and other components to ensure they behave as intended. But modern hardware designs contain billions of transistors, making traditional verification methods increasingly difficult to scale. It is one of the most challenging and expensive steps in the design process.
“Verification costs industry an amount almost equal to developing the product. It could be that 70 percent of their effort goes in verification, so it’s a significant challenge,” said Manoj. Hardware vulnerabilities are different from those with software, he said, which can be patched. The stakes are high, with verification failures leading to costly recalls, security vulnerabilities, and operational failures.
CogFuzz approaches the problem from two directions. First, the project uses what Manoj describes as a combination of intelligence and exploration to focus testing efforts on the most likely vulnerabilities. Rather than relying solely on random testing, the system analyzes the design itself, draws from databases of known vulnerabilities, and uses generative AI to identify potential weaknesses and create targeted test cases.
“Instead of me doing random exploration, I'm doing it more based on the design that I have,” Manoj said. “I'll generate my test cases.”
The approach allows researchers to focus on the most promising areas for investigation while still maintaining enough randomness to uncover unexpected issues. “It's like exploration and exploitation. We have some intelligence, some randomness, we mix them together to make the verification more efficient.”
The second major component addresses a longstanding challenge in hardware security: the lack of trusted reference designs against which systems can be compared.
To overcome that obstacle, the project uses an AI technique known as graph learning. The approach studies both how a hardware design is built and how it behaves when it runs. By learning patterns from existing hardware systems, researchers hope to predict how new designs should behave, even when no trusted reference model exists for comparison.
Manoj compares the concept to navigation systems that learn traffic patterns. “If you look at 10 different situations, you can usually predict the 11th thing,” he said. “You don't expect self-driving cars to have to drive every road of the U.S. to learn how to drive on the road near your home.”
The work builds on Manoj’s broader research program in hardware security, which focuses on identifying hidden vulnerabilities and Trojans. Unlike traditional functional testing, security verification seeks to uncover rare and unexpected behaviors that may only emerge under highly unusual conditions. “The security bugs always exist at this border,” Manoj said. “You will find the bugs only at the very extreme cases.”
The project also will help shape future educational opportunities at George Mason. Manoj plans to develop a new course, Hardware Verification, Testing, and Security, expected to launch in spring 2027. The course will include hands-on laboratory experiences and incorporate lessons learned through the research.