Traditional information-flow tracking (IFT) methods face scalability and cross-module adaptability bottlenecks in complex hardware designs. To address this, this paper pioneers the integration of large language models (LLMs) into hardware security verification, proposing an automated IFT framework grounded in structured prompt engineering and hierarchical dependency modeling. The method enables fine-grained, multi-step reasoning across IP and SoC abstraction levels, comprehensively supporting verification of the confidentiality-integrity-availability (CIA) triad. Evaluated on the Trust-Hub benchmark suite, our approach achieves 100% IFT accuracy for both IP-level and SoC-level cases—demonstrating unprecedented scalability in high-density IC design contexts. This work establishes a novel, scalable paradigm for hardware security verification, overcoming longstanding limitations in automated information-flow analysis.

As modern hardware designs grow in complexity and size, ensuring security across the confidentiality, integrity, and availability (CIA) triad becomes increasingly challenging. Information flow tracking (IFT) is a widely-used approach to tracing data propagation, identifying unauthorized activities that may compromise confidentiality or/and integrity in hardware. However, traditional IFT methods struggle with scalability and adaptability, particularly in high-density and interconnected architectures, leading to tracing bottlenecks that limit applicability in large-scale hardware. To address these limitations and show the potential of transformer-based models in integrated circuit (IC) design, this paper introduces LLM-IFT that integrates large language models (LLM) for the realization of the IFT process in hardware. LLM-IFT exploits LLM-driven structured reasoning to perform hierarchical dependency analysis, systematically breaking down even the most complex designs. Through a multi-step LLM invocation, the framework analyzes both intra-module and inter-module dependencies, enabling comprehensive IFT assessment. By focusing on a set of Trust-Hub vulnerability test cases at both the IP level and the SoC level, our experiments demonstrate a 100% success rate in accurate IFT analysis for confidentiality and integrity checks in hardware.