Rising complexity in Verilog-based hardware designs impedes manual identification of security-critical assets and hampers the efficiency of threat modeling and security verification. Method: This paper proposes a structured, automated preliminary screening method for security assets, grounded in pattern mining across open-source IP families. Leveraging expert knowledge, it performs iterative structural pattern analysis on three representative categories of open-source hardware IPs to systematically derive a reusable candidate set of potential primary security assets. Contribution/Results: Evaluated on multiple real-world Verilog designs, the method significantly reduces the manual search space for security assets while demonstrating strong pattern generalizability and high identification accuracy. It provides a robust, scalable foundation for downstream security tasks—including threat modeling, vulnerability analysis, and formal security verification—thereby enhancing the efficiency and rigor of hardware security assurance.

With greater design complexity, the challenge to anticipate and mitigate security issues provides more responsibility for the designer. As hardware provides the foundation of a secure system, we need tools and techniques that support engineers to improve trust and help them address security concerns. Knowing the security assets in a design is fundamental to downstream security analyses, such as threat modeling, weakness identification, and verification. This paper proposes an automated approach for the initial identification of potential security assets in a Verilog design. Taking inspiration from manual asset identification methodologies, we analyze open-source hardware designs in three IP families and identify patterns and commonalities likely to indicate structural assets. Through iterative refinement, we provide a potential set of primary security assets and thus help to reduce the manual search space.