Anna Lena Duque Antón scite author profile

Process isolation is a key component of the security architecture in any hardware/software system. However, even when implemented correctly and comprehensively at the software (SW) level, process isolation may be compromised by weaknesses of the hardware (HW). Therefore, at the HW level, an exhaustive verification is desirable which provides the needed formal guarantees ensuring the confidentiality and integrity of the microarchitecture. The situation is further exacerbated if the attacker is able to inject faults, a threat requiring additional attention in formal security analysis. In this paper, we consider a threat model where the attacker is able to inject faults and, at the same time, execute user-level programs. We show that this poses a severe security threat even in systems which have been hardened against fault attacks for specific, security-critical system software. For protection against this threat, we present an exhaustive formal verification methodology that provides security guarantees for access control in processors, and demonstrate how such guarantees are sustained in the presence of fault injection. Guaranteeing correct and robust access control is crucial since it is the basis for process isolation in hardware. The proposed approach implicitly models all possible single and multiple bit flips as well as all stuck-at faults. We leverage the results of our formal analysis to augment the system with protection mechanisms that guarantee security w.r.t. the considered threat model. At the example of several open source RISC-V processors, we demonstrate both the scalability of our formal analysis and the efficiency of the generated defenses.INDEX TERMS Access control, computer security, electronic design automation and methodology, formal verification.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Anna Lena Duque Antón

A Formal Approach to Confidentiality Verification in SoCs at the Register Transfer Level

Fault Attacks on Access Control in Processors: Threat, Formal Analysis and Microarchitectural Mitigation

Contact Info

Product

Resources

About