A Formal Approach to Confidentiality Verification in SoCs at the Register Transfer Level

Müller, Jan; Fadiheh, Mohammad Rahmani; Antón, Anna Lena Duque; Eisenbarth, Thomas; Stoffel, Dominik; Kunz, Wolfgang

doi:10.1109/dac18074.2021.9586248

Cited by 8 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Ariane v4.1.2, a 64-bit in-order CPU featuring a 6-stage pipeline with out-of-order write-back, scoreboarding and virtual memory management. The PMP bugs in RI5CY described in [27] compromise not only functionality but also confidentiality and integrity. Therefore, we used a corrected version of the PMP for our experiments.…”

Section: Methodsmentioning

confidence: 99%

“…The properties and methods presented in this paper can accommodate multiple privilege levels and can be extended to multiple threads. Furthermore, while this paper focuses on cores, our methods can be scaled to entire Systems-on-Chip (SoCs) in a similar way as [27] demonstrates for confidentiality.…”

Section: B Threat Modelmentioning

confidence: 99%

“…This includes an innovative technique to evaluate the threat of illegal privilege escalation. Together with an existing technique for proving confidentiality [27], the proposed property set forms an exhaustive processor verification framework for access control at the RTL.…”

Section: Contributionsmentioning

confidence: 99%

“…Instead, it covers all possible configurations of the memory protection mechanisms. This exhaustive coverage is guaranteed by the symbolic configuration models introduced in [27], which we employ in this work. The past() operator refers to signal values in the clock cycle preceding the current one.…”

Section: ) Memory and Register Protectionmentioning

confidence: 99%

See 3 more Smart Citations

Fault Attacks on Access Control in Processors: Threat, Formal Analysis and Microarchitectural Mitigation

et al. 2023

Self Cite

View full text Add to dashboard Cite

Process isolation is a key component of the security architecture in any hardware/software system. However, even when implemented correctly and comprehensively at the software (SW) level, process isolation may be compromised by weaknesses of the hardware (HW). Therefore, at the HW level, an exhaustive verification is desirable which provides the needed formal guarantees ensuring the confidentiality and integrity of the microarchitecture. The situation is further exacerbated if the attacker is able to inject faults, a threat requiring additional attention in formal security analysis. In this paper, we consider a threat model where the attacker is able to inject faults and, at the same time, execute user-level programs. We show that this poses a severe security threat even in systems which have been hardened against fault attacks for specific, security-critical system software. For protection against this threat, we present an exhaustive formal verification methodology that provides security guarantees for access control in processors, and demonstrate how such guarantees are sustained in the presence of fault injection. Guaranteeing correct and robust access control is crucial since it is the basis for process isolation in hardware. The proposed approach implicitly models all possible single and multiple bit flips as well as all stuck-at faults. We leverage the results of our formal analysis to augment the system with protection mechanisms that guarantee security w.r.t. the considered threat model. At the example of several open source RISC-V processors, we demonstrate both the scalability of our formal analysis and the efficiency of the generated defenses.INDEX TERMS Access control, computer security, electronic design automation and methodology, formal verification.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: B Threat Modelmentioning

confidence: 99%

Section: Contributionsmentioning

confidence: 99%

Section: ) Memory and Register Protectionmentioning

confidence: 99%

See 2 more Smart Citations

Fault Attacks on Access Control in Processors: Threat, Formal Analysis and Microarchitectural Mitigation

et al. 2023

Self Cite

View full text Add to dashboard Cite

show abstract

“…We describe each step in more detail in the following subsections. We base our work on a methodology called Unique Program Execution Checking (UPEC) [34], [35]. UPEC utilizes IPC [32], [33] and a 2-safety model to systematically and exhaustively trace the propagation of confidential information through the system.…”

Section: Methodsmentioning

confidence: 99%

Towards a formally verified hardware root-of-trust for data-oblivious computing

Deutschmann

Müller

Fadiheh

et al. 2022

Proceedings of the 59th ACM/IEEE Design Automation Conference

View full text Add to dashboard Cite

The importance of preventing microarchitectural timing side channels in security-critical applications has surged in recent years. Constant-time programming has emerged as a best-practice technique for preventing the leakage of secret information through timing. It is based on the assumption that the timing of certain basic machine instructions is independent of their respective input data. However, whether or not an instruction satisfies this data-independent timing criterion varies between individual processor microarchitectures.In this paper, we propose a novel methodology to formally verify data-oblivious behavior in hardware using standard property checking techniques. The proposed methodology is based on an inductive property that enables scalability even to complex outof-order cores. We show that proving this inductive property is sufficient to exhaustively verify data-obliviousness at the microarchitectural level. In addition, the paper discusses several techniques that can be used to make the verification process easier and faster.We demonstrate the feasibility of the proposed methodology through case studies on several open-source designs. One case study uncovered a data-dependent timing violation in the extensively verified and highly secure IBEX RISC-V core. In addition to several hardware accelerators and in-order processors, our experiments also include RISC-V BOOM, a complex out-of-order processor, highlighting the scalability of the approach.

show abstract

Invulnerability invariants for software controlled speculation

Mathure,

Srinivasan,

Ponugoti

2024

Electronics Letters

View full text Add to dashboard Cite

Spectre class of transient execution security attacks on modern microprocessors rely on speculative execution. Software Controlled Speculation (SCS) was proposed as a microarchitecture‐level defense in the original Spectre paper and has also been adopted by ARM. The idea with SCS is to allow a mode in the microarchitecture, where instructions that read from memory are not allowed to execute speculatively. Errors or malicious fault‐injections in the implementation of SCS can still render the microarchitecture vulnerable to Spectre attacks. A formal verification method is proposed that can check the correctness of the implementation of SCS and detect any faults. The method has been demonstrated to be very efficient on two sets of benchmarks and provides accurate detection of implementation faults in SCS.

show abstract

A Formal Approach to Confidentiality Verification in SoCs at the Register Transfer Level

Cited by 8 publications

References 11 publications

Fault Attacks on Access Control in Processors: Threat, Formal Analysis and Microarchitectural Mitigation

Fault Attacks on Access Control in Processors: Threat, Formal Analysis and Microarchitectural Mitigation

Towards a formally verified hardware root-of-trust for data-oblivious computing

Invulnerability invariants for software controlled speculation

Contact Info

Product

Resources

About