Boosting interpolation with dynamic localized abstraction and redundancy removal

2016 International Conference on Development and Application Systems (DAS)

Camurati

Finocchiaro

et al. 2016

Nowadays embedded devices collect various kinds of information and provide it to communication networks for further processing. These devices often provide critical functionalities that could be exploited by malicious parties. Using formal techniques is a natural way to increase the confidence in the overall embedded system security. However, the major research focus is on verifying only the correctness of encryption algorithms and their implementation in software and hardware and not the whole security process. Following novel research studies, many security requirements of an embedded architecture can be specified as Taint Properties, expressing properties related to information flow and access control. In this paper we define Taint Properties as a way to find out whether there is a path from src to dest, where src is an RTL signal seeded with the Taint and dest is a signal not to be reached by the Taint in order to satisfy the security requirements. In our scenario a Taint is an untrusted code following an illegal path from src to dest. We present a systematic approach to formalize generic security requirements, referring to a model abstraction, and their related Taint Properties of an embedded architecture. First, we present our model abstraction of two selected embedded secure architectures, then we define a portfolio of Taint Properties to verify key secrecy, isolation, attestation, confidentiality and availability features. We finally perform verification of previously defined formal security properties, hence presenting results on two selected embedded architectures proving the effectiveness of our approach.

Section: B Verification Strategiesmentioning

confidence: 99%

Secure embedded architectures: Taint properties verification

2016 International Conference on Development and Application Systems (DAS)

Camurati

Finocchiaro

et al. 2016

“…This work led us to consider 11 new engines, and enrich our portfolio, to finally include the following 36 methodologies: -9 BDD-based methods [12], i.e., forward, backward and forward/backward, with 3 MC schemes available for each method, based on different clustering and early quantification, insertion of cut-point, etc. -24 ITP-based [16] techniques, with different partitioning and quantification schemes [17][18][19][20][21] (6 base engines multiplied by 4 different running configurations). -2 SAT-based strategies (simple induction [14] and inductive invariants [15,22]).…”

Section: Portfolio Strategiesmentioning

confidence: 99%

“…-Interpolant-based verification, with ad-hoc abstraction and tightening techniques [18,19], integrated SAT-based approaches [20,21]. -Inductive reasoning (inductive invariants [22,30]) and symbolic manipulation of AndInvert Graphs (AIGs [31]), with circuit-based quantification [32].…”

Section: The Pdtrav Packagementioning

confidence: 99%

See 1 more Smart Citation

Benchmarking a model checker for algorithmic improvements and tuning for performance

Nocco

Quer

2011

Form Methods Syst Des

Self Cite

This paper describes a portfolio-based approach for model checking, i.e., an approach in which several model checking engines are orchestrated to reach the best possible performance on a broad and real set of designs. Model checking algorithms are evaluated through experiments, and experimental data inspire package tuning, as well as new algorithmic features and methodologies. This approach, albeit similar to several industrial and academic experiences, and already applied in other domains, is somehow new to the model checking field. Its contributions lie in the description of how we: (1) characterize and classify benchmarks in a dynamic way, throughout experimental runs, (2) relate model checking problems to algorithms and engines, (3) introduce a dynamic tuning of sub-engines, exploiting an on-the-fly performance analysis, (4) record results of different approaches, and sort out heuristics to target different classes of problems. We provide a detailed description of the experiments performed in preparation of the Model Checking Competition 2010, where PdTRAV, our academic verification tool, won the UNSAT division, while ranking second in the OVERALL category.

“…Whereas one of their major challenges is the inherent redundancy of interpolant circuits, as well as the need for fast and scalable techniques to compact them. Improvements over the base method [3] were proposed in [6][7][8][9] and [10,11], in order to push forward applicability and scalability of the technique.…”

mentioning

confidence: 99%

Optimization techniques for craig interpolant compaction in unbounded model checking

Loiacono

Vendraminetto

2015

Form Methods Syst Des

Self Cite

This paper addresses the problem of reducing the size of Craig interpolants generated within inner steps of SAT-based Unbounded Model Checking. Craig interpolants are obtained from refutation proofs of unsatisfiable SAT runs, in terms of and/or circuits of linear size, w.r.t. the proof. Existing techniques address proof reduction, whereas interpolant circuit compaction is typically considered as an implementation problem, tackled with standard logic synthesis techniques. We propose a three step interpolant computation process, specifically oriented to scalability, in which we: (1) exploit an existing technique to detect and remove redundancies in refutation proofs, (2) apply customized light weight combinational logic reductions (constant propagation, ODC-based simplifications, and BDD-based sweeping) directly on the proof graph data structure, (3) introduce an ad-hoc combinational reduction procedure for large interpolant circuits, based on the incrementality and divide-and-conquer paradigms. The main contributions of our approach are represented by the overall approach, the proposed combinational reduction technique, and a detailed experimental evaluation of the interpolant generation process, on a set of benchmarks from the Hardware Model Checking Competitions 2013 and 2014.