Formalizing, Verifying and Applying ISA Security Guarantees as Universal Contracts

Huyghebaert, Sander; Keuchel, Steven; De Roover, Coen; Devriese, Dominique

doi:10.1145/3576915.3616602

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security 2023

DOI: 10.1145/3576915.3616602

|View full text |Cite

Formalizing, Verifying and Applying ISA Security Guarantees as Universal Contracts

Sander Huyghebaert,

Steven Keuchel,

Coen De Roover

et al.

Abstract: Progress has recently been made on specifying instruction set architectures (ISAs) in executable formalisms rather than through prose. However, to date, those formal specifications are limited to the functional aspects of the ISA and do not cover its security guarantees. We present a novel, general method for formally specifying an ISA's security guarantees to (1) balance the needs of ISA implementations (hardware) and clients (software), ( 2) can be semiautomatically verified to hold for the ISA operational s… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article1

Relationship

Self Cite1

Independent0

Authors

Journals

Cited by 1 publication

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Cerise: Program Verification on a Capability Machine in the Presence of Untrusted Code

Georges,

Guéneau,

Van Strydonck

et al. 2024

J. ACM

Self Cite

View full text Add to dashboard Cite

A capability machine is a type of CPU allowing fine-grained privilege separation using capabilities , machine words that represent certain kinds of authority. We present a mathematical model and accompanying proof methods that can be used for formal verification of functional correctness of programs running on a capability machine, even when they invoke and are invoked by unknown (and possibly malicious) code. We use a program logic called Cerise for reasoning about known code, and an associated logical relation, for reasoning about unknown code. The logical relation formally captures the capability safety guarantees provided by the capability machine. The Cerise program logic, logical relation, and all the examples considered in the paper have been mechanized using the Iris program logic framework in the Coq proof assistant. The methodology we present underlies recent work of the authors on formal reasoning about capability machines [15, 33, 37], but was left somewhat implicit in those publications. In this paper we present a pedagogical introduction to the methodology, in a simpler setting (no exotic capabilities), and starting from minimal examples. We work our way up to new results about a heap-based calling convention and implementations of sophisticated object-capability patterns of the kind previously studied for high-level languages with object-capabilities, demonstrating that the methodology scales to such reasoning.

show abstract

Cerise: Program Verification on a Capability Machine in the Presence of Untrusted Code

Georges,

Guéneau,

Van Strydonck

et al. 2024

J. ACM

Self Cite

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Formalizing, Verifying and Applying ISA Security Guarantees as Universal Contracts

Cited by 1 publication

References 46 publications

Cerise: Program Verification on a Capability Machine in the Presence of Untrusted Code

Cerise: Program Verification on a Capability Machine in the Presence of Untrusted Code

Contact Info

Product

Resources

About