Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Syst 2017
DOI: 10.1145/3037697.3037734
|View full text |Cite
|
Sign up to set email alerts
|

Identifying Security Critical Properties for the Dynamic Verification of a Processor

Abstract: We present a methodology for identifying security critical properties for use in the dynamic verification of a processor. Such verification has been shown to be an effective way to prevent exploits of vulnerabilities in the processor, given a meaningful set of security properties. We use known processor errata to establish an initial set of security-critical invariants of the processor. We then use machine learning to infer an additional set of invariants that are not tied to any particular, known vulnerabilit… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
29
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
3
3
2

Relationship

2
6

Authors

Journals

citations
Cited by 26 publications
(29 citation statements)
references
References 22 publications
0
29
0
Order By: Relevance
“…This method of SCCI is semi-autonomous, as it requires the classifier model be pre-trained with either existing published errata on previous versions of the hardware design, or using manual identification. While we perform manual SCCI, results reported by Zhang et al [44] suggest that their tool would result in a similar set of root securitycritical signals.…”
Section: A Nemomentioning
confidence: 82%
See 2 more Smart Citations
“…This method of SCCI is semi-autonomous, as it requires the classifier model be pre-trained with either existing published errata on previous versions of the hardware design, or using manual identification. While we perform manual SCCI, results reported by Zhang et al [44] suggest that their tool would result in a similar set of root securitycritical signals.…”
Section: A Nemomentioning
confidence: 82%
“…Nemo takes as input a Verilog netlist and automatically identifies security-critical nets in the post-PaR netlist HDL, which it outputs in the form of a Graphviz dot file. Similar to prior work [42]- [44], Nemo assumes that a unique signal name prefix (within the RTL HDL) has been appended to various signals considered "security-critical". We make this assumption since determining what signals are "security critical" requires contextual knowledge of how the design will be used.…”
Section: A Nemomentioning
confidence: 99%
See 1 more Smart Citation
“…In subsequent work, one of the authors has developed a semiautomated method for learning new security properties using information gleaned from known exploitable bugs 8 ; and demonstrated that properties developed for one RISC processor may be suitable for use, after some translation, on a second RISC processor, even across architectures. 9 However, the development of security-critical properties for use with FinalFilter or any property-based verification method is still in its infancy and more research is needed.…”
Section: Using Finalfiltermentioning
confidence: 99%
“…We present Transys, a tool that takes in a set of security critical properties developed for one hardware design and translates those properties to a form that is appropriate for a second design. The insight that led to this work is the recent research into security specification development and security validation tools, which uses properties developed for one processor design in order to evaluate the proposed methodology on a second design [5], [6], [7]. The properties must be translated manually, and this process is mentioned only in passing, but it suggests that the properties crafted for one processor design can be made suitable for a second design.…”
Section: Introductionmentioning
confidence: 99%