Xige ZHANG,ZHU Jiacheng,MA Jun,SHEN Lixiang,ZHOU Jiahui,MU Dejun,Jiacheng ZHU,Jun MA,Lixiang SHEN,Jiahui ZHOU,Dejun MU

DOI: https://doi.org/10.1051/jnwpu/20244210092

2024-02-01

Xibei Gongye Daxue Xuebao/Journal of Northwestern Polytechnical University

Abstract:Large scale integrate circuits is facing serious threat such as design vulnerabilities, side channels, and hardware Trojans. Traditional functional verification method is difficult to ensure high test coverage, and it is also difficult to detect security vulnerabilities such as side channels and stealthy hardware Trojans. Formal verification methods focus on the equivalence and functional correctness of design, and are difficult to meet security and reliability verification needs. The present work proposes a hardware security and reliability verification method from formal model. The present method can develop formal models for describing the security and reliability behaviour of hardware designs. It can detect potential security vulnerabilities in hardware designs. Experimental results show that the verification method is effective in detecting sensitive information leakage and modification caused by side channels and hardware Trojans.

Luwei Cai,Fu Song,Taolue Chen

DOI: https://doi.org/10.48550/arXiv.2402.13506

2024-02-21

Abstract:Timing side-channel attacks exploit secret-dependent execution time to fully or partially recover secrets of cryptographic implementations, posing a severe threat to software security. Constant-time programming discipline is an effective software-based countermeasure against timing side-channel attacks, but developing constant-time implementations turns out to be challenging and error-prone. Current verification approaches/tools suffer from scalability and precision issues when applied to production software in practice. In this paper, we put forward practical verification approaches based on a novel synergy of taint analysis and safety verification of self-composed programs. Specifically, we first use an IFDS-based lightweight taint analysis to prove that a large number of potential (timing) side-channel sources do not actually leak secrets. We then resort to a precise taint analysis and a safety verification approach to determine whether the remaining potential side-channel sources can actually leak secrets. These include novel constructions of taint-directed semi-cross-product of the original program and its Boolean abstraction, and a taint-directed self-composition of the program. Our approach is implemented as a cross-platform and fully automated tool CT-Prover. The experiments confirm its efficiency and effectiveness in verifying real-world benchmarks from modern cryptographic and SSL/TLS libraries. In particular, CT-Prover identify new, confirmed vulnerabilities of open-source SSL libraries (e.g., Mbed SSL, BearSSL) and significantly outperforms the state-of-the-art tools.

Cryptography and Security,Software Engineering

Johannes Müller,Anna Lena Duque Antón,Lucas Deutschmann,Dino Mehmedagić,Cristiano Rodrigues,Daniel Oliveira,Keerthikumara Devarajegowda,Mohammad Rahmani Fadiheh,Sandro Pinto,Dominik Stoffel,Wolfgang Kunz

DOI: https://doi.org/10.1145/3649329.3656541

2024-07-18

Abstract:Microarchitectural timing side channels have been thoroughly investigated as a security threat in hardware designs featuring shared buffers (e.g., caches) or parallelism between attacker and victim task execution. However, contradicting common intuitions, recent activities demonstrate that this threat is real even in microcontroller SoCs without such features. In this paper, we describe SoC-wide timing side channels previously neglected by security analysis and present a new formal method to close this gap. In a case study on the RISC-V Pulpissimo SoC, our method detected a vulnerability to a previously unknown attack variant that allows an attacker to obtain information about a victim's memory access behavior. After implementing a conservative fix, we were able to verify that the SoC is now secure w.r.t. the considered class of timing side channels.

Cryptography and Security

Meng Wu,Shengjian Guo,Patrick Schaumont,Chao Wang

DOI: https://doi.org/10.48550/arXiv.1806.02444

2018-07-22

Abstract:We propose a method, based on program analysis and transformation, for eliminating timing side channels in software code that implements security-critical applications. Our method takes as input the original program together with a list of secret variables (e.g., cryptographic keys, security tokens, or passwords) and returns the transformed program as output. The transformed program is guaranteed to be functionally equivalent to the original program and free of both instruction- and cache-timing side channels. Specifically, we ensure that the number of CPU cycles taken to execute any path is independent of the secret data, and the cache behavior of memory accesses, in terms of hits and misses, is independent of the secret data. We have implemented our method in LLVM and validated its effectiveness on a large set of applications, which are cryptographic libraries with 19,708 lines of C/C++ code in total. Our experiments show the method is both scalable for real applications and effective in eliminating timing side channels.

Cryptography and Security,Programming Languages,Software Engineering

Peter Hui,Satish Chikkagoudar

DOI: https://doi.org/10.4204/EPTCS.105.4

2013-01-01

Abstract:The imposition of real-time constraints on a parallel computing environment- specifically high-performance, cluster-computing systems- introduces a variety of challenges with respect to the formal verification of the system's timing properties. In this paper, we briefly motivate the need for such a system, and we introduce an automaton-based method for performing such formal verification. We define the concept of a consistent parallel timing system: a hybrid system consisting of a set of timed automata (specifically, timed Buchi automata as well as a timed variant of standard finite automata), intended to model the timing properties of a well-behaved real-time parallel system. Finally, we give a brief case study to demonstrate the concepts in the paper: a parallel matrix multiplication kernel which operates within provable upper time bounds. We give the algorithm used, a corresponding consistent parallel timing system, and empirical results showing that the system operates under the specified timing constraints.

Logic in Computer Science,Distributed, Parallel, and Cluster Computing

YUE Hua-wei,YI Bo

DOI: https://doi.org/10.3969/j.issn.1004-3365.2007.05.006

2007-01-01

Abstract:As the scale and complexity of systems increase,design verification has become a significant challenge for ASIC design.Formal model check has received more and more attention due to its completeness of verification.However,the conventional formal model check is not applicable for multi-clock design.In this paper,a virtual clock was used to replace the original multi-clock,and the original design and computation tree logic(CTL) were modified,so that the formal model check can be used directly for verification.Finally,the complexity of modified design was analyzed.

Bing Li,Ning Chen,Yang Xu,Ulf Schlichtmann

DOI: https://doi.org/10.48550/arXiv.1705.04981

2017-05-14

Hardware Architecture

Abstract:In this paper, we investigate the challenges to apply Statistical Static Timing Analysis (SSTA) in hierarchical design flow, where modules supplied by IP vendors are used to hide design details for IP protection and to reduce the complexity of design and verification. For the three basic circuit types, combinational, flip-flop-based and latch-controlled, we propose methods to extract timing models which contain interfacing as well as compressed internal constraints. Using these compact timing models the runtime of full-chip timing analysis can be reduced, while circuit details from IP vendors are not exposed. We also propose a method to reconstruct the correlation between modules during full-chip timing analysis. This correlation can not be incorporated into timing models because it depends on the layout of the corresponding modules in the chip. In addition, we investigate how to apply the extracted timing models with the reconstructed correlation to evaluate the performance of the complete design. Experiments demonstrate that using the extracted timing models and reconstructed correlation full-chip timing analysis can be several times faster than applying the flattened circuit directly, while the accuracy of statistical timing analysis is still well maintained.

Weijiang Hong,M. Saqib Nawaz,Xiyue Zhang,Yi Li,Meng Sun

DOI: https://doi.org/10.1007/978-3-319-74781-1_37

2017-01-01

Abstract:Formal modeling and verification of connectors in component-based software systems are getting more interest with recent advancements and evolution in modern software systems. In this paper, we use the proof assistant Coq for modeling and verification of timed connectors. We first present the definition of timed channels and the composition operators for constructing timed connectors in Coq. Basic timed channels are interpreted as axioms and inference rules are used for the specification of composition operators. Furthermore, timed connectors being built by composing basic timed/untimed channels, are defined as logical predicates which describe the relations between inputs and outputs. Within this framework, timed connector properties can be naturally formalized and proved in Coq.

Wei Hu,Beibei Li,Lingjuan Wu,Yiwei Li,Xuefei Li,Liang Hong

2023-11-21

Abstract:Third-party intellectual property cores are essential building blocks of modern system-on-chip and integrated circuit designs. However, these design components usually come from vendors of different trust levels and may contain undocumented design functionality. Distinguishing such stealthy lightweight malicious design modification can be a challenging task due to the lack of a golden reference. In this work, we make a step towards design for assurance by developing a method for identifying and preventing hardware Trojans, employing functional verification tools and languages familiar to hardware designers. We dump synthesized design netlist mapped to a field programmable gate array technology library and perform switching as well as coverage analysis at the granularity of look-up-tables (LUTs) in order to identify specious signals and cells. We automatically extract and formally prove properties related to switching and coverage, which allows us to retrieve Trojan trigger condition. We further provide a solution to preventing Trojan from activation by reconfiguring the confirmed malicious LUTs. Experimental results have demonstrated that our method can detect and mitigate Trust-Hub as well as recently reported don't care Trojans.

Cryptography and Security

Dejian Li,Qizhi Zhang,Dongyan Zhao,Lei Li,Jiaji He,Yidong Yuan,Yiqiang Zhao

DOI: https://doi.org/10.3390/electronics11172649

IF: 2.9

2022-01-01

Electronics

Abstract:Hardware Trojans refer to additional logic maliciously implanted by attackers in integrated circuits (ICs). Because of the potential security threat of hardware Trojans, they have attracted extensive attention to security issues. As a formal verification method, property checking has been proved to be a powerful solution for hardware Trojan detection. However, existing property-checking methods are limited by the unity of security properties and the model explosion problem of formal models. The limitations above hinder the practical applications of these methods. To alleviate these challenges, we propose an effective property-checking method for hardware Trojan detection. Specifically, we establish the formal model based on the principle of finite state machine (FSM), and the method can alleviate the model explosion problem. For property writing, we extract the core behavior characteristics of hardware Trojans and then generate properties for the verification of certain types of hardware Trojans. Experimental results demonstrate that our approach is applicable to detect information leakage and denial of service (DoS) hardware Trojans by verifying security properties.

Li Li,Jun Sun,Yang Liu,Meng Sun,Jin Song Dong

DOI: https://doi.org/10.1109/TSE.2017.2712621

IF: 7.4

2018-01-01

IEEE Transactions on Software Engineering

Abstract:Nowadays, protocols often use time to provide better security. For instance, critical credentials are often associated with expiry dates in system designs. However, using time correctly in protocol design is challenging, due to the lack of time related formal specification and verification techniques. Thus, we propose a comprehensive analysis framework to formally specify as well as automatically ...

Klaus v. Gleissenthall,Rami Gökhan Kıcı,Deian Stefan,Ranjit Jhala

DOI: https://doi.org/10.48550/arXiv.1910.03111

2019-10-08

Abstract:To be secure, cryptographic algorithms crucially rely on the underlying hardware to avoid inadvertent leakage of secrets through timing side channels. Unfortunately, such timing channels are ubiquitous in modern hardware, due to its labyrinthine fast-paths and optimizations. A promising way to avoid timing vulnerabilities is to devise --- and verify --- conditions under which a hardware design is free of timing variability, i.e., executes in constant-time. In this paper, we present Iodine: a clock precise, constant-time approach to eliminating timing side channels in hardware. Iodine succeeds in verifying various open source hardware designs in seconds and with little developer effort. Iodine also discovered two constant-time violations: one in a floating-point unit and another one in an RSA encryption module.

Cryptography and Security

Yao Hsiao,Nikos Nikoleris,Artem Khyzha,Dominic P. Mulligan,Gustavo Petri,Christopher W. Fletcher,Caroline Trippel

2024-09-29

Abstract:The Check tools automate formal memory consistency model and security verification of processors by analyzing abstract models of microarchitectures, called $\mu$SPEC models. Despite the efficacy of this approach, a verification gap between $\mu$SPEC models, which must be manually written, and RTL limits the Check tools' broad adoption. Our prior work, called RTL2$\mu$SPEC, narrows this gap by automatically synthesizing formally verified $\mu$SPEC models from SystemVerilog implementations of simple processors. But, RTL2$\mu$SPEC assumes input designs where an instruction (e.g., a load) cannot exhibit more than one microarchitectural execution path ($\mu$PATH, e.g., a cache hit or miss path) -- its single-execution-path assumption. In this paper, we first propose an automated approach and tool, called RTL2M$\mu$PATH, that resolves RTL2$\mu$SPEC's single-execution-path assumption. Given a SystemVerilog processor design, instruction encodings, and modest design metadata, RTL2M$\mu$PATH finds a complete set of formally verified $\mu$PATHs for each instruction. Next, we make an important observation: an instruction that can exhibit more than one $\mu$PATH strongly indicates the presence of a microarchitectural side channel in the input design. Based on this observation, we then propose an automated approach and tool, called SynthLC, that extends RTL2M$\mu$PATH with a symbolic information flow analysis to support synthesizing a variety of formally verified leakage contracts from SystemVerilog processor designs. Leakage contracts are foundational to state-of-the-art defenses against hardware side-channel attacks. SynthLC is the first automated methodology for formally verifying hardware adherence to them.

Cryptography and Security,Hardware Architecture

Ka Lok Man

2007-01-01

Abstract:Timed Chi (χ) is a timed process algebra, designed for modelling, simulation, verification and real-time control. Its application domain consists of large and complex manufacturing systems. The straightforward syntax and semantics is also highly suited to architects, engineers and researchers from the hardware design community. Since timed Chi is a well-developed algebraic theory from the field of process algebras with timing, we have the idea that timed Chi is also well-suited for addressing various aspects of hardware systems (discrete-time systems by nature). To show that timed Chi is useful for formal specification and analysis of hardware systems and our idea is correct, we illustrate the use of timed Chi with some benchmark examples of hardware systems: a multiplexer (MUX), a D flip-flop, an asynchronous arbiter and a simple arbiter (with assertion).

Xiaoying Bai,Ming Wang,Hao Lu,Weitek Tsai

2012-01-01

Abstract:A systematic approach for modeling and verifying timing constraints was developed to ensure timing constraints in the real-time systems. The approach defines the basic time concepts and gives a timing constraint model based on the simple temporal problem-improved (STP-I) method. A verification algorithm is given for consistence checking of the constraint graph model using a constraint resolver. A transformation mechanism is also given to transform complex timing constraints to basic expressions. A case study of a real-time data process unit (DPU) system illustrates the approach. This approach gives a more systematic analysis of typical fault models for real-time systems than existing designs, hence it can model the constraints more accurately using the concepts of time points and time intervals that facilitate effective time defect detection.

Ka Lok Man

2010-01-01

Abstract:Timed Chi (chi) is a timed process algebra, designed for Modeling; simulation, verification and real-time control. Its application domain consists of large and complex manufacturing systems. The straightforward syntax and semantics are also highly suited to architects, engineers and researchers from the hardware design community. There are many different tools for timed Chi that support the analysis and manipulation of timed Chi specifications; and such tools are the results of software engineering research with a very strong foundation in formal theories/methods. Since timed Chi is a well-developed algebraic theory from the field of process algebras with timing, we have the idea that timed Chi is also well-suited for addressing various aspects of hardware systems (discrete-time systems by nature). To show that timed Chi is useful for the formal specification and analysis of hardware systems, we illustrate the use of timed Chi with several benchmark examples of hardware systems.

K. L. Man

2008-01-01

Abstract:The ability of unambiguously specifying (in a mathematical sense) and rigorously analysing timing properties/constraints is fundamental to design correct hardware systems. Formalisms in which hardware behaviour and timing properties can be precisely captured is a mandatory prerequisite for designing correct hardware systems (discrete-time systems by nature). Timed process algebras are such formalisms. To show that timed process algebras are useful for formal specification and analysis of hardware systems, in this paper, we illustrate the use of a timed process algebra called timed Chi (χ) with several benchmark examples of hardware systems. Key–Words: Formal languages, Formal semantics, Process algebras, Real-time systems, Formal specification and analysis, Hardware systems

Shixuan Zhang,Haixia Wang,Pengfei Qiu,Yongqiang Lyu,Hongpeng Wang,Dongsheng Wang

DOI: https://doi.org/10.1109/tifs.2024.3452002

IF: 7.231

2024-09-14

IEEE Transactions on Information Forensics and Security

Abstract:Recent research has unveiled numerous cache-timing side-channel attacks exploiting the side effects of fine-grained cache features, such as coherence protocol and prefetch, among others. Traditional modeling methods and verification techniques are insufficient for verifying caches with fine-grained features and detecting cache timing vulnerabilities. There is a necessity for comprehensive verification of such complex cache designs. This paper presents SCAFinder, a verification framework targeting the cache designs with fine-grained features; it identifies cache side-channel attacks through model checking techniques. Specifically, it proposes a modeling methodology for cache designs that enables us to abstract the cache's behavior and latency characteristics. We implement a search algorithm for finding all counterexamples based on open-source model checking software. Subsequently, we add an attack scenario analysis module to discover attacks applicable to specific scenarios. We evaluate SCAFinder on Intel Skylake-X microarchitecture, demonstrating its capability to generate 7 new attack sequences exploiting coherence protocol and prefetch, and 12 new replacement policy-based side channels. As a case study, we successfully built a covert channel for one of the sequences on the real-world processor. To the best of our knowledge, we are the first to implement cross-core replacement policy-based attacks on non-inclusive caches.

computer science, theory & methods,engineering, electrical & electronic

冯毅,易江芳,刘丹,佟冬,程旭

DOI: https://doi.org/10.3321/j.issn:0372-2112.2008.05.010

2008-01-01

Abstract:Traditional approach in RTL verification cannot completely verify the clock domain crossing(CDC) design of SoC.To solve this problem,we first propose a RTL module to model the actual effect of metastability.Then,linear temporal logic is proposed to model the specification of CDC designs.To solve the exponential problem in model checking,based on the characteristic of CDC designs,a strategy on input signal partition for the state transition's characteristic function and a strategy on induction are proposed.Experiment results demonstrate that our method is useful to find CDC errors in the RTL verification stage and the verification time is approximately reduced from exponential to polynomial increased with the register size.

Ke Jiang,Tianwei Zhang,David Sanán,Yongwang Zhao,Yang Liu

DOI: https://doi.org/10.1007/978-3-031-17244-1_12

2022-01-01

Abstract:Security-aware CPU caches have been designed to mitigate side-channel attacks and prevent information leakage. How to validate the effectiveness of these designs remains an unsolved problem. Prior works assess the security of architectures empirically without a formal guarantee, making the evaluation results less convincing. In this paper, we propose a comprehensive methodology based on formal methods for security verification of cache architectures. Specifically, we design an entropy-based noninterference reasoning framework with two unwinding conditions to assess the information leakage of the cache designs. The reasoning framework quantifies the dependency relationships by the mutual information between the distributions of input and output of side channels. Given a cache design, we formalize its behavior specification along with the cache layouts into an abstract state machine, to instantiate the parameterized reasoning framework that discloses any potential vulnerabilities. We use our methodology to assess eight state-of-the-art cache architectures to demonstrate reliability as well as flexibility.