Hardware/Software Co-monitoring by Lei, Li et al.
Hardware/Software Co-monitoring
Li Lei∗, Kai Cong†, Zhenkun Yang∗, Bo Chen†, and Fei Xie†
∗ Intel Labs, Hillsboro, OR 97124
† Portland State University, Portland, OR 97207
Abstract—Hardware/Software (HW/SW) interfaces, mostly im-
plemented as devices and device drivers, are pervasive in var-
ious computer systems. Nowadays HW/SW interfaces typically
undergo intensive testing and validation before release, but they
are still unreliable and insecure when deployed together with
computer systems to end users. Escaped logic bugs, hardware
transient failures, and malicious exploits are prevalent in HW/SW
interactions, making the entire system vulnerable and unstable.
We present HW/SW co-monitoring, a runtime co-verification
approach to detecting failures and malicious exploits in device/-
driver interactions. Our approach utilizes a formal device model
(FDM), a transaction-level model derived from the device spec-
ification, to shadow the real device execution. Based on the co-
execution of the device and FDM, HW/SW co-monitoring carries
out two-tier runtime checking: (1) device checking checks if the
device behaviors conform to the FDM behaviors; (2) property
checking detects invalid driver commands issued to the device
by verifying system properties against driver/device interactions.
We have applied HW/SW co-monitoring to five widely-used
devices and their Linux drivers, discovering 9 real bugs and
vulnerabilities while introducing modest runtime overhead. The
results demonstrate the major potential of HW/SW co-monitoring
in improving system reliability and security.
I. INTRODUCTION
Computer systems, such as desktops/servers, smart phones,
and IoT devices, are pervasive and ever growing. Hardware/-
Software (HW/SW) interfaces, mostly implemented as devices
and device drivers, are central and critical to these systems.
For example, about 70% Linux kernel source code implements
device drivers and in the Windows kernel, there are even more
drivers as it supports more devices [1], [2]. Unfortunately
HW/SW interfaces are neither reliable nor secure. A majority
of system failures are caused by errors in HW/SW interfaces:
85% of Android kernel (a close fork of Linux kernel) bugs/vul-
nerabilities are from drivers [3]; studies on Windows support a
similar conclusion [4]. Nowadays assuring the dependability of
devices/drivers mainly relies on intensive testing and validation
before they are released with computer systems.
Although effective validation can largely improve the qual-
ity of devices and drivers, HW/SW interfaces are still facing
serious threats after they are deployed to end users. Generally,
there are three major categories of threats at the deployment
stage. First, validation cannot discover all the bugs in devices
and drivers due to limited amount of time and depth of
testing. The uncovered bugs can cause failures over HW/SW
interactions at runtime. Second, hardware transient failures
are common, particularly in IoT devices and when they are
operating under extreme circumstances that were not simulated
at the validation stage. Third, recently software malware
as well as hardware Trojans have seen significant growth.
HW/SW interfaces are vulnerable to the malicious exploits
from both hardware and software.
Given the ubiquity and seriousness of such problems, it is
critical to develop systematic methods to validate HW/SW in-
terfaces at runtime even after they are released with computer
systems. However, the state-of-the-art validation techniques
cannot be directly applied at the deployment stage. There
are three major challenges. First, testing devices and drivers
separately is not sufficient as device/driver interactions are
often missed. Second, existing co-verification approaches [5]
operate against hardware models rather than the real hardware
devices which runtime validation needs to deal with. There is
a non-trivial gap between hardware models and real devices.
Third, hardware devices have limited observability, causing
difficulties for runtime co-verification. The techniques used
at the validation stage, such as on-chip monitor [6], [7], in-
strumentation [8], [9], [10], are impractical at the deployment
stage due to their heavy weight and intrusive nature.
We present HW/SW co-monitoring, a runtime co-
verification approach to detecting bugs, failures, and mali-
cious exploits over HW/SW interactions. The foundation of
our approach is a Formal Device Model (FDM) which is a
transaction-level, executable model derived from the device
and driver specifications. HW/SW co-monitoring is based on
the co-execution of the FDM and device where the FDM
shadows the device execution, as shown in Figure 1. With
the co-execution, our approach entails three major techniques
to realize runtime HW/SW co-verification:
• Concolic execution of the FDM and driver where the
driver is running concretely while the FDM is executed
symbolically;
• Runtime detection of divergence between the device and
the FDM, namely device checking;
• Runtime verification of system properties against the
device/driver interaction indirectly over the FDM/driver
concolic execution trace.
This approach addresses the three challenges mentioned
above. First, the device and the driver are verified together
through the driver/FDM composition with concolic execution.
Second, the FDM shadows the device execution with device
checking such that the FDM execution reflects the real device
behaviors, bridging the gap between the verification model and
the real device. Third, the FDM is executed symbolically while
the device internal states are modeled as symbolic values in the
FDM. As a result, the FDM execution explores all the possible
device internal behaviors, overcoming the limited observability
ar
X
iv
:1
90
5.
03
91
5v
1 
 [c
s.S
E]
  1
0 M
ay
 20
19
Device Driver
Hardware Device
HW/SW 
Interface
OS
Device 
Specification
Interface
Specification
System
Property
Runtime Verification
Properties+
Formal Device 
Models (FDM)
Model
GenerationEvents
Runtime Verification
Driver
Specification
Fig. 1: HW/SW co-monitoring of device and driver
of the device. HW/SW co-monitoring provides a unified solu-
tion for detecting and analyzing HW/SW interface defects. By
efficiently monitoring the device, the driver, and their interface,
it can discover defects across HW/SW interfaces, ranging from
hardware transient errors to driver bugs to malicious exploits.
We evaluated our approach on five hardware devices and
their Linux drivers. It detected 9 real bugs in both devices
and drivers. The overhead is modest: CPU and memory usage
increase to 1.2x - 1.6x and 1.1x - 1.4x respecively. The results
demonstrate that hardware/software co-monitoring has major
potential in improving system reliability and security.
In summary, this paper makes three key contributions:
• We propose HW/SW co-monitoring, the first approach to
runtime HW/SW co-verification for detecting failures and
malicious exploits over HW/SW interfaces
• HW/SW co-monitoring integrates several techniques, de-
vice checking, concolic execution etc., to resolve the
key difficulties of applying HW/SW co-verification tech-
niques at runtime
• Our approach is able to detect real bugs in commercial
device and driver products at the deployment stage
Outline. The rest of the paper is organized as follows. Sec-
tion II presents background concepts. Section III overviews
the design and implementation of HW/SW co-monitoring.
Section IV discuss the threat model and how our approach
can be applied to detect malicious exploits. Section V and
Section VI show the evaluation results and related work.
Section VII concludes and discusses future work.
II. BACKGROUND
This section presents three concepts that are foundational to
our approach: (1) Formal Device Model (FDM), which we use
as reference models to monitor hardware devices; (2) symbolic
execution, which we use to explore possible FDM behaviors
at runtime.
A. Formal Device Model (FDM)
A FDM, proposed by previous work (reference removed for
double blind review), is a transaction-level model, specifying
HW/SW interfaces and hardware functionalities. It is derived
from the device specification and written in a restricted subset
of the C language with two key extensions: transaction and
non-determinism.
• Transaction. A FDM focuses on the design logic rather
than the implementation details of HW/SW interfaces
and hardware functionalities. For example, a data-transfer
command is usually processed in multiple clock cycles;
however, from the perspective of the software, it is only
necessary to describe this command as one hardware state
transition. We define a hardware transaction as a hardware
state transition in an arbitrarily long but finite sequence
of clock cycles. Hardware transactions are atomic from
the viewpoint of software.
• Non-determinism. Hardware devices are concurrent in
nature. For example, a network adapter processes driver
requests and receives data concurrently. A FDM models
this concurrency by using a technique, namely non-
deterministic interleaving. Non-deterministic interleaving
schedules the concurrent modules (e.g., processing driver
requests, receiving data, etc.) with a non-deterministic
choice in a loop. While the loop is executed multiple
times, the modules are executed in a non-deterministic
sequence. The possible effects of hardware concurrency
can be captured by the set of hardware states after non-
deterministic many executions of the loop. For example, a
network adapter concurrently processing a driver request
and receiving a packet can be captured by either process-
ing a driver request followed by receiving a packet, or
invoking two modules in the reverse order.
Driver HW/SW Interface
Hardware
Model
Formal Device Model
Fig. 2: Structure of FDM with its driver
As Figure 2 shows, a FDM has two components: HW/SW
interface modeling the device/driver interactions and hardware
model specifying the device functionalities. We illustrate the
FDM by using Intel PRO/100 Ethernet adapter (EEPRO100)
as an example, which we will use as a running exam-
ple throughout the paper. As Figure 3 shows, the function
eepro100_reg_writel is a device interface transaction
function,, which simulates that the driver writes data to a
register of the device. Its parameters offset and value
specify the address of the register and the value written to the
register. The function run_device is an internal transaction
function with a non-deterministic choice choice_device to
schedule the concurrent modules. By invoking run_device
non-deterministic many times, the device concurrency is cap-
tured by the FDM.
2
void eepro100_reg_writel(uint32_t offset, uint32_t
value)
{
switch (offset){
case EEPRO100_CTRL:
eepro100_write_ctrl(value);
break;
case EEPRO100_MDIC:
eepro100_write_mdic (value);
break;
... ...
default:
break;
}
}
void run_device()
{
......
// Non-deterministic choice
switch(choice_device()){
case 1:
eepro100_run_command(s); break;
case 2:
eepro100_receive(nc, buf, size);
break;
......
}
}
Fig. 3: Excerpts from EEPRO100 FDM.
B. Symbolic Execution
Symbolic execution [11] executes a program with symbolic
values as inputs instead of concrete ones and represents the
values of program variables as symbolic expressions. Conse-
quently, the outputs computed by the program are expressed
as functions of input symbolic values. The symbolic state of a
program includes the symbolic values of program variables, a
path condition, and a program counter. The path condition is
a Boolean expression over the symbolic inputs; it accumulates
constraints which the inputs must satisfy for the symbolic
execution to follow the particular associated path. The program
counter points to the next statement to be executed. A symbolic
execution tree captures the paths explored by the symbolic
execution of a program: the nodes represent the symbolic
program states and the arcs represent the state transitions.
void foo(int a, int b) {
1: if ( a > 5)
2: b++;
3: else
4: b=b-1;
}
a: α,  b: β
TRUE
a: α,  b: β
α>5
1
a: α,  b: β
α<=5
a: α,  b: β+1
α>5
a: α,  b: β-1
α<=5
3
2 4
Fig. 4: Example of symbolic execution.
We use the program in Figure 4 to illustrate how symbolic
execution is conducted. At the entry, a and b have symbolic
values α and β, respectively, the path condition is TRUE, and
the program counter is 1. At the branching point, the path
condition is updated with conditions on the inputs to select
between the two alternative paths. At an assignment statement,
the symbolic value of the relevant variable is updated.
III. DESIGN AND IMPLEMENTATIONS
A. Overview
The HW/SW co-monitoring framework includes three com-
ponents: a wrapper driver, a symbolic execution environment
(SEE), and a property monitor (PM), shown in Figure 5. The
wrapper driver captures the device/driver interactions, includ-
ing the driver requests issued to the device and the device
interface states exposed to the driver. The SEE symbolically
executes the FDM by taking the driver request sequence as
inputs, realizing the co-execution with the device. With the
co-execution, the SEE conducts device checking to ensure that
the FDM shadows the device execution. The PM monitors
the device/driver interactions by enforcing system properties
which the device/driver interactions should follow.
Driver
Operating System
Device
Property Monitor
Wrapper Driver
Symbolic Execution 
Engine (SEE)
Formal Device 
Model
S2
S1
S4
S3
Device State Transitions
Driver Requests
Device Interface 
States
Driver Requests
Fig. 5: The architecture of HW/SW co-monitoring
Device Checking. Device checking detects the divergence
between the FDM and the device at runtime. SEE employs a
technique, conformance checking, which is originally applied
to check the conformance between a device and its virtual pro-
totype in previous work. We extend the conformance checking
to check the conformance between a device and its FDM. Non-
conformance between the FDM and device indicates the logic
errors or exploits occurring in the device interface. With the
conformance between the FDM and device, the FDM shadows
the device execution, exposing the device state transition to the
PM for property checking.
Property Checking. Property checking verifies if the device/-
driver interactions follow certain system properties. PM takes
the driver requests and the device state transitions exposed
through device checking as its inputs, checks if the enforced
properties are violated in the device state transitions under the
driver requests. A property violation typically indicates the
error or malicious exploits from the driver.
B. Preliminaries
Based on the notion of conformance checking over devices
and virtual prototypes proposed in previous work (reference
removed for double blind review), we define conformance
3
between the FDM and the device. A hardware device state is
composited by a set of interface state variables (e.g., registers)
denoted as RI and a set of internal state variables denoted as
RN . As a result, we define a device state as Definition 1. Since
at runtime the device internal state cannot be observed, we
assign symbolic values to the device internal state variables.
Definition 1: A device state is denoted as S = 〈SI , SN 〉
where SI is the assignments to variables in RI and SN is the
symbolic assignments to variables in RN .
Correspondingly, we define a FDM state following the same
structure of the device state as follows.
Definition 2: A FDM state is denoted as V = 〈VI , VN 〉
where VI is the device interface state, i.e., the assignments to
variables in RI and VN is the device internal state, i.e., the
assignments to variables in RN .
In device checking, the FDM always starts execution from
a same state as the device, then co-execution with the device
by taking the same sequence of driver requests. As a result,
in a FDM state, some internal variables in RN could have
symbolic values as well.
A concrete state is a state whose state variable values are
all concrete. A symbolic state is a state some of whose state
variable values are symbolic and there can be constraints on
these symbolic values. A symbolic state can be viewed as a
set of concrete states.
Both device and FDM states are symbolic values and they
can be viewed as a set of concrete states. We define the
conformance between a FDM state and the device state as
follows.
Definition 3 (State Conformance): A device state S con-
forms to a FDM state V if S ∩ V 6= ∅.
V and S represent all the possible concrete states that the
FDM and the device may have respectively. The condition S∩
V = ∅ indicates that the FDM state and the device state cannot
be the same, i.e., the device and FDM executions diverge at
runtime.
C. Wrapper Driver
The wrapper driver captures: (1) the driver request issued
to the device; (2) the device interface state before the driver
request issued. When the driver issues a new request, the
wrapper driver captures and sends such a state-request pair
to the SEE. We denote such a state-request pair as 〈SI , α〉
where SI is the device interface state and α is the current
driver request.
In practice, capturing device interface states has a challenge:
a peripheral device often has a large range of registers.
Capturing all the registers heavily degrades the system per-
formance, which is infeasible. To overcome this difficulty, we
employ a technique, register sampling, to selectively capture
the hardware interface registers.
Register Sampling. The interface state of the device can be
divided into two types of registers: (1) the registers engaged
with device normal functionalities; (2) reserved registers. The
size of the first class of registers is typically small while
the second is large. In HW/SW co-monitoring, the wrapper
driver need to capture both of them. The functional registers
are essential to simulate the device behaviors on the FDM
while the reserved registers are also interesting to us as they
can be used for defining abnormal behaviors and malicious
attacks. For example, the reserved registers can be used to
place the executable code for code injection attacks (see details
in Section IV-A2).
Our capturing method captures all the registers which are
essential to the device functionalities. To capture reserved
registers, we design a sampling method. It samples the re-
served registers rather than capturing all of them: from the
beginning to the end of the register range, it captures one
reserved register every few registers. This sampling method is
effective in detecting malicious exploits due to two reasons:
(1) for the attacks using a large range of reserved registers,
sampling can easily hit part of it; (2) for the attacks using a
smaller range, we increase the chance of detection by sliding
the sample windows every time we capture. The evaluation
shows that this method discovered several incorrect values of
reserved registers (see details in Section V-B).
D. Device Checking
In device checking, symbolic execution is used to enable
the co-execution of the FDM/device since the FDM has non-
deterministic choices and its internal variables assigned with
symbolic values. SEE symbolically executes the FDM while
continuously taking the state-request pairs from the wrapper
driver. Algorithm 1 presents the work flow of device checking.
It takes a FDMM as inputs and the functions in Algorithm 1
are described as follows.
Algorithm 1 Device Checking(M)
1: 〈SI , α〉 ← receive state request()
2: S ← construct device state(SI)
3: /*Initialize FDM state V to be device state S*/
4: V ← S
5: while α 6= NULL do
6: /*Symbolically execute FDM taking α at V state.*/
7: G← sym exec(M, V, α)
8: 〈S′I , α′〉 ← receive state request()
9: S′ ← construct device state(S′I)
10: H ← conformance check(G,S′)
11: if (H == ∅) then
12: report device error()
13: abort()
14: end if
15: V ′ ← construct next State(H)
16: V ← V ′
17: α← α′
18: end while
4
1) Receiving Requests. Function receive state request()
is invoked to wait for and receive a state-request pair
〈SI , α〉 from the wrapper driver.
2) Device State Construction. Given a device interface
state SI , based on Definition 1, construct device state
constructs a device state S = 〈SI , SN 〉 where state
variables in SN are assigned symbolic values.
3) Symbolic Execution. Function sym exec symbolically
executesM and generates a set of FDM states, denoted
as G.
4) Conformance Checking. Symbolic execution of M may
produce a set of FDM states G = {gi | 0 ≤ i ≤ n}.
The next device state received from the wrapper driver
is denoted as S′. Function conformance check checks
the conformance between the device and FDM. Defini-
tion 4 defines their conformance based on G and S′.
We explain the definition under Definition 4. Function
conformance check returns a subset of G, each FDM
state of which conforms to the device state, denoted as
H = {hi | 0 ≤ i ≤ m}.
5) Device Error Report. If H is empty, no conform-
ing FDM state is produced, i.e., the FDM does not
conform to the device at driver request α, function
report device error is invoked to record the device
error, including the FDM execution trace, the driver
request, and the state variables of the device, which are
not equal to the state variables of the FDM.
6) Next State Construction. If H is not empty, the FDM and
the device conform to each other at α. Based on H =
{hi | 0 ≤ i ≤ m}, function construct next State
constructs the next FDM state V ′ as follows: V ′ =
m⋃
i=1
(hi ∩ S′).
Definition 4 (Device Conformance): Given the set of FDM
states G={gi | 0 ≤ i ≤ n} and the device state S′, the device
conforms to the FDM at α if ∃gi ∈ G where 0 ≤ i ≤ n,
S′ ∩ gi 6= ∅.
The set G and the device state S′ represent all the possible
concrete states the FDM and the device can have after pro-
cessing α respectively. Thereby the empty intersection of G
and S′ indicates there is no possibility such that the device and
FDM have the same state. With the empty intersection, device
checking can ensure that the device and the FDM are divergent
at runtime. We essentially adopt a conservative strategy for
detecting device bugs, i.e., we pursue soundness rather than
completeness in our approach, as our monitoring framework
is deployed to the end users, which typically desires minimum
false positives.
E. Property Checking
Through device checking, the FDM shadows the device
execution and exposes the device state transitions to PM. PM
verifies if the enforced system properties hold over the device
state transitions triggered by the driver requests. A property
violation indicates the invalid or malformed driver inputs to
the device interface registers.
1) Co-verification with Properties: According to Sec-
tion III-D, under a single driver request, the FDM is symbol-
ically executed, exploring a set of FDM paths, each of which
can be represented by a sequence of device state transitions.
We denote the set of explored paths as P and the driver request
as α, Definition 5 defines when a property is violated during
device/driver interactions.
Definition 5 (Property violations): Given a property ψ, a
set of paths P = {pi | 0 ≤ i ≤ n} explored under a driver
request α, ψ is violated under α if ∀pi ∈ P , ¬ψ is reachable
on pi.
Similar as device checking, P represents all possible device
behaviors under the current driver request α. Only if all of
these possible behaviors lead to the violation of the property
ψ, PM can ensure there is an invalid driver request triggering
the violation.
2) Implementation of Property Checking: PM enforces
system properties from two major categories: access control
property and protocol property. An access control property
specifies that the driver should follow the access restrictions
when accessing the device registers. A protocol property
specifies that the device/driver should follow HW/SW interface
protocols defined in device specifications. Property 1 is an
access control property and Property 2 which is specified in
EERPO100 specification is a protocol property.
Property 1: The driver should never writes to a read-only
register
Property 2: If the device Command Unit (CU) is not in
SUSPENDED status, the driver cannot send RESUME to the
device.
PM automatically enforces access control properties at run-
time. By monitoring the driver requests issued to the device,
PM checks if the driver requests violate any access restrictions
which are defined in the attributes of the registers of the
FDM. The protocol properties are typically related to the
state transitions. Therefore, we express them in the term of
assertions and instrument assertions into the FDM. Figure 6
shows how to specify Property 2 with assertions in the FDM
by using the provided function comon assert. According
to Definition 5, PM reports a property violation when the
assertion fails on all the path explored by symbolic execution
of the FDM.
static void
eepro100_cu_command( EEPRO100State* s, uint8_t val)
{
......
// Assertion to enforce the property
if (s->cu_state != CU_STATE_SUSPENDED)
comon_assert(val != CU_CMD_RESUME);
......
}
Fig. 6: Assertions instrumented in EEPRO100 FDM
5
F. Implementation Details
We implement HW/SW co-monitoring framework on Linux.
Nevertheless the similar design can be implemented on Win-
dows or other platforms as well. The wrapper driver is
implemented as a loadable kernel module, which intercepts
the target driver inputs to the target device and captures device
interface states. As a standard Linux driver typically calls
Linux kernel functions to manipulate its device. For instance,
a driver writes values to device registers by calling Linux
kernel functions such as writel, writeb. The wrapper
driver hooks these kernel functions. As a result, when the
driver calls the kernel functions to issue requests to the device,
the wrapper driver is invoked to record and the driver requests
as well as interface registers.
We build SEE on the top of KLEE, a widely-used open-
source symbolic execution frame [4]. KLEE exercises C/C++
based software programs through symbolic execution by tak-
ing the LLVM-compiled bitcode of the program as its input. To
enable runtime monitoring, the FDM is compiled with LLVM
compiler [12] to llvm bit code offline and running online inside
modified KLEE. We extend KLEE by integrating our two-tier
checking and the module communicating with the wrapper
driver running inside the kernel.
IV. APPLICATIONS IN SECURITY
Our approach can detect not only logic bugs but also
malicious exploits across device/driver interfaces. This section
discusses the threat model of our approach by elaborating and
classifying the malicious exploits occurring over device/driver
interfaces, and shows how HW/SW co-monitoring can catch
these exploits at runtime.
A. Threat Model
In our threat model, a malicious exploit can be launched
either from the device or the driver and attack another side
of the device/driver interface. We categorize these exploits
into software attacks where malicious software exploits the
hardware interface and hardware attacks where malicious
hardware exploits the software interface.
1) Software Attacks: Peripheral devices expose a wide
range interface to the device drivers, i.e., large range of
interface registers and DMA memory. Hostile software, e.g.,
malware or rootkits can manipulate the exposed hardware in-
terfaces in illegal ways, such as writing arbitrary values to the
interface registers. The devices are vulnerable to these exploits
as device/driver interactions always need to follow certain pro-
tocols. The Violations of these protocols can easily drive the
device into unknown states, causing denial-of-service (DoS) or
even more serious attacks. For example, if the eepro100 driver
intensively sends CU_CMD_RESUME commands to device CU
which is not at CU_STATE_SUSPENDED, violating Property
2 in Section III-E, the device will be driven to an unresponsive
state such that normal functional operations over device/driver
are suspended. We demonstrate that we successfully attack the
e100 device by violating such a property (See Section V-C for
details).
2) Hardware Attacks: Software interface exposed to hard-
ware is also vulnerable. Generally the device driver takes
device inputs from device interface registers and the shared
memory in RAM through DMA. A malicious device can
always feed invalid even malformed values through those the
shared interfaces. By exploiting the driver vulnerabilities with
the malformed inputs, the attacker can articulate the driver to
unresponsive states or crashes, or even gain the control of the
entire system. We illustrated these attacks in details.
while (ioread16(ioaddr + Wn7_MasterStatus)
& 0x8000)
;
...
Fig. 7: A snippet from Linux 3c59x driver
Logic Bug Exploitation. There often exists logic bugs in the
driver code which interacts with the device such as improper
handling of device inputs. Hostile devices can exploit these
bugs with careful-crafted inputs, to hang or crash the driver,
leading to denial-of-services attacks. Figure 7 shows a real bug
existing in Linux 3c959x driver, which is illustrated in [13].
Function “ioread16” reads data from the device. If the value
read from the device is improper, the driver will loop forever.
The malicious attacker inside the device could feed such
an improper value to make the driver to loop, causing the
device/driver stack even the entire system out of services.
1/*
2* Handle raw report as sent by device
3*/
4static int
5picolcd_raw_event(struct hid_device *hdev,
6struct hid_report *report,
7u8 *raw_data, int size) {
8...
9if (report->id == REPORT_KEY_STATE) {
10...
11} else if (report->id == REPORT_IR_DATA) {
12...
13} else {
14...
15memcpy(data->pending->raw\_data, raw\_data+1,
size-1);
16...
17...
18}
19
Fig. 8: A code snippet of Linux picoLCD driver
Software Vulnerability Exploitation. Security vulnerabilities
are common in drivers. Some vulnerabilities can be exploited
by device inputs. For instance, a device driver often conducts
many memory operations to copy data and commands from
the device. Some vulnerable memory operations such as a
memcpy with buffer overflow can be exploited by malformed
device inputs, leading to memory corruption. The attacker can
further leverage these corruptions to launch various attacks
6
System_call:
CFI_STARTPROC   simple
CFI_SIGNAL_FRAME
  ...
/*CFI_REGISTER  rflags,r11*/
SWAPGS_UNSAFE_STACK
           ...
OS Kernel
MMIO Registers Reserved 
DMA 
Module
Hardware Device
Div. by zero 0x0 0xeeffeeff
...
...
System Call
...
Interrupt0
...
.. ...
... ...
0x80 0xbbffeeff
... ...
0x128 0xbbffeeee
... ...
DMA Memory
Internal 
Modules
fff e bb
Injected Code
User-level Program
Interrupt Descriptor Table (IDT)
Step (1): Placing 
malicious code
Step (2): Modify IDT 
with DMA
Hardware Trojan
Fig. 9: A hardware Trojan (HT)-based attack scenario with two steps: (1) HT places injected code in reserved registers; (2)
HT hooks system call handlers through DMA attacks
for denial-of-services, privileged escalation, and so on. We
present a discovered vulnerability in a real driver [14] as an
example. Figure 8 illustrates a code snippet of the PicoLCD
HID device driver. With the code at line 15, the driver copies
the raw report data from the device to the driver main memory
via the function memcpy. The buffer raw_data as well
as the copy size size are fully controlled by the display
device. Since the driver doesn’t check the bound of the buffer
before copying the data, a malicious device can easily cause
buffer overflow and launch attacks thereafter by providing
a malicious-crafted raw report data with larger size. There
are more reported memory corruption bugs which could be
exploited by malformed device inputs with similar methods,
causing serious consequences [15], [16], [17], [18].
Code Injection Attack. Modern devices typically have large
ranges of interface registers which their device drivers can
access. For example, Intel e1000 Ethernet has around 8KB
interface registers. The DMA-based shared memory inter-
faces between devices and drivers are even much larger.
Both interface registers and DMA-based memory could be
leveraged for code injection attack by malicious devices, i.e.,
an advisory could place its malicious code into the device
interface memory and execute the code by exploiting software
vulnerabilities. Several work [19], [20] demonstrated that code
injection can be combined with a DMA attack: malicious
hardware can modify critical OS kernel structure via illegal
DMA accesses and eventually execute the binary code injected
into shared interface between the device and driver.
Example. We use a DMA-based attack as a concrete example
to show how a code injection attack is carried out through
updating device interface registers. Figure 9 shows the work
flow of this attacking scenario. In this example, a hardware
Trojan in an Ethernet adapter takes over the OS by injecting
code through DMA attacks. There are two steps: (1) placing
the code to be executed in MMIO reserved registers; (2)
hooking system calls by modifying the Interrupt Descriptor
Table (IDT) through DMA. As a result, when a system call
is executed, the injected code is executed first. Moreover,
injected code is executed in the OS kernel space which has
root privilege, causing privilege escalation attacks.
B. Detecting Malicious Attacks
HW/SW co-monitoring can detect the malicious exploits by
effectively monitoring HW/SW interactions. We show how our
approach detects each type of attacks listed above.
Detecting Software Attacks. The property monitor in our
framework can help detect software attacks to hardware. In
the property monitor, a set of system properties and security
policies are enforced. By verifying these properties at runtime,
malformed driver commands which violate the properties can
be discovered.
Detecting Hardware Attacks. The hardware attacks listed
above generally rely on giving software driver invalid and
malformed inputs from hardware devices either through device
interface registers, or DMA shared memory. Since the FDM
models the normal correct behaviors of the device. Through
device checking, any invalid and malformed inputs on device
registers and DMA interfaces would lead to interface incon-
sistencies between the FDM and the device. As a result, by
enforcing the device checking, malformed input exploiting
driver bugs and vulnerabilities will be detected at runtime.
For code injection attacks, as the executable code is typically
7
injected into hardware interfaces such as interface registers or
DMA interfaces, the device checking can detect this abnormal
values in the interface by checking the conformance between
the FDM and the device.
In this section, we elaborate on several potential malicious
attacks across HW/SW interfaces. Nevertheless, our approach
is not limited in only detecting these attacks. By effectively
monitoring HW/SW interfaces, HW/SW co-monitoring is able
to discover most of exploits as long as their abnormal behav-
iors eventually appear on HW/SW interfaces.
V. EVALUATION
This section evaluates our approach from three aspects.
First, we present several real device and driver bugs discovered
by HW/SW co-monitoring, demonstrating our approach is
effective in catching bugs at runtime. Second, we simulate
several types of malicious attacks across HW/SW interfaces
and run our co-monitoring framework over that, to demonstrate
our approach is effective in catching malicious exploits as well.
Third, we evaluate the overhead introduced by our framework.
A. Experiment Setup
We have performed our experiments on a workstation of
Ubuntu Linux OS with 64-bit kernel version 2.6.38. We
applied our approach to five Ethernet cards and their FDMs.
The FDM and driver size, measured in Lines of Code (LoC),
are summarized in Table I.
TABLE I: Summary of devices for case studies
Devices FDMSize (LoC)
Driver
Size (LoC) Basic Description
RealTek rtl8139 1411 7001 RealTek 10/100M NIC
Intel eepro100 1032 7578 Intel 10/100M NIC
Intel e1000 1632 15118 Intel Gigabit NIC
Broadcom bcm5751 2103 12559 Broadcom Gigabit NIC
Intel x520 2501 21233 Intel 10 Gigabit NIC
B. Bug Detection
Our approach detects 9 real bugs in both devices and drivers,
shown in Table II. The driver bugs are related to violation of
access control properties and the device bugs are unexpected
updates to reserved registers. From the reliability perspective,
these bugs might not cause malfunction of the system as they
are not part of the normal logic. Nevertheless, from the security
perspective, all these violations can be potential malicious
exploits, for example, invalid driver inputs, e.g., writing to
read-only registers, can be either exploiting hardware interface
vulnerabilities or cooperatively working with hardware to
launch new attacks such as Stuxnet [21]. The device bugs
such as updating reserved registers can be the forms of various
attacks as well, for example, code injection attacks might
use reserved registers to place the code, presenting the exact
same phenomenon as the bugs we discovered. Discovering
these non-trivial bugs demonstrates HW/SW co-monitoring is
effective for detecting not only logic bugs but also the transient
failures as well as the exploits across HW/SW boundaries.
TABLE II: Summary of detected bugs
No. Description Dev./Drv. Num.
1 Driver writes to a read-only register. eepro100 1
2 Driver updates the reserved register bits e1000 2
3 Device updates reserved registers eepro100, e1000, x520 6
C. Malicious Exploitation Detection
To demonstrate the capability of detecting malicious attacks,
we simulated several malicious device and driver attacks which
are illustrated in the section IV-A. We deploy our framework
to the simulated exploitation environment to see whether it
can detect the exploits or not. We reported our experiments in
detecting software attacks and hardware attacks respectively.
Detecting Software Attacks. We instrumented the drivers of
the five listed devices in Table I to simulate driver attacks
targeting on the devices. We modified these drivers to issue
malicious driver events which violate the system properties,
causing device hangs or crashes. The voilated system proper-
ties and the consequence of corresponded violations are sum-
marized in Table III. In the experiment, our framework could
successfully catch the invalid inputs from the instrumented
drivers.
Detecting Hardware Attacks. In this experiment, we mainly
simulated two types of hardware attacks from malicious de-
vices which are illustrated in section IV-A: (1) the exploitation
of buffer overflow vulnerability in the driver; (2) the code
injection attack through DMA. In order to simulate malicious
devices, we employ an open-source widely-used virtual ma-
chine, named QEMU [22]. QEMU provides a rich set of virtual
devices simulating hardware device behaviors. We modified
the corresponded virtual devices of the five ones in Table I
by introducing malicious behaviors as needed. We carried out
our experiments on the QEMU virtual machine where the
drivers and virtual devices are running under the monitor of
our framework. The experiment details of the attacks are as
follows.
• Buffer Overflow Exploitation. Since this attack requires
buffer overflow vulnerability existing in device drivers,
for each driver of the five devices, we injected a simple
memcpy based operation where the size and original
buffer are controlled by the device. We instrumented the
virtual devices to provide the malformed inputs through
device interface registers, causing buffer overflow in the
modified drivers. The result show that our framework can
successfully detect the malformed values of the interface
registers through device checking.
• Code Injection Attack via DMA. We instrumented
the virtual devices to implement the example attack
described in Figure 9. The malicious virtual devices
could successfully execute the injected code and complete
privilege escalation, e.g., creating a “sudo” user account.
Our framework also detected this attack in a timely
manner, as long as the injected code was placed in the
8
TABLE III: Summary of Software Attack Injection
Driver Property Consequences
rtl8139 The driver should not start new transaction when another transaction is in progress Device hangs
eepro100 The driver should not issue START while the device is working already Device or even system hangs
e1000 The driver should not issue command when MDIC is not clear Device hangs
bcm5751 The driver should not start new EEPROM transaction when previous update is not finished Device hangs
x520 The driver should not issue command when MDIC is not clear Device hangs
1
1.2
1.4
1.6
1.8
2
2.2
Load
driver
SCP
Packets
Reset
device
Test
Suite
Load
driver
SCP
Packets
Reset
device
Test
Suite
Load
driver
SCP
Packets
Reset
device
Test
Suite
Load
driver
SCP
Packets
Reset
device
Test
Suite
Load
driver
SCP
Packets
Reset
device
Test
Suite
MON. CPU MON. Memory
rtl8139 eepro100 bcm5751e1000
R
at
io
s 
C
o
m
p
ar
in
g 
to
 N
A
T.
 C
o
n
fi
gu
ra
ti
o
n x520
Fig. 10: CPU and memory usages of test cases under MON configurations. The CPU and memory usages under the NAT
configuration are normalized to 1.
device interface registers, the device checking reported
the inconsistencies between the virtual device and FDM,
discovering the attack.
D. Performance
We evaluated the overhead introduced by HW/SW co-
monitirng by measuring CPU and memory usages under four
test scenarios. These test scenarios are common use cases of
an Ethernet adapter, including “load driver”, “scp files”, “reset
device”, and a test suite which is a set of small test cases
specifically designed for testing Ethernet adapters, including
“sending a UDP/TCP packet”, “configuring IP addresses”,
“ping for 30 seconds”, and so on.
We compared the CPU and memory usages under
two system configurations: the native system without co-
monitoring, denoted “NAT.”, and the monitored system with
co-monitoring, denoted as “MON.”. Figure 10 shows the
results, where the usages in NAT. are normalized to 1. The re-
sults show that under most of the test cases, our co-monitoring
approach introduces reasonable overhead, CPU overhead is
1.2x - 1.6x while memory overhead is 1.1x - 1.4x.
Discussion. We noticed that under some heavey workloads,
the overhead is relatively high comparing to the normal
situations. The reason is that these workloads caused inten-
sive device/driver requests. Since our framework symbolically
executes the FDM upon every driver request, intensive driver
requests will lead to signicant overhead incurred by symbolic
execution. A potential solution is “caching” the driver request
and FDM state transitions. We observed that in the scenarios
with heavy traffics such as network packet transfering, same
sequences of driver requests and FDM state transitions are
often generated. To this end, we can cache the driver request
and FDM state transitions explored by symbolic execution of
the FDM. If encountering the same driver request and the FDM
state, SEE directly reuse the cached FDM state transitions
without invoking symbolic execution. As a result, the runtime
overhead could be further mitigated. We plan to implement
this optimization in our future work.
Our evaluation demonstrates that (1) this framework is
useful: it can discover runtime errors in the device and the
driver and (2) the framework is efficient: its performance
overhead is modest. Overall, these results indicate that our
approach has major potential in helping validate and debug
device/driver together.
VI. RELATED WORK
Our work is related to the work in three areas: (1) driver ver-
ification, testing, and monitoring; (2) device validation, testing,
monitoring; (3) HW/SW co-validation and co-verification. We
discuss the corresponded related work below.
Driver validation and monitoring. A notable driver verifi-
cation framework is Static Driver Verifier (SDV) [23], which
focuses on verifying Windows Kernel API usages of Windows
drivers. It applies software model checking to verify the
system properties to which Windows drivers should conform.
There has been much research focusing on exploring possible
driver execution paths and test case generations [24], [25],
[26], by leveraging runtime symbolic execution. Monitoring a
runtime system is an alternative approach to enhancing system
reliabilities. Nooks [4] and Carburizer [13] detect driver errors
at runtime and carry out simple mechanisms to handle the
errors and recover the system.
9
Device validation and monitoring. Device testing and vali-
dation are usually carried out in the post-silicon stage. Post-
silicon validation is performed on silicon prototypes and test-
ing devices. A significant amount of research has been focused
on detecting and localizing bugs in silicon chips. A major
difficulty of post-silicon bug detection and localization is the
limited observability of silicon device internals. Previous work
[6], [7] has developed hardware on-chip monitors to collect
hardware execution traces with internal signals. Assertion-
based verification [8], [9], [10] and formal methods [27] have
been used to analyze and debug the execution traces from
on-chip monitors. Our approach also works on detecting and
troubleshooting post-silicon bugs. Instead of validating internal
implementations of hardware devices, we focus on monitoring
HW/SW interfaces.
HW/SW interface assurance. There has been several re-
search on HW/SW interface assurance in the validation stage.
HW/SW co-verification and co-simulation are two major tech-
niques. HW/SW co-verification mainly uses model check-
ing [5] as well as symbolic execution [28] which verify
HW/SW interface protocols against the device and driver
models. Research on co-simulation [29], [30], [31] explores
the design space of HW/SW boundaries with hardware mod-
els. Both HW/SW co-verification and co-simulation operate
against hardware designs and models rather than the imple-
mentation of the HW/SW interfaces. And neither of them
is conducted in the real runtime environment. Therefore,
how to eliminate false positives and reproduce the detected
bugs are often challenging. Our approach is conducted on
the real devices and drivers, all the detected bugs are real
bugs occurred at runtime. Moreover, the malicious attacks or
hardware transient errors can only be detected by HW/SW
co-monitoring, as they only occur at deployment stage.
VII. CONCLUSIONS AND FUTURE WORK
We have presented HW/SW co-monitoring, a co-verification
approach to discovering bugs, failures, and malicious exploits
during device/driver interactions. We evaluated our approach
and discoved 9 bugs in commercial devices and drivers
which have been deployed into production for years. The
performance evaluation indicated that the introduced overhead
is reasonable. These results demonstrate that HW/SW co-
monitoring is effective and efficient in detecting logic bugs as
well as malicious exploits over HW/SW interfaces at runtime.
For future work, we will explore two directions. First, we
will implement our “caching” strategy to further mitigate the
runtime overhead. Second, HW/SW co-monitoring provides
a foundation for protecting computer systems at runtime by
effectively detecting the failures and exploits in HW/SW
interfaces. In future, we will research how to efficiently prevent
the failures from affecting the rest of the systems by either
rectifying or isolating the discovered failures.
REFERENCES
[1] L. Ryzhyk, P. Chubb, I. Kuz, and G. Heiser, “Dingo: Taming device
drivers,” in Proc. of EuroSys, 2009, 2009.
[2] A. Kadav and M. M. Swift, “Understanding modern device drivers,” in
Proc. of ASPLOS, 2012.
[3] J. V. Stoep, “Android: protecting the kernel,” in Linux Security Summit,
2016.
[4] M. M. Swift, B. N. Bershad, and H. M. Levy, “Improving the reliability
of commodity operating systems,” TCS, 2005, 2005.
[5] R. P. Kurshan, V. Levin, M. Minea, D. Peled, and H. Yenigu¨n, “Com-
bining software and hardware verification techniques,” Formal Methods
in System Design (FMSD), vol. 21, no. 3, pp. 251–280, November 2002.
[6] M. Abramovici, P. Bradley, K. Dwarakanath, P. Levin, G. Memmi, and
D. Miller, “A reconfigurable design-for-debug infrastructure for SoCs,”
in Proc. of DAC, 2006.
[7] S.-B. Park and S. Mitra, “IFRA: instruction footprint recording and
analysis for post-silicon bug localization in processors,” in Proc. of DAC,
2008.
[8] M. Boule, J. Chenard, and Z. Zilic, “Adding Debug Enhancements to
Assertion Checkers for Hardware Emulation and Silicon Debug,” in
Proc. of ICCD, 2006.
[9] A. J. Hu, J. Casas, and J. Yang, “Efficient Generation of Monitor Circuits
for GSTE Assertion Graphs,” in ICCAD, 2003.
[10] J. A. M. Nacif, F. M. de Paula, H. Foster, C. J. N. C. Jr., and A. O.
Fernandes, “The chip is ready. am i done? on-chip verification using
assertion processors,” in VLSI-SOC, 2013.
[11] J. C. King, “Symbolic execution and program testing,” Commun. ACM,
vol. 19, pp. 385–394, July 1976.
[12] C. Lattner and V. Adve, “Llvm: A compilation framework for lifelong
program analysis & transformation,” in Proc. of CGO, 2004.
[13] A. Kadav, M. J. Renzelmann, and M. M. Swift, “Tolerating hardware
device failures in software,” in Proc. of SOSP, 2009.
[14] MITRE, “CVE-2014-3186.” 2014. [Online]. Available: https://cve.mitre.
org/cgi-bin/cvename.cgi?name=CVE-2014-3186
[15] MITRE., “CVE-2014-3182.” 2014. [Online]. Available: http://cve.mitre.
org/cgi-bin/cvename.cgi?name=CVE-2014-3182
[16] MITRE, “CVE-2014-6410.” 2014. [Online]. Available: http://cve.mitre.
org/cgi-bin/cvename.cgi?name=CVE-2014-6410
[17] MITRE., “CVE-2013-2897.” 2013. [Online]. Available: https://cve.
mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897
[18] MITRE, “CVE-2013-1860.” 2013. [Online]. Available: https://cve.mitre.
org/cgi-bin/cvename.cgi?name=CVE-2013-1860
[19] D. R. Piegdon, “Hacking in physically addressable memory - a proof of
concept,” advanced Exploitation Techniques, WS 2006/2007.
[20] R.Breuk and A.Spruyt, “Integrating dma attacks in exploitation frame-
works,” http://www.delaat.net/rp/2011-2012/p14/report.pdf, 2012.
[21] Wikipedia, “Stuxnet,” 2010, http://en.wikipedia.org/wiki/Stuxnet.
[22] F. Bellard, “QEMU, a fast and portable dynamic translator,” in Proc. of
ATC, 2005.
[23] T. Ball, E. Bounimova, B. Cook, V. Levin, J. Lichtenberg, C. McGarvey,
B. Ondrusek, S. K. Rajamani, and A. Ustuner, “Thorough static analysis
of device drivers,” in Proc. of EuroSys, 2016.
[24] V. Kuznetsov, V. Chipounov, and G. Candea, “Testing closed-source
binary device drivers with DDT,” in Proc. of USENIXATC, 2010.
[25] V. Chipounov, V. Kuznetsov, and G. Candea, “S2E: a platform for in-
vivo multi-path analysis of software systems,” in Proc. of ASPLOS, 2011.
[26] M. J. Renzelmann, A. Kadav, and M. M. Swift, “SymDrive: Testing
Drivers Without Devices,” in Proc. of OSDI, 2012.
[27] F. M. De Paula, M. Gort, A. J. Hu, S. Wilton, and J. Yang, “BackSpace:
Formal Analysis for Post-Silicon Debug,” in Proc. of FMCAD, 2008,
2008.
[28] A. Horn, M. Tautschnig, C. Val, L. Liang, T. Melham, J. Grundy, and
D. Kroening, “Formal Co-Validation of Low-Level Hardware/Software
Interfaces,” in Proc. of FMCAD, 2013.
[29] A. Ghosh, M. Bershteyn, R. Casley, C. Chien, A. Jain, M. Lipsie,
D. Tarrodaychik, and O. Yamamo, “A hardware-software co-simulator
for embedded system design and debugging,” in ASP-DAC, 1995.
[30] A. Hoffmann, T. Kogel, and H. Meyr, “A framework for fast hardware-
software co-simulation,” in Proc. of DATE, 2001.
[31] J. A. Rowson, “Hardware/software co-simulation,” in DAC, 1994.
10
