2,853 research outputs found
First steps towards the certification of an ARM simulator using Compcert
The simulation of Systems-on-Chip (SoC) is nowadays a hot topic because,
beyond providing many debugging facilities, it allows the development of
dedicated software before the hardware is available. Low-consumption CPUs such
as ARM play a central role in SoC. However, the effectiveness of simulation
depends on the faithfulness of the simulator. To this effect, we propose here
to prove significant parts of such a simulator, SimSoC. Basically, on one hand,
we develop a Coq formal model of the ARM architecture while on the other hand,
we consider a version of the simulator including components written in
Compcert-C. Then we prove that the simulation of ARM operations, according to
Compcert-C formal semantics, conforms to the expected formal model of ARM. Size
issues are partly dealt with using automatic generation of significant parts of
the Coq model and of SimSoC from the official textual definition of ARM.
However, this is still a long-term project. We report here the current stage of
our efforts and discuss in particular the use of Compcert-C in this framework.Comment: First International Conference on Certified Programs and Proofs 7086
(2011
Run-time Spatial Mapping of Streaming Applications to Heterogeneous Multi-Processor Systems
In this paper, we define the problem of spatial mapping. We present reasons why performing spatial mappings at run-time is both necessary and desirable. We propose what is—to our knowledge—the first attempt at a formal description of spatial mappings for the embedded real-time streaming application domain. Thereby, we introduce criteria for a qualitative comparison of these spatial mappings. As an illustration of how our formalization relates to practice, we relate our own spatial mapping algorithm to the formal model
PA-Boot: A Formally Verified Authentication Protocol for Multiprocessor Secure Boot
Hardware supply-chain attacks are raising significant security threats to the
boot process of multiprocessor systems. This paper identifies a new, prevalent
hardware supply-chain attack surface that can bypass multiprocessor secure boot
due to the absence of processor-authentication mechanisms. To defend against
such attacks, we present PA-Boot, the first formally verified
processor-authentication protocol for secure boot in multiprocessor systems.
PA-Boot is proved functionally correct and is guaranteed to detect multiple
adversarial behaviors, e.g., processor replacements, man-in-the-middle attacks,
and tampering with certificates. The fine-grained formalization of PA-Boot and
its fully mechanized security proofs are carried out in the Isabelle/HOL
theorem prover with 306 lemmas/theorems and ~7,100 LoC. Experiments on a
proof-of-concept implementation indicate that PA-Boot can effectively identify
boot-process attacks with a considerably minor overhead and thereby improve the
security of multiprocessor systems.Comment: Manuscript submitted to IEEE Trans. Dependable Secure Compu
Logic Programming approaches for routing fault-free and maximally-parallel Wavelength Routed Optical Networks on Chip (Application paper)
One promising trend in digital system integration consists of boosting
on-chip communication performance by means of silicon photonics, thus
materializing the so-called Optical Networks-on-Chip (ONoCs). Among them,
wavelength routing can be used to route a signal to destination by univocally
associating a routing path to the wavelength of the optical carrier. Such
wavelengths should be chosen so to minimize interferences among optical
channels and to avoid routing faults. As a result, physical parameter selection
of such networks requires the solution of complex constrained optimization
problems. In previous work, published in the proceedings of the International
Conference on Computer-Aided Design, we proposed and solved the problem of
computing the maximum parallelism obtainable in the communication between any
two endpoints while avoiding misrouting of optical signals. The underlying
technology, only quickly mentioned in that paper, is Answer Set Programming
(ASP). In this work, we detail the ASP approach we used to solve such problem.
Another important design issue is to select the wavelengths of optical
carriers such that they are spread across the available spectrum, in order to
reduce the likelihood that, due to imperfections in the manufacturing process,
unintended routing faults arise. We show how to address such problem in
Constraint Logic Programming on Finite Domains (CLP(FD)).
This paper is under consideration for possible publication on Theory and
Practice of Logic Programming.Comment: Paper presented at the 33nd International Conference on Logic
Programming (ICLP 2017), Melbourne, Australia, August 28 to September 1,
2017. 16 pages, LaTeX, 5 figure
Modeling and Formal Verification of a Passive Optical Network on Chip Behavior
Many of the modern Systems-on-Chip integrate a high density of heterogeneous components such as different processors, a wide range of hardware components, as well as complex interconnects that use different communication protocols. On-chip physical interconnections represent a limiting factor for the performance and energy consumption. Currently, the optical interconnects integrated on chip are a viable alternative for on chip interconnects. However, the access to physical prototyping of these interconnects is a major challenge because this systems require very recent technologies, still difficult to access. Thus, their high-level modeling and validation are mandatory. This paper proposes the modeling and the formal verification for the global validation of the behavior of a passive integrated photonic routing structure using models that are based on timed automata
Formal Foundations for the Generation of Heterogeneous Executable Specifications in SystemC from UML/MARTE Models
Medical genetic
Verifying RISC-V Physical Memory Protection
We formally verify an open-source hardware implementation of physical memory
protection (PMP) in RISC-V, which is a standard feature used for memory
isolation in security critical systems such as the Keystone trusted execution
environment. PMP provides per-hardware-thread machine-mode control registers
that specify the access privileges for physical memory regions. We first
formalize the functional property of the PMP rules based on the RISC-V ISA
manual. Then, we use the LIME tool to translate an open-source implementation
of the PMP hardware module written in Chisel to the UCLID5 formal verification
language. We encode the formal specification in UCLID5 and verify the
functional correctness of the hardware. This is an initial effort towards
verifying the Keystone framework, where the trusted computing base (TCB) relies
on PMP to provide security guarantees such as integrity and confidentiality.Comment: SECRISC-V 2019 Worksho
- …