Towards a Formally Verified Security Monitor for VM-based Confidential Computing

Confidential computing is a key technology for isolating high-assurance applications from the large amounts of untrusted code typical in modern systems. Existing confidential computing systems cannot be certified for use in critical applications, like systems controlling critical infrastructure, hardware security modules, or aircraft, as they lack formal verification. This paper presents an approach to formally modeling and proving a security monitor. It introduces a canonical architecture for virtual machine (VM)-based confidential computing systems. It abstracts processor-specific components and identifies a minimal set of hardware primitives required by a trusted security monitor to enforce security guarantees. We demonstrate our methodology and proposed approach with an example from our Rust implementation of the security monitor for RISC-V

MAGICCARPET: Verified Detection and Recovery for Hardware-based Exploits

Abstract—MAGICCARPET is a new approach to defending systems against exploitable processor bugs. MAGICCARPET uses hardware to detect violations of invariants involving security-critical processor state and uses firmware to correctly push software’s state past the violations. The invariants are specified at run time. MAGICCARPET focuses on dynamically validating updates to security-critical processor state. In this work, (1) we generate correctness proofs for both MAGICCARPET hardware and firmware; (2) we prove that processor state and events never violate our security invariants at runtime; and (3) we show that MAGICCARPET copes with hardware-based exploits discovered post-fabrication using a combination of verified reconfigurations of invariants in the fabric and verified recoveries via reprogrammable software. We implement MAGICCARPET inside a popular open source processor on an FPGA platform. We evaluate MAGICCARPET using a diverse set of hardware-based attacks based on escaped and exploitable commercial processor bugs. MAGICCARPET is able to detect and recover from all tested attacks with no software run-time overhead in the attack-free case

Flow-based fabrication: An integrated computational workflow for design and digital additive manufacturing of multifunctional heterogeneously structured objects

Structural hierarchy and material organization in design are traditionally achieved by combining discrete homogeneous parts into functional assemblies where the shape or surface is the determining factor in achieving function. In contrast, biological structures express higher levels of functionality on a finer scale through volumetric cellular constructs that are heterogeneous and complex. Despite recent advancements in additive manufacturing of functionally graded materials, the limitations associated with computational design and digital fabrication of heterogeneous materials and structures frame and limit further progress. Conventional computer-aided design tools typically contain geometric and topologic data of virtual constructs, but lack robust means to integrate material composition properties within virtual models. We present a seamless computational workflow for the design and direct digital fabrication of multi-material and multi-scale structured objects. The workflow encodes for and integrates domain-specific meta-data relating to local, regional and global feature resolution of heterogeneous material organizations. We focus on water-based materials and demonstrate our approach by additively manufacturing diverse constructs associating shape-informing variable flow rates and material properties to mesh-free geometric primitives. The proposed workflow enables virtual-to-physical control of constructs where structural, mechanical and optical gradients are achieved through a seamless design-to-fabrication tool with localized control. An enabling technology combining a robotic arm and a multi-syringe multi nozzle deposition system is presented. Proposed methodology is implemented and full-scale demonstrations are included