Improving SAT-based Bounded Model Checking by Means of BDD-based Approximate Traversals

Binary Decision Diagrams (BDDs) have been widely used in synthesis and verification. Boolean Satisfiability (SAT) Solvers, on the other hand, have been gaining ground only recently, with the introduction of efficient implementation procedures. Specifically, while BDDs have been mainly adopted to formally verify the correctness of hardware devices, SAT-based Bounded Model Checking (BMC) has been widely used for debugging. In this paper, we combine BDD and SAT-based methods to increase the efficiency of BMC. We first exploit affordable BDD-based symbolic approximate reachability analysis to gather information on the state space. Then, we use the collected overestimated reachable state sets to restrict the search space of a SAT-based BMC. This is possible by feeding the SAT solver with a description that is the combination of the original BMC problem with the extra information coming from BDD-based symbolic analysis. We develop specific strategies to appropriately mix BDD and SAT efforts, and to efficiently convert BDD-based symbolic state set representations into SAT-oriented ones. Experimental results prove the validity of our strategy to reduce the amount of variable assignments and variable conflicts generated by SAT solvers, with a subsequent significant performance gain. We gather results with four among the most used SAT solvers, namely Chaff, Limmat, BerkMin, and Siege. We could reduce the number of conflicts up to more than 100x, and the verification time up to 30x

Improving SAT-based Bounded Model Checking by Means of BDD-based Approximate Traversals

Binary Decision Diagrams (BDDs) have been widely used in synthesis and verification. Boolean Satisfiability (SAT) Solvers, on the other hand, have been gaining ground only recently, with the introduction of efficient implementation procedures. Specifically, while BDDs have been mainly adopted to formally verify the correctness of hardware devices, SAT-based Bounded Model Checking (BMC) has been widely used for debugging. In this paper, we combine BDD and SAT-based methods to increase the efficiency of BMC. We first exploit affordable BDD-based symbolic approximate reachability analysis to gather information on the state space. Then, we use the collected overestimated reachable state sets to restrict the search space of a SAT-based BMC. This is possible by feeding the SAT solver with a description that is the combination of the original BMC problem with the extra information coming from BDD-based symbolic analysis. We develop specific strategies to appropriately mix BDD and SAT efforts, and to efficiently convert BDD-based symbolic state set representations into SAT-oriented ones. Experimental results prove the validity of our strategy to reduce the amount of variable assignments and variable conflicts generated by SAT solvers, with a subsequent significant performance gain. We gather results with four among the most used SAT solvers, namely Chaff, Limmat, BerkMin, and Siege. We could reduce the number of conflicts up to more than 100x, and the verification time up to 30x

A framework for development and implementation of secure hardware-based systems

Orientador : Ricardo Dahab.Tese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo A concepção de sistemas seguros demanda tratamento holístico, global. A razão é que a mera composição de componentes individualmente seguros não garante a segurança do conjunto resultante2. Enquanto isso, a complexidade dos sistemas de informação cresce vigorosamente, dentre outros, no que se diz respeito: i) ao número de componentes constituintes; ii) ao número de interações com outros sistemas; e iii) 'a diversidade de natureza dos componentes. Este crescimento constante da complexidade demanda um domínio de conhecimento ao mesmo tempo multidisciplinar e profundo, cada vez mais difícil de ser coordenado em uma única visão global, seja por um indivíduo, seja por uma equipe de desenvolvimento. Nesta tese propomos um framework para a concepção, desenvolvimento e deployment de sistemas baseados em hardware que é fundamentado em uma visão única e global de segurança. Tal visão cobre um espectro abrangente de requisitos, desde a integridade física dos dispositivos até a verificação, pelo usuário final, de que seu sistema está logicamente íntegro. Para alcançar este objetivo, apresentamos nesta tese o seguinte conjunto de componentes para o nosso framework: i) um conjunto de considerações para a construção de modelos de ataques que capturem a natureza particular dos adversários de sistemas seguros reais, principalmente daqueles baseados em hardware; ii) um arcabouço teórico com conceitos e definições importantes e úteis na construção de sistemas seguros baseados em hardware; iii) um conjunto de padrões (patterns) de componentes e arquiteturas de sistemas seguros baseados em hardware; iv) um modelo teórico, lógico-probabilístico, para avaliação do nível de segurança das arquiteturas e implementações; e v) a aplicação dos elementos do framework na implementação de sistemas de produção, com estudos de casos muito significativos3. Os resultados relacionados a estes componentes estão apresentados nesta tese na forma de coletânea de artigos. 2 Técnicas "greedy" não fornecem necessariamente os resultados ótimos. Mais, a presença de componentes seguros não é nem fundamental. 3 Em termos de impacto social, econômico ou estratégicoAbstract: The conception of secure systems requires a global, holistic, approach. The reason is that the mere composition of individually secure components does not necessarily imply in the security of the resulting system4. Meanwhile, the complexity of information systems has grown vigorously in several dimensions as: i) the number of components, ii) the number of interactions with other components, iii) the diversity in the nature of the components. This continuous growth of complexity requires from designers a deep and broad multidisciplinary knowledge, which is becoming increasingly difficult to be coordinated and attained either by individuals or even teams. In this thesis we propose a framework for the conception, development, and deployment of secure hardware-based systems that is rooted on a unified and global security vision. Such a vision encompasses a broad spectrum of requirements, from device physical integrity to the device logical integrity verification by humans. In order to attain this objective we present in this thesis the following set of components of our framework: i) a set of considerations for the development of threat models that captures the particular nature of adversaries of real secure systems based on hardware; ii) a set of theoretical concepts and definitions useful in the design of secure hardware-based systems; iii) a set of design patterns of components and architectures for secure systems; iv) a logical-probabilistic theoretical model for security evaluation of system architectures and implementations; and v) the application of the elements of our framework in production systems with highly relevant study cases. Our results related to these components are presented in this thesis as a series of papers which have been published or submitted for publication. 4Greedy techniques do not inevitably yield optimal results. More than that, the usage of secure components is not even requiredDoutoradoCiência da ComputaçãoDoutor em Ciência da Computaçã