Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Quality and Quantity in Robustness-Checking Using Formal Techniques

Fault tolerance is one of the main challenges for future technology scaling to tolerate transient faults. Various techniques at design level are available to catch and handle transient faults, e.g., Triple Modular Redundancy. An important but missing step is to verify the implementation of those techniques since the implementation might be buggy itself. The thesis is focusing on formally verifying digital circuits with respect to fault-tolerant aspects. It considers transient faults and basically checks whether these faults can influence the output behavior of sequential circuits for any kind of scenarios. As a result the designer is pin-pointed directly to critical parts of the design and gets a prove about the absence of faulty behavior for non-critical parts. The focus of the verification is completeness with respect to the analysis. Three issues need to be adequately addressed: 1) cover all input stimuli, 2) all possible transient faults, and, 3) all possibly exponential long (wrt. to number of state bits) propagation paths. All three issues are addressed in different engines. A tool called RobuCheck has been implemented and evaluated on different academic benchmarks from ITC'99 and industrial benchmarks from IBM

Security Attack Models for Split Manufacturing of Integrated Circuits

Split manufacturing of integrated circuits reduces vulnerabilities introduced by an untrusted foundry by manufacturing only a part of design at an untrusted high-end foundry and the remaining part at a trusted low-end foundry. Unfortunately, a naïve spilt manufacturing alone does not ensure security. An attacker can use proximity attack to undermine the security offered by split manufacturing. However, this attack is applicable only to hierarchical designs. We propose a physical attack model for split manufacturing for industry-standard/ relevant flattened designs. Our attack uses heuristics of physical design tools, which outperform previous attack. We also develop a logic-aware physical attack considering logic redundancy, which identifies incorrect connections effectively. The effectiveness of proposed techniques is demonstrated by simulations on benchmark circuits. Our attack success rate is ~10× that of the proximity attack; our attack predicts 80% of the missing BEOL connections correctly, while the proximity attack predicts only 8% for flattened designs

Synthesis for circuit reliability

textElectrical and Computer Engineerin

Génération de séquences de test pour l'accélération d'assertions

Avec la complexité croissante des systèmes sur puce, le processus de vérification devient une tâche de plus en plus cruciale à tous les niveaux du cycle de conception, et monopolise une part importante du temps de développement. Dans ce contexte, l'assertion-based verification (ABV) a considérablement gagné en popularité ces dernières années. Il s'agit de spécifier le comportement attendu du système par l'intermédiaire de propriétés logico-temporelles, et de vérifier ces propriétés par des méthodes semi-formelles ou formelles. Des langages de spécification comme PSL ou SVA (standards IEEE) sont couramment utilisés pour exprimer ces propriétés. Des techniques de vérification statiques (model checking) ou dynamiques (validation en cours de simulation) peuvent être mises en œuvre. Nous nous plaçons dans le contexte de la vérification dynamique. A partir d'assertions exprimées en PSL ou SVA, des descriptions VHDL ou Verilog synthétisables de moniteurs matériels de surveillance peuvent être produites (outil Horus). Ces composants peuvent être utilisés pendant la conception (en simulation et/ou émulation pour le débug et la validation de circuits), ou comme composants embarqués, pour la surveillance du comportement de systèmes critiques. Pour l'analyse en phase de conception, que ce soit en simulation ou en émulation, le problème de la génération des séquences de test se pose. En effet, des séquences de test générées aléatoirement peuvent conduire à un faible taux de couverture des conditions d'activation des moniteurs et, de ce fait, peuvent être peu révélatrices de la satisfaction des assertions. Les méthodes de génération de séquences de test sous contraintes n'apportent pas de réelle solution car les contraintes ne peuvent pas être liées à des conditions temporelles. De nouvelles méthodes doivent être spécifiées et implémentées, c'est ce que nous nous proposons d'étudier dans cette thèse.With the increasing complexity of SoC, the verification process becomes a task more crucial at all levels of the design cycle, and monopolize a large share of development time. In this context, the assertion-based verification (ABV) has gained considerable popularity in recent years. This is to specify the behavior of the system through logico-temporal properties and check these properties by semiformal or formal methods. Specification languages such as PSL or SVA (IEEE) are commonly used to express these properties. Static verification techniques (model checking) or dynamic (during simulation) can be implemented. We are placed in the context of dynamic verification. Our assertions are expressed in PSL or SVA, and synthesizable descriptions VHDL or Verilog hardware surveillance monitors can be produced (Horus tool). These components can be used for design (simulation and/or emulation for circuit debug and validation) or as embedded components for monitoring the behavior of critical systems. For analysis in the design phase, either in simulation or emulation, the problem of generating test sequences arises. In effect, sequences of randomly generated test can lead to a low coverage conditions of activation monitors and, therefore, may be indicative of little satisfaction assertions. The methods of generation of test sequences under constraints do not provide real solution because the constraints can not be linked to temporal conditions. New methods must be specified and implemented, this's what we propose to study in this thesis.SAVOIE-SCD - Bib.électronique (730659901) / SudocGRENOBLE1/INP-Bib.électronique (384210012) / SudocGRENOBLE2/3-Bib.électronique (384219901) / SudocSudocFranceF

Parallel Processing for VLSI CAD Applications a Tutorial

Coordinated Science Laboratory was formerly known as Control Systems LaboratorySemiconductor Research CorporationAuthor's name appears in front matter as Prithviraj Banerje