Combining k-Induction with Continuously-Refined Invariants

Bounded model checking (BMC) is a well-known and successful technique for finding bugs in software. k-induction is an approach to extend BMC-based approaches from falsification to verification. Automatically generated auxiliary invariants can be used to strengthen the induction hypothesis. We improve this approach and further increase effectiveness and efficiency in the following way: we start with light-weight invariants and refine these invariants continuously during the analysis. We present and evaluate an implementation of our approach in the open-source verification-framework CPAchecker. Our experiments show that combining k-induction with continuously-refined invariants significantly increases effectiveness and efficiency, and outperforms all existing implementations of k-induction-based software verification in terms of successful verification results.Comment: 12 pages, 5 figures, 2 tables, 2 algorithm

Model-based dependability analysis : state-of-the-art, challenges and future outlook

Abstract: Over the past two decades, the study of model-based dependability analysis has gathered significant research interest. Different approaches have been developed to automate and address various limitations of classical dependability techniques to contend with the increasing complexity and challenges of modern safety-critical system. Two leading paradigms have emerged, one which constructs predictive system failure models from component failure models compositionally using the topology of the system. The other utilizes design models - typically state automata - to explore system behaviour through fault injection. This paper reviews a number of prominent techniques under these two paradigms, and provides an insight into their working mechanism, applicability, strengths and challenges, as well as recent developments within these fields. We also discuss the emerging trends on integrated approaches and advanced analysis capabilities. Lastly, we outline the future outlook for model-based dependability analysis

AKER: A Design and Verification Framework for Safe andSecure SoC Access Control

Modern systems on a chip (SoCs) utilize heterogeneous architectures where multiple IP cores have concurrent access to on-chip shared resources. In security-critical applications, IP cores have different privilege levels for accessing shared resources, which must be regulated by an access control system. AKER is a design and verification framework for SoC access control. AKER builds upon the Access Control Wrapper (ACW) -- a high performance and easy-to-integrate hardware module that dynamically manages access to shared resources. To build an SoC access control system, AKER distributes the ACWs throughout the SoC, wrapping controller IP cores, and configuring the ACWs to perform local access control. To ensure the access control system is functioning correctly and securely, AKER provides a property-driven security verification using MITRE common weakness enumerations. AKER verifies the SoC access control at the IP level to ensure the absence of bugs in the functionalities of the ACW module, at the firmware level to confirm the secure operation of the ACW when integrated with a hardware root-of-trust (HRoT), and at the system level to evaluate security threats due to the interactions among shared resources. The performance, resource usage, and security of access control systems implemented through AKER is experimentally evaluated on a Xilinx UltraScale+ programmable SoC, it is integrated with the OpenTitan hardware root-of-trust, and it is used to design an access control system for the OpenPULP multicore architecture

A generic debug interface for IP-integrated assertions

Der Entwurf von Hardware/Software Systemen ist auf eine solide Verifikationsmethodik angewiesen, die den ganzen Design Flow durchzieht. Viele Konzepte haben eine Erhöhung des Abstraktionsniveaus bei der Entwurfseingabe gemeinsam, wobei der modell-basierte Hardware-Entwurf einen vielversprechenden und sich verbreitenenden Ansatz darstellt. Assertion basierte Verifikation ermöglicht dem Entwickler die Spezifikation von Eigenschaften des Entwurfes und die Aufdeckung von Fällen, in denen diese verletzt werden. Während Assertions in Entwurfs- und Simulationsstadien weit verbreitet sind, ist der Ansatz, diese mit auf dem integrierten Schaltkreis (IC) zu fertigen, neuartig. In dieser Diplomarbeit soll ein von Infineon Technologies entwickeltes, auf UML basierendes Datenmodell, welches zur Erfassung von Entwurfsspezifikation und zur automatischen Code-Generierung genutzt wird dahingehend erweitert werden, die Beschreibung für im IC integrierte Assertions zu ermöglichen. Für diese Zwecke wird ein abstraktes Datenmodell beschrieben werden. Das Assertion Interface soll die spezifikationsgetreue Modellintegration gewährleisten, sowie IC interne Assertionresultate dem umgebenen System über das Interface zugänglich machen und damit zum Debugging während der Laufzeit ermöglichen. Ferner werden die Codegenerierungs Templates erläutert und einBeispielsystem eingeführt, um die beschriebenden Konzepte zu validieren.Nowadays electronic systems design requires fast time to market and solid verification throughout the entire design flow. Many concepts have been researched to raise the level of abstraction during the design entry phase, whereas model-based design is the most promising one. Assertion-based verification enables the developer to specify properties of the design and to get report if these are violated. Assertions are common during development and simulation of electronic products but often are not included in the final silicon. In this thesis an UML-based model defined at Infineon Technologies for capturing design specification information and to generate code automatically using templates, will be extended to allow the description of an abstract debuggable assertion interface for silicon assertions. With help of the assertion interface it shall be possible to verify the correct module integration and to monitor IP-internal assertion checker results. Besides, the code-generation templates for the assertion interface model will be described. To demonstrate the usability of the developed concepts an example system will be introduced to validate the approach.Ilmenau, Techn. Univ., Diplomarbeit, 200

Architecture Layer Based Grid Computing Security Study

With increasing grid computing application in more and more industries and sectors, grid security has grown into the most critical as well as important aspect in overall application architecture. This article, from architecture layer security dimension, studies security issue in grid computing environments, indicating architecture layer based security solutions in current grid computing and proposing grid security recommendations as well, which will contribute to further defining and analyzing security strategy in grid computing and function as a guideline to the development of grid computing technology. Keywords: grid security infrastructure; security strategy; grid computin