Model-Checking Speculation-Dependent Security Properties: Abstracting and Reducing Processor Models for Sound and Complete Verification

Spectre and Meltdown attacks in modern microprocessors represent a new class of attacks that have been difficult to deal with. They underline vulnerabilities in hardware design that have been going unnoticed for years. This shows the weakness of the state-of-the-art verification process and design practices. These attacks are OS-independent, and they do not exploit any software vulnerabilities. Moreover, they violate all security assumptions ensured by standard security procedures, (e.g., address space isolation), and, as a result, every security mechanism built upon these guarantees. These vulnerabilities allow the attacker to retrieve leaked data without accessing the secret directly. Indeed, they make use of covert channels, which are mechanisms of hidden communication that convey sensitive information without any visible information flow between the malicious party and the victim. The root cause of this type of side-channel attacks lies within the speculative and out-of-order execution of modern high-performance microarchitectures. Since modern processors are hard to verify with standard formal verification techniques, we present a methodology that shows how to transform a realistic model of a speculative and out-of-order processor into an abstract one. Following related formal verification approaches, we simplify the model under consideration by abstraction and refinement steps. We also present an approach to formally verify the abstract model using a standard model checker. The theoretical flow, reliant on established formal verification results, is introduced and a sketch of proof is provided for soundness and correctness. Finally, we demonstrate the feasibility of our approach, by applying it on a pipelined DLX RISC-inspired processor architecture. We show preliminary experimental results to support our claim, performing Bounded Model-Checking with a state-of-the-art model checker

Advanced Techniques for Bit-Level Model Checking

With increasing design complexity, verification becomes a more and more important aspect of the design flow: modern circuits contain up to several million transistors, causing verification to be the major bottleneck and the most expensive stage. This is one of the reasons why Formal Verification techniques are gaining large attention, since they allow to prove correctness of a circuit (ensuring a total functional correctness) compared to classical simulation, which cannot guarantee sufficient coverage of the design, due to its intrinsic not complete nature. Being Formal Verification a complete technique, its natural application can be found in all those critical systems where the absence of bugs is mandatory. In particular, hardware design can be considered as one of the most critical areas, due to the difficulties (and costs) involved in solving a fault introduced at the design stage, but exposed only after its manufacturing. On the other hand, generally speaking, a software system could be patched easily, just releasing a newer version of the software itself. Nevertheless recently also software applications are becoming a relevant area of application for Formal Verification techniques, especially concerning safety critical applications, software security aspects and firmware of embedded systems. Nowadays the most widely used approach to Formal Verification is Model Checking, which consists of a systematically exhaustive exploration of the mathematical model of the system under analysis. The great advantage of Model Checking is that, provided the model of the system and the property to check, it is fully automatic; while its primary disadvantage relies on the difficulty to scale to large systems. The main goal of this Ph.D. dissertation is to present improvements to Model Checking algorithms for hardware design, focused on scalability and efficiency aspects. Every contribution is provided with exhaustive experimental data, performed on industrial test-cases. This dissertation studies also a recent but equally relevant (and critical) area of application for Model Checking algorithms: the verification of security properties in embedded systems. In this context, due to the novelty of this topic, efforts were oriented to study the applicability of the Model Checking approach, leaving the scalability aspects to further works

Optimization techniques for craig interpolant compaction in unbounded model checking

This paper addresses the problem of reducing the size of Craig interpolants generated within inner steps of SAT-based Unbounded Model Checking. Craig interpolants are obtained from refutation proofs of unsatisfiable SAT runs, in terms of and/or circuits of linear size, w.r.t. the proof. Existing techniques address proof reduction, whereas interpolant circuit compaction is typically considered as an implementation problem, tackled with standard logic synthesis techniques. We propose a three step interpolant computation process, specifically oriented to scalability, in which we: (1) exploit an existing technique to detect and remove redundancies in refutation proofs, (2) apply customized light weight combinational logic reductions (constant propagation, ODC-based implifications, and BDD-based sweeping) directly on the proof graph data structure, (3) introduce an ad-hoc combinational reduction procedure for large interpolant circuits, based on the incrementality and divide-and-conquer paradigms. The main contributions of our approach are represented by the overall approach, the proposed combinational reduction technique, and a detailed experimental evaluation of the interpolant generation process, on a set of benchmarks from the Hardware Model Checking Competitions 2013 and 201

Optimization techniques for Craig Interpolant compaction in Unbounded Model Checking

This paper addresses the problem of reducing the size of Craig interpolants generated within inner steps of SAT-based Unbounded Model Checking. Craig interpolants are obtained from refutation proofs of unsatisfiable SAT runs, in terms of and/or circuits of linear size, w.r.t. the proof. Existing techniques address proof reduction, whereas interpolant com- paction is typically considered as an implementation problem, tackled using standard logic synthesis techniques. We propose an integrated three step process, in which we: (1) exploit an existing technique to detect and remove redundancies in refutation proofs, (2) apply combinational logic reductions (constant propagation, ODC-based simplifications, and BDD-based sweeping) directly on the proof graph data structure, (3) eventually apply ad hoc combinational logic synthesis steps on interpolant circuits. The overall procedure is novel (as well as parts of the above listed steps), and represents an advance w.r.t. the state-of-the art. The paper includes an experimental evaluation, showing the benefits of the proposed technique, on a set of benchmarks from the Hardware Model Checking Competition 2011

Optimization techniques for Craig Interpolant compaction in Unbounded Model Checking

This paper addresses the problem of reducing the size of Craig interpolants generated within inner steps of SAT-based Unbounded Model Checking. Craig interpolants are obtained from refutation proofs of unsatisfiable SAT runs, in terms of and/or circuits of linear size, w.r.t. the proof. Existing techniques address proof reduction, whereas interpolant com- paction is typically considered as an implementation problem, tackled using standard logic synthesis techniques. We propose an integrated three step process, in which we: (1) exploit an existing technique to detect and remove redundancies in refutation proofs, (2) apply combinational logic reductions (constant propagation, ODC-based simplifications, and BDD-based sweeping) directly on the proof graph data structure, (3) eventually apply ad hoc combinational logic synthesis steps on interpolant circuits. The overall procedure is novel (as well as parts of the above listed steps), and represents an advance w.r.t. the state-of-the art. The paper includes an experimental evaluation, showing the benefits of the proposed technique, on a set of benchmarks from the Hardware Model Checking Competition 2011

Model Checking Speculation-Dependent Security Properties: Abstracting and Reducing Processor Models for Sound and Complete Verification

Though modern microprocessors embed several hardware security mechanisms, aimed at guaranteeing confidentiality and integrity of sensible data, recently disclosed attacks such as Spectre and Meltdown witness weaknesses with potentially great impact on CPU security. Both vulnerabilities exploit speculative execution of modern high-performance micro-architectures, allowing the attacker to observe data leaked via a memory side channel, during speculated and mispredicted instructions. In this paper we present a methodology to formally verify, by means of a model checker, speculative vulnerabilities, such as the class of Spectre/Meltdown attacks, in microprocessors based on speculative execution. In detail, we discuss the problem of formally verifying confidentiality violations, since we deem it will help preventing new vulnerabilities of the same typology. We describe our methodology on a pipelined CPU inspired by the DLX RISC processor architecture. Due to scalability issues, and following related approaches in formal verification of correctness, our approach simplifies the model under verification by proper abstraction and reduction steps. The approach is based on flushing the pipeline, abstracting data and most of the speculative execution logic, keeping a subset of control data, plus speculated data state and tainting logic. Illegal propagation (data leakage) is encoded in terms of taint propagation, from a protected/invalid memory address to the address bus on a subsequent memory read, affecting the cache. We introduce the theoretical flow, relying on known theoretical results combined and exploited to prove soundness and completeness. Finally, using a state-of-the-art model checking tool, we present preliminary data on formal verification based on Bounded Model Checking, that to support our claims and highlight the feasibility of the approach

Tightening BDD-based Approximate Reachability with SAT-based Clause Generalization

In the framework of symbolic model checking, BDD-based approximate reachability is potentially much more scalable than its exact counterpart. However, its practical applicability is highly limited by its static approach to abstraction, and the intrinsic difficulty to find an acceptable trade-off between accuracy and memory/time complexity. In this paper, we use SAT-based cube generalization, a core step of the IC3 model checking algorithm, in order to strengthen BDD-based representations of state sets. More specifically, we use cube generalization, in both its inductive and non-inductive versions, to tighten BDD-based over-approximate representations of state sets computed by Machine by Machine (MBM) and Frame by Frame (FBF) algorithms. The resulting approach benefits from the orthogonal power of BDD and CNF representations, and it improves the scalability and applicability in verification of BDD-based methods. Experimental results confirm that this approach can provide tighter representations of reachable state sets and more powerful fully BDD-based engines, as well as potential applications of BDDs as invariants or constraints in SAT-based model checkin

Ricorsione e problem-solving: strategie algoritmiche in linguaggio C

Il “divide et impera” è un potente paradigma di problem-solving, in cui un problema complesso viene scomposto in problemi indipendenti e di ugual natura, sino a raggiungere dimensioni tali da poter applicare soluzioni elementari. Queste vengono infine ricombinate, risolvendo il problema di partenza. Nella maggior parte dei problemi affrontati col paradigma “divide et impera”, la ricorsione permette un vero e proprio salto di qualità nell’approccio al problem-solving da parte dello studente: in tale prospettiva, non basta più la comprensione della ricorsione matematica e la capacità di esprimere in forma di programma in C una formula ricorsiva, è necessario dotarsi di una vera e propria metodologia strutturata per l’esplorazione di uno spazio all’interno del quale si trovano le soluzioni al problema