6 research outputs found
A Scalable Formal Verification Methodology for Data-Oblivious Hardware
The importance of preventing microarchitectural timing side channels in
security-critical applications has surged in recent years. Constant-time
programming has emerged as a best-practice technique for preventing the leakage
of secret information through timing. It is based on the assumption that the
timing of certain basic machine instructions is independent of their respective
input data. However, whether or not an instruction satisfies this
data-independent timing criterion varies between individual processor
microarchitectures. In this paper, we propose a novel methodology to formally
verify data-oblivious behavior in hardware using standard property checking
techniques. The proposed methodology is based on an inductive property that
enables scalability even to complex out-of-order cores. We show that proving
this inductive property is sufficient to exhaustively verify data-obliviousness
at the microarchitectural level. In addition, the paper discusses several
techniques that can be used to make the verification process easier and faster.
We demonstrate the feasibility of the proposed methodology through case studies
on several open-source designs. One case study uncovered a data-dependent
timing violation in the extensively verified and highly secure IBEX RISC-V
core. In addition to several hardware accelerators and in-order processors, our
experiments also include RISC-V BOOM, a complex out-of-order processor,
highlighting the scalability of the approach
A New Security Threat in MCUs -- SoC-wide timing side channels and how to find them
Microarchitectural timing side channels have been thoroughly investigated as
a security threat in hardware designs featuring shared buffers (e.g., caches)
and/or parallelism between attacker and victim task execution. Contradicting
common intuitions, recent activities demonstrate, however, that this threat is
real also in microcontroller SoCs without such features. In this paper, we
describe SoC-wide timing side channels previously neglected by security
analysis and present a new formal method to close this gap. In a case study
with the RISC-V Pulpissimo SoC platform, our method found a vulnerability to a
so far unknown attack variant that allows an attacker to obtain information
about a victim's memory access behavior. After implementing a conservative fix,
we were able to verify that the SoC is now secure w.r.t. timing side channels
Unique Program Execution Checking: A Novel Approach for Formal Security Analysis of Hardware
This thesis addresses the need for a new approach to hardware sign-off verification which guarantees the security of processors at the Register Transfer Level (RTL). To this end, we introduce a formal definition of security with respect to microarchitectural vulnerabilities, formulated as a hardware property.
We present a formal proof methodology based on Unique Program Execution Checking (UPEC) which can be used to systematically detect all vulnerabilities to transient execution attacks in RTL designs. UPEC does not exploit any a priori knowledge on known attacks and can therefore detect also vulnerabilities based on new, so far unknown, types of channels. This is demonstrated by the new attack scenarios discovered in our experiments with UPEC. UPEC operates on a verification model consisting of two identical instances of the SoC design under verification. The SoC instances in the model execute the same program.
The only difference between the two instances is the content of the protected part of the memory, i.e., the secret
Unique Program Execution Checking: A Novel Approach for Formal Security Analysis of Hardware
This thesis addresses the need for a new approach to hardware sign-off verification which guarantees the security of processors at the Register Transfer Level (RTL). To this end, we introduce a formal definition of security with respect to microarchitectural vulnerabilities, formulated as a hardware property.
We present a formal proof methodology based on Unique Program Execution Checking (UPEC) which can be used to systematically detect all vulnerabilities to transient execution attacks in RTL designs. UPEC does not exploit any a priori knowledge on known attacks and can therefore detect also vulnerabilities based on new, so far unknown, types of channels. This is demonstrated by the new attack scenarios discovered in our experiments with UPEC. UPEC operates on a verification model consisting of two identical instances of the SoC design under verification. The SoC instances in the model execute the same program.
The only difference between the two instances is the content of the protected part of the memory, i.e., the secret