Model-Checking Speculation-Dependent Security Properties: Abstracting and Reducing Processor Models for Sound and Complete Verification

Spectre and Meltdown attacks in modern microprocessors represent a new class of attacks that have been difficult to deal with. They underline vulnerabilities in hardware design that have been going unnoticed for years. This shows the weakness of the state-of-the-art verification process and design practices. These attacks are OS-independent, and they do not exploit any software vulnerabilities. Moreover, they violate all security assumptions ensured by standard security procedures, (e.g., address space isolation), and, as a result, every security mechanism built upon these guarantees. These vulnerabilities allow the attacker to retrieve leaked data without accessing the secret directly. Indeed, they make use of covert channels, which are mechanisms of hidden communication that convey sensitive information without any visible information flow between the malicious party and the victim. The root cause of this type of side-channel attacks lies within the speculative and out-of-order execution of modern high-performance microarchitectures. Since modern processors are hard to verify with standard formal verification techniques, we present a methodology that shows how to transform a realistic model of a speculative and out-of-order processor into an abstract one. Following related formal verification approaches, we simplify the model under consideration by abstraction and refinement steps. We also present an approach to formally verify the abstract model using a standard model checker. The theoretical flow, reliant on established formal verification results, is introduced and a sketch of proof is provided for soundness and correctness. Finally, we demonstrate the feasibility of our approach, by applying it on a pipelined DLX RISC-inspired processor architecture. We show preliminary experimental results to support our claim, performing Bounded Model-Checking with a state-of-the-art model checker

Comparative analysis of models and performance indicators for optimal service facility location

This study investigates the optimal process for locating generic service facilities by applying and comparing several well-known basic models from the literature. At a strategic level, we emphasize that selecting the right location model to use could result in a problematic and possibly misleading task if not supported by appropriate quantitative analysis. For this reason, we propose a general methodological framework to analyze and compare the solutions provided by several models to obtain a comprehensive evaluation of the location decisions from several different perspectives. Therefore, a battery of key performance indicators (KPIs) has been developed and calculated for the different models’ solutions. Additional insights into the decision process have been obtained through a comparative analysis. The indicators involve topological, coverage, equity, robustness, dispersion, and accessibility aspects. Moreover, a specific part of the analysis is devoted to progressive location interventions over time and identifying core location decisions. Results on randomly generated instances, which simulate areas characterized by realistic geographical or demographic features, are reported to analyze the models’ behavior in different settings and demonstrate the methodology’s general applicability. Our experimental campaign shows that the p-median model behaves very well against the proposed KPIs. In contrast, the maximal covering problem and some proposed back-up coverage models return very robust solutions when the location plan is implemented through several progressive interventions over time

System-level fault modeling and test pattern generation with process algebras

The increasing complexity of systems is challenging designers with new issues, such as description, validation, verification, and testing at system level. This paper advocates the use of Process Algebras as a mathematically sound formalism to describe, to validate, to verify, and to generate test patterns at system level. Its main contribution is twofold: on one hand the definition of a general-purpose fault model of faulty communications between fault-free, concurrently evolving processes, on the other hand the implementation of an automatic test pattern generation procedure, as a variant of the weak bisimulation algorithm, normally used to prove the observational equivalence of processes. Two examples are provided to support the claim for validity: the functional fault model proposed by S. M. Thatte and J. A. Abraham for microprocessors is expressed in the new framework and some functional faults on a bus structure are modeled. Experimental results concerning the Process Algebra de..

An efficient tool for system-level verification of behaviors and temporal properties

In this paper the use of Process Algebras is advocated as a solution for system-level description of structure, communication and behavior, while an action-based Temporal Logic is used to specify and check system-level properties. It is shown how SEVERO, a tool for describing and verifying finite state systems, can be used to integrate in the unified framework of symbolic manipulations both descriptive and prescriptive aspects. Experimental results show the efficiency of the BDD-based implementation of the proof procedures

A methodology for system-level design for verifiability

Working at system level is attracting increasing interest. New issues must be taken into account, such as validation and verification at all steps. This paper presents a system-level design methodology that supports verification. Starting from a description in a proper subset of VHDL, a Petri Net description is obtained and used for validation purposes and for building the corresponding automaton. An efficient BDD-based tool for Process Algebra manipulation supports formal equivalence proofs. Experimental results show that the approach is feasible also for real-size industrial case