18 research outputs found
Synthesis in Uclid5
We describe an integration of program synthesis into Uclid5, a formal
modelling and verification tool. To the best of our knowledge, the new version
of Uclid5 is the only tool that supports program synthesis with bounded model
checking, k-induction, sequential program verification, and hyperproperty
verification. We use the integration to generate 25 program synthesis
benchmarks with simple, known solutions that are out of reach of current
synthesis engines, and we release the benchmarks to the community
Verifying RISC-V Physical Memory Protection
We formally verify an open-source hardware implementation of physical memory
protection (PMP) in RISC-V, which is a standard feature used for memory
isolation in security critical systems such as the Keystone trusted execution
environment. PMP provides per-hardware-thread machine-mode control registers
that specify the access privileges for physical memory regions. We first
formalize the functional property of the PMP rules based on the RISC-V ISA
manual. Then, we use the LIME tool to translate an open-source implementation
of the PMP hardware module written in Chisel to the UCLID5 formal verification
language. We encode the formal specification in UCLID5 and verify the
functional correctness of the hardware. This is an initial effort towards
verifying the Keystone framework, where the trusted computing base (TCB) relies
on PMP to provide security guarantees such as integrity and confidentiality.Comment: SECRISC-V 2019 Worksho
UCLID5: Multi-Modal Formal Modeling, Verification, and Synthesis
UCLID5 is a tool for the multi-modal formal modeling, verification,and synthesis of systems. It enables one to tackle verification problems for heterogeneous systems such as combinations of hardware and software, or those that have multiple, varied specifications, or systems that require hybrid modes of modeling. A novel aspect of UCLID5 is an emphasis on the use of syntax-guided and inductive synthesis to automate steps in modeling and verification. This toolpaper presents new developments in the UCLID5 tool including new language features, integration with new techniques for syntax-guided synthesis and satisfiability solving, support for hyperproperties and combinations of axiomatic and operational modeling, demonstrations on new problem classes, and a more robust implementation
Recommended from our members
Formal Specification and Verification of Secure Information Flow for Hardware Platforms
Hardware platforms, such as microprocessors and Trusted Execution Environments (TEEs), aim to provide strong memory isolation properties. However, in recent years, this has been shown not to be the case through hardware attacks such as the class of transient execution attacks. These attacks affect programs executing on widely-used microprocessor designs in our present-day devices. Although mitigations have been proposed, many have not been adopted and lack formal guarantees. As a result, security-critical applications have been conservative in using hardware platforms without some form of cryptographic approach for secure computation, despite the additional computational overhead. One approach to ensure safety for this class of attacks is to use formal methods to prove information flow properties. Yet, there is limited work in verifying attacks on hardware platforms that are heterogeneous in nature, namely those that contain hardware and software in the trusted computing base.This thesis defines a notion of secure information flow for hardware platforms and proposes methods to formally verify non-interference-based properties efficiently using abstractions and composition. To accomplish the former, we formalize the trace property-dependent observational determinism property for capturing a new class of non-interference properties. This property is motivated by verifying transient execution attacks and the need for secure speculation. To enable efficient verification on hardware platforms, we introduce an efficient proof system, SymboTaint, and the formalism of information flow state machines to reason about secure information flow compositionally. Finally, we explore a complementary method to enforce secure information flow for general programs by relaxing the programming model of a family of TEE designs and by formally verifying them. This direction builds on top of existing abstractions of TEEs to provide memory isolation guarantees with an efficient memory-sharing scheme on TEEs through combined design and verification. Together, this provides a methodology for enforcing memory isolation for heterogeneous systems, where joint modeling and analysis of hardware and software have become imperative for security
Recommended from our members
Synthesis in Uclid5
We describe an integration of program synthesis into Uclid5, a formal
modelling and verification tool. To the best of our knowledge, the new version
of Uclid5 is the only tool that supports program synthesis with bounded model
checking, k-induction, sequential program verification, and hyperproperty
verification. We use the integration to generate 25 program synthesis
benchmarks with simple, known solutions that are out of reach of current
synthesis engines, and we release the benchmarks to the community
Recommended from our members
A Formal Approach to Secure Speculation.
Transient execution attacks like Spectre, Meltdown and Foreshadow have shown that combinations of microarchitectural side-channels can be synergistically exploited to create side-channel leaks that are greater than the sum of their parts. While both hardware and software mitigations have been proposed against these attacks, provable security has remained elusive. This paper introduces a formal methodology for enabling secure speculative execution on modern processors. We propose a new class of of information flow security properties called trace property-dependent observational determinism (TPOD). We use this class to formulate a secure speculation property. Our formulation precisely characterises all transient execution vulnerabilities. We demonstrate its applicability by verifying secure speculation for several illustrative programs
What value do Australian employers give to qualifications?
Lee Ridoutt, Chris Selby Smith, Kevin Hummel, Christina Cheang look at how employers value and use qualifications in their business decisions. Their research indicates clear differences in the value placed on and use made of qualifications by employers for different groups of workers and occupations. Qualifications are considered more important for higher-level occupations and employers use them predominantly to recruit new employees and to ensure regulatory compliance. Employers regard qualifications as a signal of potential for future learning and skills acquisition, not as a signal of immediate competence. Overall, employers drew a strong distinction between qualifications and experience, and favoured and valued the latter more in regard to many of their business decisions. The higher the level of enterprise change and innovation, the lower the level of value and use made of qualifications by employers. Also, small enterprises are more likely to be highly discriminating of qualifications and supporting development among their employees
Recommended from our members
UCLID5: Multi-modal Formal Modeling, Verification, and Synthesis
AbstractUCLID5 is a tool for the multi-modal formal modeling, verification, and synthesis of systems. It enables one to tackle verification problems for heterogeneous systems such as combinations of hardware and software, or those that have multiple, varied specifications, or systems that require hybrid modes of modeling. A novel aspect of UCLID5 is an emphasis on the use of syntax-guided and inductive synthesis to automate steps in modeling and verification. This tool paper presents new developments in the UCLID5 tool including new language features, integration with new techniques for syntax-guided synthesis and satisfiability solving, support for hyperproperties and combinations of axiomatic and operational modeling, demonstrations on new problem classes, and a robust implementation