Proof-Carrying Hardware: Towards Runtime Verification of Reconfigurable Modules

Drzevitzky, Stephanie; Kastens, Uwe; Platzner, Marco

doi:10.1109/reconfig.2009.31

Cited by 42 publications

(16 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We develop an abstract notion of a "protocol" which delimits a range of acceptable behaviors. This is in contrast to [15]'s proposal for Proof-Carrying Hardware which allowed only for proofs that an FPGA layout implements a specific boolean logic function, requiring a level of specificity that precludes any functional differences between implementations and does not really bring the full potential of software PCC into the hardware domain.…”

Section: Example Design Scenariomentioning

confidence: 91%

“…A parallel concept of Proof-Carrying Hardware (PCH) was first proposed in [15], but the authors showed only that correctness proofs could be generated for FPGA bitstreams in order to provide assurance that the given gate configuration implements a specific boolean logic function and therefore did not allow for true functional variation. Furthermore, their method relied on a SAT solver rather than a formal high-level proof assistant tool, and thus more closely resembles formal verification than PCC.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Enhancing security via provably trustworthy hardware intellectual property

Love

Jin

Makris

2011

2011 IEEE International Symposium on Hardware-Oriented Security and Trust

View full text Add to dashboard Cite

Abstract-We introduce a novel hardware intellectual property acquisition protocol, show how it can support the transfer of provably trustworthy modules between hardware IP producers and consumers, and discuss what it might mean for a device to be considered "secure." Specifically, we demonstrate the applicability of previous work in the software field of ProofCarrying Code (PCC) to the problem of hardware trust and use it to combat the threat of hardware IP-level Trojans. We outline a semantic model representing the constructs permissible in a Verilog hardware description language (HDL) and show how this model can be used to reason about the trustworthiness of circuits represented at the register-transfer level (RTL). A discussion of "security-related properties" reveals how rules for trustworthy operation might be established for a particular design without necessarily specifying exact functionality. We then examine a hypothetical scenario involving a consumer with certain security needs and show how our system could be employed to guarantee that these needs are met by a hardware IP vendor's code.

show abstract

Section: Example Design Scenariomentioning

confidence: 91%

Section: Introductionmentioning

confidence: 99%

Enhancing security via provably trustworthy hardware intellectual property

Love

Jin

Makris

2011

2011 IEEE International Symposium on Hardware-Oriented Security and Trust

View full text Add to dashboard Cite

show abstract

“…A similar security evaluation method was proposed in the hardware domain recently. In [14], the authors introduced the application of Proof-Carrying Hardware (PCH) in FPGAs and reconfigurable devices. A proof is generated to demonstrate that an agreedupon specification function is combinatorially equivalent to the FPGA implementation (aka FPGA bitstream file).…”

Section: Proof-carrying Hardware a Proof-carrying Hardware Ipmentioning

confidence: 99%

Design-for-Security vs. Design-for-Testability: A Case Study on DFT Chain in Cryptographic Circuits

Jin

2014

2014 IEEE Computer Society Annual Symposium on VLSI

View full text Add to dashboard Cite

Relying on a recently developed gate-level information assurance scheme, we formally analyze the security of design-for-test (DFT) scan chains, the industrial standard testing methods for fabricated chips and, for the first time, formally prove that a circuit with scan chain inserted can violate security properties. The same security assessment method is then applied to a built-in-self-test (BIST) structure where it is shown that even BIST structures can cause security vulnerabilities. To balance trustworthiness and testability, a new design-for-security (DFS) methodology is proposed which, through the modification of scan chain structure, can achieve high security without compromising the testability of the inserted scan structure. To support the task of secure scan chain insertion, a method of scan chain reshuffling is introduced. Using an AES encryption core as the testing platform, we elaborated the security assessment procedure as well as the DFS technique in balancing security and testability of cryptographic circuits.

show abstract

“…Formal methods have been used to verify reconfigurable cores at runtime by running an online prover [Singh and Lillieroth 1999] or by checking the proof carried by the hardware task to be reconfigured [Drzevitzky et al 2009]. Formal verification can also be used at system design time.…”

Section: Related Workmentioning

confidence: 99%

Simulation-based functional verification of dynamically reconfigurable systems

Gong

Diessel

2014

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

Dynamically reconfigurable systems (DRS) implemented using field-programmable gate arrays (FPGAs) allow hardware logic to be partially reconfigured while the rest of the design continues to operate. By mapping multiple reconfigurable hardware modules to the same physical region of an FPGA, such systems are able to time-multiplex their modules at runtime and adapt themselves to changing execution requirements. This architectural flexibility introduces challenges for verifying system functionality. New simulation approaches are required to extend traditional simulation techniques to assist designers in testing and debugging the time-varying behavior of DRS. This article summarizes our previous work on ReSim, the first tool to allow cycle-accurate yet physically independent simulation of a DRS reconfiguring both its logic and state. Furthermore, ReSim-based simulation does not require changing the design for simulation purposes and thereby verifies the implementation-ready design instead of a variation of the design. We discuss the conflicting requirements of simulation accuracy and verification productivity in verifying DRS designs and describe our approach to resolve this challenge. Through a range of case studies, we demonstrate that ReSim assists designers in detecting fabric-independent bugs of DRS designs and helps to achieve verification closure of DRS design projects. ACM Reference Format:Lingkan Gong and Oliver Diessel. 2014. Simulation-based functional verification of dynamically reconfigurable systems.

show abstract

Proof-Carrying Hardware: Towards Runtime Verification of Reconfigurable Modules

Cited by 42 publications

References 11 publications

Enhancing security via provably trustworthy hardware intellectual property

Enhancing security via provably trustworthy hardware intellectual property

Design-for-Security vs. Design-for-Testability: A Case Study on DFT Chain in Cryptographic Circuits

Simulation-based functional verification of dynamically reconfigurable systems

Contact Info

Product

Resources

About