SpecCert: Specifying and Verifying Hardware-Based Security Enforcement

Letan, Thomas; Chifflier, Pierre; Hiet, Guillaume; Néron, Pierre; Morin, Benjamin

doi:10.1007/978-3-319-48989-6_30

Cited by 4 publications

(5 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…the isolation mechanism provided by OS kernels or hypervisors leveraging hardware features. Such approaches require formalizing the interactions between software and hardware components [21].…”

Section: B Future Work 1) Functional Verificationmentioning

confidence: 99%

“…Second, the security properties proved at the ISA level still rely on the correct implementation of this ISA by a microarchitectural model. Some works in formal methods for hardware verification [1], [6], [15], [21] are based on models of the actual hardware. While this makes proofs easier to come up with, this also opens a possibility for discrepancies between the model and the actual hardware, thus giving a false sense of security.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Generic Framework to Develop and Verify Security Mechanisms at the Microarchitectural Level: Application to Control-Flow Integrity

Baty,

Wilke,

Hiet

et al. 2023

2023 IEEE 36th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés. Copyright

show abstract

Section: B Future Work 1) Functional Verificationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Generic Framework to Develop and Verify Security Mechanisms at the Microarchitectural Level: Application to Control-Flow Integrity

Baty,

Wilke,

Hiet

et al. 2023

2023 IEEE 36th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

show abstract

“…To demonstrate this approach, the authors have designed an implementation of TrustZone, including 10+ security bugs. Similarly the authors of [166] present a formally defined hardware security enforcement for x86 architecture. In this setting, the software relies on underlying hardware for security enforcement, for example memory paging features of an x86 CPU.…”

Section: Protocols the Area Of Consumer Communication Protocols Cover...mentioning

confidence: 99%

A Survey of Practical Formal Methods for Security

et al. 2022

View full text Add to dashboard Cite

In today’s world, critical infrastructure is often controlled by computing systems. This introduces new risks for cyber attacks, which can compromise the security and disrupt the functionality of these systems. It is therefore necessary to build such systems with strong guarantees of resiliency against cyber attacks. One way to achieve this level of assurance is using formal verification, which provides proofs of system compliance with desired cyber security properties. The use of Formal Methods (FM) in aspects of cyber security and safety-critical systems are reviewed in this article. We split FM into the three main classes: theorem proving, model checking and lightweight FM. To allow the different uses of FM to be compared, we define a common set of terms. We further develop categories based on the type of computing system FM are applied in. Solutions in each class and category are presented, discussed, compared and summarised. We describe historical highlights and developments and present a state-of-the-art review in the area of FM in cyber security. This review is presented from the point of view of FM practitioners and researchers, commenting on the trends in each of the classes and categories. This is achieved by considering all types of FM, several types of security and safety-critical systems and by structuring the taxonomy accordingly. The article hence provides a comprehensive overview of FM and techniques available to system designers of security-critical systems, simplifying the process of choosing the right tool for the task. The article concludes by summarising the discussion of the review, focusing on best practices, challenges, general future trends and directions of research within this field.

show abstract

“…FreeSpec follows our previous work named SpecCert [1], whose lack of modularity complexified scalability. Kami [13] shares many concepts with FreeSpec, but implements them in a totally different manner: components are defined as labelled transition systems and can be extracted into FPGA bitstreams.…”

Section: Related Workmentioning

confidence: 99%

“…The latter scenario may lead to a situation where every component seems to be working as expected, but their composition creates an attack path. We name this class of security vulnerabilities "architectural attacks" [1]. Over the past decade, many critical vulnerabilities affecting computing systems, in particular those relying on the x86 architecture, have raised awareness about the threat posed by architectural attacks.…”

Section: Introductionmentioning

confidence: 99%

Modular Verification of Programs with Effects and Effect Handlers in Coq

et al. 2018

Self Cite

View full text Add to dashboard Cite

Modern computing systems have grown in complexity, and the attack surface has increased accordingly. Even though system components are generally carefully designed and even verified by different groups of people, the composition of these components is often regarded with less attention. This paves the way for "architectural attacks", a class of security vulnerabilities where the attacker is able to threaten the security of the system even if each of its components continues to act as expected. In this article, we introduce FreeSpec, a formalism built upon the key idea that components can be modelled as programs with algebraic effects to be realized by other components. FreeSpec allows for the modular modelling of a complex system, by defining idealized components connected together, and the modular verification of the properties of their composition. In addition, we have implemented a framework for the Coq proof assistant based on FreeSpec. OSApp Execution Unit MMU Cache APIC IOMMU MCH Management Engine DRAM Controller VGA Controller SENTER Sandman [6], SpeedRacer [5] SMRAM cache poisoning [2,3] DMA Attacks [7] Sinkhole [4]

show abstract

SpecCert: Specifying and Verifying Hardware-Based Security Enforcement

Cited by 4 publications

References 15 publications

A Generic Framework to Develop and Verify Security Mechanisms at the Microarchitectural Level: Application to Control-Flow Integrity

A Generic Framework to Develop and Verify Security Mechanisms at the Microarchitectural Level: Application to Control-Flow Integrity

A Survey of Practical Formal Methods for Security

Modular Verification of Programs with Effects and Effect Handlers in Coq

Contact Info

Product

Resources

About