IP Trust Validation Using Proof-Carrying Hardware

The wide usage of hardware Intellectual Property (IP) cores from untrusted third-party vendors has raised security vulnerabilities at design stages of the IC design flow. Possibility of hardware Trojans and/or design backdoors in the IP cores has increased security concerns. As existing functional testing methods fall short in detecting these unspecified (often malicious) logic, formal methods provide powerful solutions in detecting malicious behaviors in hardware. Toward this direction, we will discuss theorem proving and model checking for hardware trust evaluation. Specifically, proof-carrying hardware (PCH) and its applications are introduced in detail. While PCH methods suffer from scalability issues and cannot be easily used for large-scale applications such as System-on-Chip (SoC) design, we will also discuss variants of PCH such as the Hierarchy Preserving Formal Verification framework, for alleviating the scalability challenge.

[1]  Adam Chlipala,et al.  Using Crash Hoare logic for certifying the FSCQ file system , 2015, USENIX Annual Technical Conference.

[2]  Hsien-Hsin S. Lee,et al.  InfoShield: a security architecture for protecting information usage in memory , 2006, The Twelfth International Symposium on High-Performance Computer Architecture, 2006..

[3]  Stephanie Drzevitzky Proof-Carrying Hardware: Runtime Formal Verification for Secure Dynamic Reconfiguration , 2010, 2010 International Conference on Field Programmable Logic and Applications.

[4]  Milo M. K. Martin,et al.  Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically , 2010, 2010 IEEE Symposium on Security and Privacy.

[5]  Jakob Rehof,et al.  Context-Bounded Model Checking of Concurrent Software , 2005, TACAS.

[6]  Prabhat Mishra,et al.  Scalable SoC trust verification using integrated theorem proving and model checking , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[7]  Ulf Norell Dependently typed programming in Agda , 2009, TLDI '09.

[8]  Marta Z. Kwiatkowska,et al.  PRISM: Probabilistic Symbolic Model Checker , 2002, Computer Performance Evaluation / TOOLS.

[9]  Peter Dybjer,et al.  Verifying Haskell programs by combining testing, model checking and interactive theorem proving , 2004, Inf. Softw. Technol..

[10]  Sofiène Tahar,et al.  Modeling and verification of embedded systems using Cadence SMV , 2000, 2000 Canadian Conference on Electrical and Computer Engineering. Conference Proceedings. Navigating to a New Era (Cat. No.00TH8492).

[11]  Adam Chlipala,et al.  Modular Deductive Verification of Multiprocessor Hardware Designs , 2015, CAV.

[12]  Marco Platzner,et al.  Proof-Carrying Hardware: Towards Runtime Verification of Reconfigurable Modules , 2009, 2009 International Conference on Reconfigurable Computing and FPGAs.

[13]  Adam Chlipala,et al.  Certified Programming with Dependent Types - A Pragmatic Introduction to the Coq Proof Assistant , 2013 .

[14]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[15]  Nektarios Georgios Tsoutsos,et al.  Advanced techniques for designing stealthy hardware trojans , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[16]  André Platzer,et al.  How to model and prove hybrid systems with KeYmaera: a tutorial on safety , 2015, International Journal on Software Tools for Technology Transfer.

[17]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[18]  Dirk Beyer,et al.  CPAchecker: A Tool for Configurable Software Verification , 2009, CAV.

[19]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[20]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[21]  Yiorgos Makris,et al.  Proof carrying-based information flow tracking for data secrecy protection and hardware trust , 2012, 2012 IEEE 30th VLSI Test Symposium (VTS).

[22]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[23]  David A. Wagner,et al.  Defeating UCI: Building Stealthy and Malicious Hardware , 2011, 2011 IEEE Symposium on Security and Privacy.

[24]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[25]  Shaojie Zhang,et al.  FIGHT-metric: Functional identification of gate-level hardware trustworthiness , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[26]  Jeyavijayan Rajendran,et al.  Detecting malicious modifications of data in third-party intellectual property cores , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[27]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[28]  Thomas Kropf,et al.  Introduction to Formal Hardware Verification , 1999, Springer Berlin Heidelberg.

[29]  Mark Bickford,et al.  Formal verification of a pipelined microprocessor , 1990, IEEE Software.

[30]  Lawrence C. Paulson,et al.  Isabelle: The Next 700 Theorem Provers , 2000, ArXiv.

[31]  Thomas A. Henzinger,et al.  Software Verification with BLAST , 2003, SPIN.

[32]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[33]  Yiorgos Makris,et al.  Proof-Carrying Hardware Intellectual Property: A Pathway to Trusted Module Acquisition , 2012, IEEE Transactions on Information Forensics and Security.

[34]  Yiorgos Makris,et al.  A proof-carrying based framework for trusted microprocessor IP , 2013, 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[35]  John Harrison,et al.  Floating-Point Verification , 2005, J. Univers. Comput. Sci..

[36]  Simha Sethumadhavan,et al.  FANCI: identification of stealthy malicious logic using boolean functional analysis , 2013, CCS.

[37]  Swarup Bhunia,et al.  Towards Trojan-Free Trusted ICs: Problem Analysis and Detection Scheme , 2008, 2008 Design, Automation and Test in Europe.

[38]  David H. K. Hoe,et al.  Designing stealthy Trojans with sequential logic: A stream cipher case study , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[39]  Marco Platzner,et al.  Achieving hardware security for reconfigurable systems on chip by a proof-carrying code approach , 2011, 6th International Workshop on Reconfigurable Communication-Centric Systems-on-Chip (ReCoSoC).

[40]  Christel Baier,et al.  Principles of model checking , 2008 .

[41]  Edmund M. Clarke,et al.  Model checking and theorem proving: a unified framework , 2002 .

[42]  Bo Yang,et al.  Cycle-accurate information assurance by proof-carrying based signal sensitivity tracing , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[43]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[44]  Guilherme Ottoni,et al.  RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[45]  Mark Mohammad Tehranipoor,et al.  Case study: Detecting hardware Trojans in third-party digital IP cores , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[46]  Yier Jin Design-for-Security vs. Design-for-Testability: A Case Study on DFT Chain in Cryptographic Circuits , 2014, 2014 IEEE Computer Society Annual Symposium on VLSI.

[47]  Alan J. Hu,et al.  BackSpace: Formal Analysis for Post-Silicon Debug , 2008, 2008 Formal Methods in Computer-Aided Design.

[48]  Ravishankar K. Iyer,et al.  Defeating memory corruption attacks via pointer taintedness detection , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[49]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[50]  Michael S. Hsiao,et al.  Trusted RTL: Trojan detection methodology in pre-silicon designs , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[51]  Armin Biere,et al.  Bounded Model Checking Using Satisfiability Solving , 2001, Formal Methods Syst. Des..

[52]  Prabhat Mishra,et al.  Pre-silicon security verification and validation: A formal perspective , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[53]  Yier Jin,et al.  Hierarchy-Preserving Formal Verification Methods for Pre-silicon Security Assurance , 2015, 2015 16th International Workshop on Microprocessor and SOC Test and Verification (MTV).

[54]  Masahiro Fujita,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, DAC '99.

[55]  Ruby B. Lee,et al.  A software-hardware architecture for self-protecting data , 2012, CCS.

[56]  Kim G. Larsen,et al.  Time for Statistical Model Checking of Real-Time Systems , 2011, CAV.

[57]  Ofer Strichman,et al.  Bounded model checking , 2003, Adv. Comput..

[58]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.