Formal Verification of Integrity-Preserving Countermeasures Against Cache Storage Side-Channels

Formal verification of systems-level software such as hypervisors and operating systems can enhance system trustworthiness. However, without taking low level features like caches into account the verification may become unsound. While this is a well-known fact w.r.t. timing leaks, few works have addressed latent cache storage side-channels, whose effects are not limited to information leakage. We present a verification methodology to analyse soundness of countermeasures used to neutralise these channels. We apply the proposed methodology to existing countermeasures, showing that they allow to restore integrity of the system. We decompose the proof effort into verification conditions that allow for an easy adaption of our strategy to various software and hardware platforms. As case study, we extend the verification of an existing hypervisor whose integrity can be tampered using cache storage channels. We used the HOL4 theorem prover to validate our security analysis, applying the verification methodology to a generic hardware model.

[1]  Bjorn De Sutter,et al.  ARMor: Fully verified software fault isolation , 2011, 2011 Proceedings of the Ninth ACM International Conference on Embedded Software (EMSOFT).

[2]  Gernot Heiser,et al.  Comprehensive formal verification of an OS microkernel , 2014, TOCS.

[3]  Roberto Guanciale,et al.  Automating Information Flow Analysis of Low Level Code , 2014, CCS.

[4]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[5]  Yu Guo,et al.  Deep Specifications and Certified Abstraction Layers , 2015, POPL.

[6]  Deian Stefan,et al.  Eliminating Cache-Based Timing Attacks with Instruction-Based Scheduling , 2013, ESORICS.

[7]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[8]  Gilles Barthe,et al.  Formally Verified Implementation of an Idealized Model of Virtualization , 2013, TYPES.

[9]  David Brumley,et al.  BAP: A Binary Analysis Platform , 2011, CAV.

[10]  Udo Steinberg,et al.  NOVA: a microhypervisor-based secure virtualization architecture , 2010, EuroSys '10.

[11]  Roberto Guanciale,et al.  Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[12]  Zhenkai Liang,et al.  BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[13]  Gilles Barthe,et al.  Cache-Leakage Resilient OS Isolation in an Idealized Model of Virtualization , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[14]  Gilles Barthe,et al.  Formally Verifying Isolation and Availability in an Idealized Model of Virtualization , 2011, FM.

[15]  Roberto Guanciale,et al.  Trustworthy Prevention of Code Injection in Linux on Embedded Devices , 2015, ESORICS.

[16]  Mark A. Hillebrand,et al.  Dealing with I/O devices in the context of pervasive system verification , 2005, 2005 International Conference on Computer Design.

[17]  Mark A. Hillebrand,et al.  Balancing the Load , 2009, Journal of Automated Reasoning.

[18]  Gernot Heiser,et al.  The Last Mile: An Empirical Study of Timing Channels on seL4 , 2014, CCS.

[19]  Myla Archer,et al.  Formal specification and verification of data separation in a separation kernel for an embedded system , 2006, CCS '06.

[20]  Jan Reineke,et al.  CacheAudit: A Tool for the Static Analysis of Cache Side Channels , 2013, TSEC.

[21]  Benedikt Heinz,et al.  A Cache Timing Attack on AES in Virtualization Environments , 2012, Financial Cryptography.

[22]  Goran Doychev,et al.  Rigorous analysis of software countermeasures against cache attacks , 2017, PLDI.

[23]  Magnus O. Myreen,et al.  Translation validation for a verified OS kernel , 2013, PLDI.

[24]  Hendrik Tews,et al.  Formal Memory Models for the Verification of Low-Level Operating-System Code , 2009, Journal of Automated Reasoning.

[25]  Gilles Barthe,et al.  Verifiable side-channel security of cryptographic implementations: constant-time MEE-CBC , 2016, IACR Cryptol. ePrint Arch..

[26]  Frederic T. Chong,et al.  Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security , 2011, 2011 38th Annual International Symposium on Computer Architecture (ISCA).

[27]  Roberto Guanciale,et al.  Provably secure memory isolation for Linux on ARM , 2016, J. Comput. Secur..

[28]  Hendrik Tews,et al.  Combining Mechanized Proofs and Model-Based Testing in the Formal Analysis of a Hypervisor , 2016, FM.

[29]  Liang Gu,et al.  CertiKOS: a certified kernel for secure cloud computing , 2011, APSys.

[30]  Laurent Mauborgne,et al.  Automatic Quantification of Cache Side-Channels , 2012, CAV.

[31]  Gernot Heiser,et al.  Do Hardware Cache Flushing Operations Actually Meet Our Expectations? , 2016, ArXiv.

[32]  Zhong Shao,et al.  CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels , 2016, OSDI.

[33]  Joseph Tassarotti,et al.  RockSalt: better, faster, stronger SFI for the x86 , 2012, PLDI.

[34]  Matthew Wilding,et al.  Formal Verification of Partition Management for the AAMP7G Microprocessor , 2010, Design and Verification of Microprocessor Systems for High-Assurance Applications.