Hardware/Software Co-monitoring

Hardware/Software (HW/SW) interfaces, mostly implemented as devices and device drivers, are pervasive in various computer systems. Nowadays HW/SW interfaces typically undergo intensive testing and validation before release, but they are still unreliable and insecure when deployed together with computer systems to end users. Escaped logic bugs, hardware transient failures, and malicious exploits are prevalent in HW/SW interactions, making the entire system vulnerable and unstable. We present HW/SW co-monitoring, a runtime co-verification approach to detecting failures and malicious exploits in device/driver interactions. Our approach utilizes a formal device model (FDM), a transaction-level model derived from the device specification, to shadow the real device execution. Based on the co-execution of the device and FDM, HW/SW co-monitoring carries out two-tier runtime checking: (1) device checking checks if the device behaviors conform to the FDM behaviors; (2) property checking detects invalid driver commands issued to the device by verifying system properties against driver/device interactions. We have applied HW/SW co-monitoring to five widely-used devices and their Linux drivers, discovering 9 real bugs and vulnerabilities while introducing modest runtime overhead. The results demonstrate the major potential of HW/SW co-monitoring in improving system reliability and security.

[1]  Alan J. Hu,et al.  BackSpace: Formal Analysis for Post-Silicon Debug , 2008, 2008 Formal Methods in Computer-Aided Design.

[2]  James A. Rowson,et al.  Hardware / Software Co-Simulation , 2000 .

[3]  Asim Kadav,et al.  Understanding modern device drivers , 2012, ASPLOS XVII.

[4]  Subhasish Mitra,et al.  IFRA: Instruction Footprint Recording and Analysis for post-silicon bug localization in processors , 2008, 2008 45th ACM/IEEE Design Automation Conference.

[5]  Zeljko Zilic,et al.  Adding Debug Enhancements to Assertion Checkers for Hardware Emulation and Silicon Debug , 2006, 2006 International Conference on Computer Design.

[6]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[7]  Daniel Kroening,et al.  Formal co-validation of low-level hardware/software interfaces , 2013, 2013 Formal Methods in Computer-Aided Design.

[8]  Sriram K. Rajamani,et al.  Thorough static analysis of device drivers , 2006, EuroSys.

[9]  Alan J. Hu,et al.  Efficient Generation of Monitor Circuits for GSTE Assertion Graphs , 2003, ICCAD 2003.

[10]  Leonid Ryzhyk,et al.  Dingo: taming device drivers , 2009, EuroSys '09.

[11]  Gérard Memmi,et al.  A reconfigurable design-for-debug infrastructure for SoCs , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[12]  Doron A. Peled,et al.  Combining Software and Hardware Verification Techniques , 2002, Formal Methods Syst. Des..

[13]  Asim Kadav,et al.  Tolerating hardware device failures in software , 2009, SOSP '09.

[14]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[15]  Lexi Pimenidis,et al.  hacking in physically addressable memory a proof of concept , 2007 .

[16]  George Candea,et al.  S2E: a platform for in-vivo multi-path analysis of software systems , 2011, ASPLOS XVI.

[17]  Brian N. Bershad,et al.  Improving the reliability of commodity operating systems , 2005, TOCS.

[18]  Harry Foster,et al.  The Chip is Ready. Am I done? On-chip Verification using Assertion Processors , 2003, VLSI-SOC.

[19]  A. Jain,et al.  A hardware-software co-simulator for embedded system design and debugging , 1995, ASP-DAC '95.

[20]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[21]  George Candea,et al.  Testing Closed-Source Binary Device Drivers with DDT , 2010, USENIX Annual Technical Conference.

[22]  Albert Spruyt,et al.  Integrating DMA attacks in exploitation frameworks , 2012 .

[23]  Asim Kadav,et al.  SymDrive: Testing Drivers without Devices , 2012, OSDI.