Model-Checking Speculation-Dependent Security Properties: Abstracting and Reducing Processor Models for Sound and Complete Verification
Autor: | Gianpiero Cabodi, Paolo Camurati, Fabrizio Finocchiaro, Danilo Vendraminetto |
---|---|
Jazyk: | angličtina |
Rok vydání: | 2019 |
Předmět: |
Computer Networks and Communications
lcsh:Electronics meltdown lcsh:TK7800-8360 model-checking 02 engineering and technology confidentiality secure CPU architecture 020202 computer hardware & architecture taint propagation reorder buffer Hardware and Architecture Control and Systems Engineering 020204 information systems Signal Processing 0202 electrical engineering electronic engineering information engineering abstraction and reduction speculative execution pipeline flushing spectre Electrical and Electronic Engineering |
Zdroj: | Electronics, Vol 8, Iss 9, p 1057 (2019) Electronics Volume 8 Issue 9 |
ISSN: | 2079-9292 |
Popis: | Spectre and Meltdown attacks in modern microprocessors represent a new class of attacks that have been difficult to deal with. They underline vulnerabilities in hardware design that have been going unnoticed for years. This shows the weakness of the state-of-the-art verification process and design practices. These attacks are OS-independent, and they do not exploit any software vulnerabilities. Moreover, they violate all security assumptions ensured by standard security procedures, (e.g., address space isolation), and, as a result, every security mechanism built upon these guarantees. These vulnerabilities allow the attacker to retrieve leaked data without accessing the secret directly. Indeed, they make use of covert channels, which are mechanisms of hidden communication that convey sensitive information without any visible information flow between the malicious party and the victim. The root cause of this type of side-channel attacks lies within the speculative and out-of-order execution of modern high-performance microarchitectures. Since modern processors are hard to verify with standard formal verification techniques, we present a methodology that shows how to transform a realistic model of a speculative and out-of-order processor into an abstract one. Following related formal verification approaches, we simplify the model under consideration by abstraction and refinement steps. We also present an approach to formally verify the abstract model using a standard model checker. The theoretical flow, reliant on established formal verification results, is introduced and a sketch of proof is provided for soundness and correctness. Finally, we demonstrate the feasibility of our approach, by applying it on a pipelined DLX RISC-inspired processor architecture. We show preliminary experimental results to support our claim, performing Bounded Model-Checking with a state-of-the-art model checker. |
Databáze: | OpenAIRE |
Externí odkaz: |