Compositional Proofs of Information Flow Properties for Hardware-Software Platforms

Kevin Cheang and Adwait Godbole and Yatin A. Manerkar and Sanjit A. Seshia

EECS Department, University of California, Berkeley

Technical Report No. UCB/EECS-2023-204

August 9, 2023

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2023/EECS-2023-204.pdf

While agile hardware design flows have led to performant computation platforms, hardware security vulnerabilities pose a threat to security-critical software running on these platforms. Verifying programs running on such platforms w.r.t. security properties faces two major challenges: (a) vulnerable software is often nested within large pieces of code, and (b) security properties require more fine-grained platform models (compared to functional properties), leading to complex verification queries. Our work is motivated by these challenges. To address (a) we develop SymboTaint, a Hoare-style proof system that allows the decomposition of monolithic security specifications over large programs into smaller verification conditions. For challenge (b), we develop Information Flow State Machines (IFSMs), a modeling framework that provides compositionality properties. As a case study, we develop a speculative microprocessor model called Speculative Abstract Platform (SAP) which captures hardware designs with a wide range of microarchitectural features. As an evaluation, we use IFSMs to model SAP and verify observational determinism on a broad class of attack programs running on SAP.

BibTeX citation:

@techreport{Cheang:EECS-2023-204,
    Author= {Cheang, Kevin and Godbole, Adwait and Manerkar, Yatin A. and Seshia, Sanjit A.},
    Title= {Compositional Proofs of Information Flow Properties for Hardware-Software Platforms},
    Year= {2023},
    Month= {Aug},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2023/EECS-2023-204.html},
    Number= {UCB/EECS-2023-204},
    Abstract= {While agile hardware design flows have led to performant computation platforms, hardware security vulnerabilities pose a threat to security-critical software running on these platforms. Verifying programs running on such platforms w.r.t. security properties faces two major challenges: (a) vulnerable software is often nested within large pieces of code, and (b) security properties require more fine-grained platform models (compared to functional properties), leading to complex verification queries. Our work is motivated by these challenges. To address (a) we develop SymboTaint, a Hoare-style proof system that allows the decomposition of monolithic security specifications over large programs into smaller verification conditions. For challenge (b), we develop Information Flow State Machines (IFSMs), a modeling framework that provides compositionality properties. As a case study, we develop a speculative microprocessor model called Speculative Abstract Platform (SAP) which captures hardware designs with a wide range of microarchitectural features. As an evaluation, we use IFSMs to model SAP and verify observational determinism on a broad class of attack programs running on SAP.},
}

EndNote citation:

%0 Report
%A Cheang, Kevin 
%A Godbole, Adwait 
%A Manerkar, Yatin A. 
%A Seshia, Sanjit A. 
%T Compositional Proofs of Information Flow Properties for Hardware-Software Platforms
%I EECS Department, University of California, Berkeley
%D 2023
%8 August 9
%@ UCB/EECS-2023-204
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2023/EECS-2023-204.html
%F Cheang:EECS-2023-204