toward a methodology for unified verification of hw sw co
play

Toward a methodology for Unified Verification of HW/SW Co-designs - PowerPoint PPT Presentation

Toward a methodology for Unified Verification of HW/SW Co-designs Building a bridge between two worlds Florian Lugou <florian.lugou@telecom-paristech.fr> Ludovic Apvrille <ludovic.apvrille@telecom-paristech.fr> Aurlien


  1. Toward a methodology for Unified Verification of HW/SW Co-designs Building a bridge between two worlds Florian Lugou <florian.lugou@telecom-paristech.fr> Ludovic Apvrille <ludovic.apvrille@telecom-paristech.fr> Aurélien Francillon <aurelien.francillon@eurecom.fr>

  2. Contents Why? SMART Why Hardware/Software co-designs? Why unified verification? Don’t we already do that? Successive verification of HW & SW Unified verification SMASHUP What is it? Using ProVerif Limitations and discussion Demo Institut Mines-Télécom PROOFS 2015 2 3/10/2015

  3. Contents Why? SMART Why Hardware/Software co-designs? Why unified verification? Don’t we already do that? Successive verification of HW & SW Unified verification SMASHUP What is it? Using ProVerif Limitations and discussion Demo Institut Mines-Télécom PROOFS 2015 3 3/10/2015

  4. SMART remote attestation Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust Verifier Prover Generate challenge challenge Compute fingerprint fingerprint Accept or Reject Institut Mines-Télécom PROOFS 2015 4 3/10/2015

  5. SMART a HW/SW co-design Data Processor Memory Backbone Program attests ROM Verifier Key K X Prover Institut Mines-Télécom PROOFS 2015 5 3/10/2015

  6. SMART Bringing formal guarantees We are here interested in SW-level attacks (no side channel attack, etc.). Formal verification of SMART raises challenges : Security of the scheme depends on secrecy of K . Vulnerabilities in SW (ROM) could endanger secrecy. Custom HW must be taken into account. Security depends on HW features such as interrupt masking. Institut Mines-Télécom PROOFS 2015 6 3/10/2015

  7. Growing Interest in HW/SW Co-designs HW modification is costly but : Mass production makes HW customization affordable. Some HW modifications are cheaper than others. In some cases, strong security guarantees can’t be achieved in pure SW. It’s because HW modification is costly that formally verifying it is essential. Institut Mines-Télécom PROOFS 2015 7 3/10/2015

  8. Verifying both Hardware and Software Different models and methods SW prop SW spec source SW SW SW proof SW model integration prover assembly binary assumed HW model HW impl netlist HW HW HW proof HDL HW model prover modelisation spec HW HW prop Different methods of verification. SW: symbolic execution, taint propagation, model checking, . . . HW: model checking, equivalence checking, . . . Institut Mines-Télécom PROOFS 2015 8 3/10/2015

  9. Verifying both Hardware and Software But close interactions However, HW and SW may have close interactions : SW and HW parts involved in a protocol; HW impacts the way SW is executed. This is particularly true for security designs . Institut Mines-Télécom PROOFS 2015 9 3/10/2015

  10. Contents Why? SMART Why Hardware/Software co-designs? Why unified verification? Don’t we already do that? Successive verification of HW & SW Unified verification SMASHUP What is it? Using ProVerif Limitations and discussion Demo Institut Mines-Télécom PROOFS 2015 10 3/10/2015

  11. Successive verification of HW & SW The idea Independant Verification SW prop SW spec source SW SW SW proof SW model integration prover assembly binary assumed HW model HW impl netlist HW HW HW proof HDL HW model prover modelisation spec HW HW prop Institut Mines-Télécom PROOFS 2015 11 3/10/2015

  12. Successive verification of HW & SW The idea Successive Verification prop SW spec source SW prover proof whole model integration assembly 2 binary HW model HW impl netlist refinement HW prover HDL proof 1 spec HW Institut Mines-Télécom PROOFS 2015 11 3/10/2015

  13. Successive verification of HW & SW The idea Manual expression of a formal model that: enables HW to be proved correct against this model, enables the verifier to express properties in this formal environment , and formalizes the effects of SW instructions on the model. The presence of the verifier is needed to bridge the semantic gap between HW and SW Institut Mines-Télécom PROOFS 2015 12 3/10/2015

  14. Successive verification of HW & SW Feasibility and drawbacks Is it feasible? Finding such model is tedious and involves a lot of manual effort . Feasible when SW & HW are disjoint enough to find a simple formal interface. How could we automate this? Institut Mines-Télécom PROOFS 2015 13 3/10/2015

  15. Unified verification The idea Successive Verification prop SW spec source SW prover proof whole model integration assembly binary HW model HW impl netlist refinement HDL HW prover proof spec HW Institut Mines-Télécom PROOFS 2015 14 3/10/2015

  16. Unified verification The idea Unified Verification prop SW spec source SW prover proof whole model integration assembly binary HW model HW impl netlist HW HW language HDL modelisation model spec HW Institut Mines-Télécom PROOFS 2015 14 3/10/2015

  17. Unified verification The idea Use a formal representation of the HDL . Express the effect of each HDL statement , so that the composition of these is a formal representation of the whole . May restrict the scope of designs. Create an interface to integrate software. Institut Mines-Télécom PROOFS 2015 15 3/10/2015

  18. Unified verification ex: loosely coupled designs E.g: HW and SW parts using a protocol to communicate 1 2 agents communicate through a clear interface HW and SW describe the behaviour of each agent doesn’t really matter whether it’s HW or SW Use a common language (as SystemC) and SW analysis tools 1. D. Kroening et al., Formal Verification of SystemC by Automatic Hard- ware/Software Partitioning Institut Mines-Télécom PROOFS 2015 16 3/10/2015

  19. Unified verification ex: tightly coupled designs E.g.: Customizing core processor logic HW customizes the way SW must be modelled would require low level representation of HW automated extraction of SW concepts (program counter, stack frames, etc.) is nowaday mostly unfeasible SW representation that could be linked to a low level representation of HW: binary format Find a compromise between exhaustivity of HW description and scalability of the proof? Institut Mines-Télécom PROOFS 2015 17 3/10/2015

  20. Contents Why? SMART Why Hardware/Software co-designs? Why unified verification? Don’t we already do that? Successive verification of HW & SW Unified verification SMASHUP What is it? Using ProVerif Limitations and discussion Demo Institut Mines-Télécom PROOFS 2015 18 3/10/2015

  21. SMASHUP: What is it? Simple Modelling and Attestation of Software and Hardware Using Proverif. A python compiler from HW + SW to ProVerif specification. SW is provided as assembly language (MSP430). HW is described as a list of standard modules . Properties are expressed as secrecy properties. The specification produced can be checked with ProVerif . Institut Mines-Télécom PROOFS 2015 19 3/10/2015

  22. SMASHUP: What is it? prop SW spec source SW prover whole model proof integration assembly binary HW model HW impl netlist HW HW language HDL modelisation model spec HW Institut Mines-Télécom PROOFS 2015 20 3/10/2015

  23. SMASHUP: What is it? prop SW spec source SW prover whole model proof integration assembly binary ProVerif python modules HW model HW impl netlist HW HW language HDL modelisation model spec HW SMASHUP Institut Mines-Télécom PROOFS 2015 20 3/10/2015

  24. Using ProVerif Introduction “ProVerif is a tool for automatically analyzing the security of cryptographic protocols.” automatically : simple reasoning with Horn clauses • � p i or � p i → q i i security : naturally handles secrecy and authenticity properties protocols : multiple processes sending and receiving messages Motivations: simple logic and security orientation Institut Mines-Télécom PROOFS 2015 21 3/10/2015

  25. Using ProVerif Reasoning with Horn clauses Works on predicates. E.g: attacker ( var ) means the attacker knows value of var. Horn clauses as logic bases. For instance: mess ( ch , m ) ∧ attacker ( ch ) → attacker ( m ) attacker ( ch ) ∧ attacker ( m ) mess ( ch , m ) . and → Verification is based on unification of clauses: attacker ( m ) → attacker ( f ( m )) attacker ( f ( g ( m ))) attacker ( m ) , and → results in attacker ( g ( m )) → attacker ( m ) . Institut Mines-Télécom PROOFS 2015 22 3/10/2015

  26. Using ProVerif Application to verification of low-level SW new predicate: state ( pc , s ) means “a state where PC equals pc and system is in state s is reachable” effect of an instruction: state ( pc , s ) → state ( pc ′ , s ′ ) Memory is modelled as an array of variables. Example of HW modification (adding interrupts): state ( pc , s , 1 ) attacker ( s ) → attacker ( s ′ ) ∧ state ( pc , s , 1 ) state ( pc + 1 , s ′ , 1 ) . and → Institut Mines-Télécom PROOFS 2015 23 3/10/2015

  27. Limitations and discussion Working with concrete types : No representation of numbers in ProVerif. Simple arithmetic operations increase complexity (ProVerif only allows constructors or reductions). Idea : interface ProVerif with theory solvers (bit vector, etc.). Working at binary level (shellcodes, ROP , etc.). Re-work the HW Description Language to enable finer-grained description of HW designs. Institut Mines-Télécom PROOFS 2015 24 3/10/2015

Recommend


More recommend