Abstract | ||
---|---|---|
This work presents a design-time security verification framework for secure processor architectures. Our new SecChisel framework is built upon the Chisel hardware construction language and tools, and uses information flow analysis to verify the security properties of an architecture at design-time. To enforce information flow security, the framework supports adding security tags to wires, registers, modules, and other parts of the design description, as well as allows for defining a custom security lattice and custom information flow policies. The framework performs automatic security tag propagation analysis in a new SecChisel parser and information flow checking using the Z3 SMT solver. The same SecChisel codebase is used to design hardware modules as well as to verify the security properties, ensuring that the verified design directly corresponds to the actual design. This framework is evaluated on RISC-V Rocket Chip expanded with AES and SHA modules. The framework was able to capture information leaks in the hardware bugs or Trojans that it was tested with.
|
Year | DOI | Venue |
---|---|---|
2019 | 10.1145/3337167.3337174 | Proceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy |
Keywords | Field | DocType |
Chisel, RISC-V, formal security verification, secure processors | Codebase,Information flow (information theory),RISC-V,Architecture,Computer science,Chip,Parsing,Rocket,Satisfiability modulo theories,Embedded system | Conference |
ISBN | Citations | PageRank |
978-1-4503-7226-8 | 0 | 0.34 |
References | Authors | |
0 | 8 |
Name | Order | Citations | PageRank |
---|---|---|---|
Shuwen Deng | 1 | 4 | 1.77 |
Doğuhan Gümüşoğlu | 2 | 0 | 0.34 |
Wenjie Xiong | 3 | 29 | 9.94 |
Sercan Sari | 4 | 0 | 1.35 |
Y. Serhan Gener | 5 | 4 | 1.50 |
Corine Lu | 6 | 0 | 0.34 |
Onur Demir | 7 | 0 | 2.70 |
Jakub Szefer | 8 | 398 | 37.00 |