Skip to main content
Springer Nature Link
Log in

SpecCert: Specifying and Verifying Hardware-Based Security Enforcement

  • Conference paper
  • First Online:
FM 2016: Formal Methods (FM 2016)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9995))

Included in the following conference series:

Abstract

Over time, hardware designs have constantly grown in complexity and modern platforms involve multiple interconnected hardware components. During the last decade, several vulnerability disclosures have proven that trust in hardware can be misplaced. In this article, we give a formal definition of Hardware-based Security Enforcement (HSE) mechanisms, a class of security enforcement mechanisms such that a software component relies on the underlying hardware platform to enforce a security policy. We then model a subset of a x86-based hardware platform specifications and we prove the soundness of a realistic HSE mechanism within this model using Coq, a proof assistant system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Which can be found at: https://github.com/lethom/speccert.

  2. 2.

    Written in AT&T syntax here.

  3. 3.

    A VGA controller is a hardware device which on we can connect a screen. It exposes some memory to the CPU for communication purposes.

  4. 4.

    These cache strategies are explained in [12], Volume 3A, Chap. 11, Sect. 11.3 (page 2316–2317).

  5. 5.

    If we had to actually implement the HSE mechanism, we would have to assume the first was the correct one.

  6. 6.

    Our implementation is available here: https://github.com/lethom/speccert.

References

  1. Barthe, G., Betarte, G., Campo, J.D., Luna, C.: Formally verifying isolation and availability in an idealized model of virtualization. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 231–245. Springer, Heidelberg (2011). doi:10.1007/978-3-642-21437-0_19

    Chapter  Google Scholar 

  2. Barthe, G., Betarte, G., Campo, J.D., Luna, C.: Cache-leakage resilient OS isolation in an idealized model of virtualization. In: 2012 IEEE 25th Computer Security Foundations Symposium (CSF), pp. 186–197. IEEE (2012)

    Google Scholar 

  3. Barthe, G., Betarte, G., Campo, J.D., Luna, C., Pichardie, D.: System-level non-interference for constant-time cryptography. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1267–1279. ACM (2014)

    Google Scholar 

  4. Basin, D., Jugé, V., Klaedtke, F., Zălinescu, E.: Enforceable security policies revisited. ACM Trans. Inf. Syst. Secur. (TISSEC) 16(1), 3 (2013)

    Article  MATH  Google Scholar 

  5. Kallenberg, C., Cornwell, S., Kovah, X., Butterworth, J.: Setup for failure: defeating secure boot. In: The Symposium on Security for Asia Network (SyScan) (April 2014)

    Google Scholar 

  6. Domas, C.: The memory sinkhole. In: BlackHat USA, July 2015

    Google Scholar 

  7. Drzevitzky, S.: Proof-carrying hardware: runtime formal verification for secure dynamic reconfiguration. In: 2010 International Conference on Field Programmable Logic and Applications (FPL), pp. 255–258. IEEE (2010)

    Google Scholar 

  8. Guo, X., Dutta, R.G., Mishra, P., Jin, Y.: Scalable SoC trust verification using integrated theorem proving and model checking. In: IEEE Symposium on Hardware Oriented Security and Trust, pp. 124–129 (2016)

    Google Scholar 

  9. Intel: CHIPSEC: Platform Security Assessment Framework. http://github.com/chipsec/chipsec

  10. Intel: Desktop 4th Generation Intel Core Processor Family, Desktop Intel Pentium Processor Family, and Desktop Intel Celeron Processor Family

    Google Scholar 

  11. Intel: Intel 5100 Memory Controller Hub Chipset

    Google Scholar 

  12. Intel: Intel 64 and IA32 Architectures Software Developer Manual

    Google Scholar 

  13. Intel: Intel Trusted Execution Technology (Intel TXT), July 2015

    Google Scholar 

  14. Kallenberg, C., Wojtczuk, R.: Speed racer: exploiting an Intel flash protection race condition, 6 January 2015

    Google Scholar 

  15. Kennedy, A., Benton, N., Jensen, J.B., Dagand, P.E.: Coq: the world’s best macro assembler? In: Proceedings of the 15th Symposium on Principles and Practice of Declarative Programming, pp. 13–24. ACM (2013)

    Google Scholar 

  16. Letan, T., Hiet, G., Chifflier, P., Néron, P., Morin, B.: SpecCert: specifying and verifying hardware-based security enforcement. Technical report, CentraleSupélec; Agence Nationale de Sécurité des Systèmes d’Information (2016). https://hal.inria.fr/hal-01356690

    Google Scholar 

  17. Lie, D., Mitchell, J., Thekkath, C., Horowitz, M., et al.: Specifying and verifying hardware for tamper-resistant software. In: Proceedings of 2003 Symposium on Security and Privacy, 2003, pp. 166–177. IEEE (2003)

    Google Scholar 

  18. Duflot, L., Levillain, O., Morin, B., Grumelard, O.: Getting into the SMRAM: SMM reloaded CanSecWest (March 2009)

    Google Scholar 

  19. Love, E., Jin, Y., Makris, Y.: Proof-carrying hardware intellectual property: a pathway to trusted module acquisition. IEEE Trans. Inf. Forensics Secur. 7(1), 25–40 (2012)

    Article  Google Scholar 

  20. Makris, Y.: Trusted module acquisition through proof-carrying hardware intellectual property. Technical report (2015)

    Google Scholar 

  21. Morrisett, G., Tan, G., Tassarotti, J., Tristan, J.B., Gan, E.: Rocksalt: better, faster, stronger SFI for the x86. ACM SIGPLAN Not. 47, 395–404 (2012). ACM

    Article  Google Scholar 

  22. Wojtczuk, R., Rutkowska, J.: Attacking intel TXT via SINIT code execution hijacking. In: Black Hat DC Conference (February 2009)

    Google Scholar 

  23. Wojtczuk, R., Rutkowska, J.: Attacking SMM memory via intel CPU cache poisoning (March 2009)

    Google Scholar 

  24. Rutkowska, J., Wojtczuk, R.: Preventing and detecting Xen hypervisor subversions. In: Blackhat Briefings USA (2008)

    Google Scholar 

  25. Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(1), 30–50 (2000)

    Article  MathSciNet  Google Scholar 

  26. Sewell, P., Sarkar, S., Owens, S., Nardelli, F.Z., Myreen, M.O.: x86-tso: a rigorous and usable programmer’s model for x86 multiprocessors. Commun. ACM 53(7), 89–97 (2010)

    Article  Google Scholar 

  27. Bulygin, Y., Loucaides, J., Furtak, A., Bazhaniuk, O., Matrosov, A.: Summary of Attacks Against BIOS and Secure Boot, def Con 22 (August 2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. French Network Information Security Agency (ANSSI), Paris, France

    Thomas Letan, Pierre Chifflier, Pierre Néron & Benjamin Morin

  2. CIDRE – Inria, IRISA, CentraleSupélec, Rennes, France

    Thomas Letan & Guillaume Hiet

Authors
  1. Thomas Letan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pierre Chifflier
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guillaume Hiet
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pierre Néron
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Benjamin Morin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Letan .

Editor information

Editors and Affiliations

  1. Newcastle University, Newcastle upon Tyne, United Kingdom

    John Fitzgerald

  2. US Naval Research Laboratory, Washington, District of Columbia, USA

    Constance Heitmeyer

  3. ISTI-CNR, Pisa, Italy

    Stefania Gnesi

  4. University of Cyprus, Nicosia, Cyprus

    Anna Philippou

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Letan, T., Chifflier, P., Hiet, G., Néron, P., Morin, B. (2016). SpecCert: Specifying and Verifying Hardware-Based Security Enforcement. In: Fitzgerald, J., Heitmeyer, C., Gnesi, S., Philippou, A. (eds) FM 2016: Formal Methods. FM 2016. Lecture Notes in Computer Science(), vol 9995. Springer, Cham. https://doi.org/10.1007/978-3-319-48989-6_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-48989-6_30

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-48988-9

  • Online ISBN: 978-3-319-48989-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics