Skip to main content
SpringerLink
Log in

Isadora: automated information-flow property generation for hardware security verification

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Isadora is a specification mining tool for creating information-flow properties for hardware. Isadora combines hardware information-flow tracking and specification mining to produce properties that are suitable for the hardware security validation and support a better understanding of the hardware’s security posture. Isadora is fully automated; the user provides only a hardware specification and a testbench—they do not need to supply a threat model or security requirements. Isadora is evaluated on a RISC-V processor, an SoC access control mechanism, and the OpenTitan hardware root of trust. Isadora generates security properties that align with Common Weakness Enumerations (CWEs) and with properties written manually by security experts.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. Examples include Mentor Questa Secure Check, Cadence JasperGold Security Path Verification, and Tortuga Logic Radix.

References

  1. Ammons, G., Bodík, R., and Larus, J.R.: Mining specifications. In 29th Symposium on Principles of Programming Languages (POPL). ACM, 4–16. (2002) https://doi.org/10.1145/503272.503275

  2. Ardeshiricham, A., Hu, W., Marxen, J., Kastner, R.: Register transfer level information flow tracking for provably secure hardware design. In Design. Automation Test in Europe Conference Exhibition (DATE) 2017, 1691–1696 (2017)

  3. Bilzor, M., Huffmire, T., Irvine, C., Levin, T.: Security checkers: Detecting processor malicious inclusions at runtime. In International Symposium on Hardware-Oriented Security and Trust (HOST). IEEE, 34–39 (2011)

  4. Brown, M.: Cross-validation processor specifications. Master’s thesis, University of North Carolina at Chapel Hill (2017)

  5. Chang, P.-H., Wang, L.C.: Automatic assertion extraction via sequential data mining of simulation traces. In 15th Asia and South Pacific Design Automation Conference (ASP-DAC). IEEE, 607–612 (2010)

  6. Clarkson, M.R., Schneider, F.B.: Hyperproperties. J. Comput. Secur. 186, 1157–1210. (2010). http://dl.acm.org/citation.cfm?id=1891823.1891830

  7. Danese, A., Ghasempouri, T., Pravadelli, G.: Automatic extraction of assertions from execution traces of behavioural models. In Design, Automation Test in Europe Conference Exhibition (DATE), 67–72 (2015)

  8. Danese, A., Pravadelli, G., Zandonà, I.: Automatic generation of power state machines through dynamic mining of temporal assertions. In Design, Automation Test in Europe Conference Exhibition (DATE), 606–611 (2016)

  9. Danese, A., Riva, N.D., Pravadelli, G.: A-TEAM: Automatic template-based assertion miner. In 54th Design Automation Conference (DAC). ACM/EDAC/IEEE, 1–6 (2017)

  10. Dessouky, G., Gens, D., Haney, P., Persyn, G., Kanuparthi, A., Khattri, H., Fung, J.M., Sadeghi, A.-R., Rajendran, J.: Hardfails: Insights into software-exploitable hardware bugs. In 28th USENIX Security Symposium. USENIX Association, 213–230 (2019)

  11. Deutschbein, C., Sturton, C.: Mining security critical linear temporal logic specifications for processors. In International Workshop on Microprocessor and SoC Test, Security, and Verification (MTV). IEEE (2018)

  12. Deutschbein, C., Sturton, C.: Evaluating security specification mining for a cisc architecture. In 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 164–175 (2020)

  13. Deutschbein, C., Sturton, C.: Evaluating security specification mining for a CISC architecture. In Symposium on Hardware Oriented Security and Trust (HOST). IEEE (2020)

  14. Ernst, M.D., Perkins, J.H., Guo, P.J., McCamant, S., Pacheco, C., Tschantz, M.S., Xiao, C.: The Daikon system for dynamic detection of likely invariants. Sci. Comput. Program. 69(1–3), 35–45 (2007). https://doi.org/10.1016/j.scico.2007.01.015

    Article  MathSciNet  MATH  Google Scholar 

  15. Farzana, N., Rahman, F., Tehranipoor, M., Farahmandi, F.: Soc security verification using property checking. In 2019 IEEE International Test Conference (ITC), 1–10 (2019)

  16. Gabel, M., Su, Z.: Javert: Fully automatic mining of general temporal properties from dynamic traces. In 16th International Symposium on Foundations of Software Engineering (FSE). ACM, 339–349. (2008a). https://doi.org/10.1145/1453101.1453150

  17. Gabel, M., Su, Z.: Symbolic mining of temporal specifications. In 30th International Conference on Software Engineering (ICSE). ACM, 51–60. (2008b). https://doi.org/10.1145/1368088.1368096

  18. Goguen, J.A., Meseguer, J.: Security policies and security models. In 1982 IEEE Symposium on Security and Privacy, 11–11 (1982)

  19. Hangal, S., Chandra, N., Narayanan, S., Chakravorty, S.: IODINE: a tool to automatically infer dynamic invariants for hardware designs. In 42nd annual Design Automation Conference. ACM, 775–778 (2005a)

  20. Hangal, S., Narayanan, S., Chandra, N., Chakravorty, S.: IODINE: A tool to automatically infer dynamic invariants for hardware designs. In 42nd Design Automation Conference (DAC). IEEE (2005b)

  21. Hertz, S., Sheridan, D., Vasudevan, S.: Mining hardware assertions with guidance from static analysis. Trans Comput-Aided Design Integr Circuits Syst 32(6), 952–965 (2013)

    Article  Google Scholar 

  22. Hicks, M., Sturton, C., King, S.T., Smith, J.M.: SPECS: A lightweight runtime mechanism for protecting software from security-critical processor bugs. In Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). ACM, 517–529 (2015) https://doi.org/10.1145/2694344.2694366

  23. Hu, W., Althoff, A., Ardeshiricham, A., Kastner, R.: Towards property driven hardware security. In 2016 17th International Workshop on Microprocessor and SOC Test and Verification (MTV). IEEE, 51–56 (2016)

  24. Hu, W., Ardeshiricham, A., Kastner, R.: Hardware information flow tracking. ACM Comput. Surv. 54, 4 (2021)

    Google Scholar 

  25. Hu, W., Mu, D., Oberg, J., Mao, B., Tiwari, M., Sherwood, T., Kastner, R.: Gate-level information flow tracking for security lattices. ACM Trans. Des. Autom. Electron. Syst. 20, 1 (2014). https://doi.org/10.1145/2676548

    Article  Google Scholar 

  26. Li, W., Forin, A., Seshia, S.A.: Scalable specification mining for verification and diagnosis. In 47th Design Automation Conference (DAC). ACM, 755–760 (2010). https://doi.org/10.1145/1837274.1837466

  27. Liu, L., Lin, C., Vasudevan, S.: Word level feature discovery to enhance quality of assertion mining. In International Conference on Computer-Aided Design (ICCAD). IEEE/ACM, 210–217 (2012)

  28. Logic, T.: Radix Coverage for Hardware Common Weakness Enumeration (CWE) Guide

  29. Meng, X., Kundu, S., Kanuparthi, A.K., Basu, K.: Rtl-contest: Concolic testing on rtl for detecting security vulnerabilities. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 1 (2021)

  30. Min, C., Kashyap, S., Lee, B., Song, C., Kim, T.: Cross-checking semantic correctness: The case of finding file system bugs. In 25th Symposium on Operating Systems Principles (SOSP). ACM, 361–377. (2015). https://doi.org/10.1145/2815400.2815422

  31. MITRE. The Common Weakness Enumeration Official Webpage

  32. Perkins, J.H., Kim, S., Larsen, S., Amarasinghe, S., Bachrach, J., Carbin, M., Pacheco, C., Sherwood, F., Sidiroglou, S., Sullivan, G., Wong, W.-F., Zibin, Y., Ernst, M.D., Rinard, M.: Automatically patching errors in deployed software. In 22nd Symposium on Operating Systems Principles (SOSP). ACM, 87–102 (2009). https://doi.org/10.1145/1629575.1629585

  33. Pilato, C., Wu, K., Garg, S., Karri, R., Regazzoni, F.: Tainthls: High-level synthesis for dynamic information flow tracking. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 38(5), 798–808 (2019)

    Article  Google Scholar 

  34. Rawat, M., Muduli, S.K., Subramanyan, P.: Mining hyperproperties from behavioral traces. In 2020 IFIP/IEEE 28th International Conference on Very Large Scale Integration (VLSI-SOC), 88–93 (2020)

  35. Reger, G., Barringer, H., Rydeheard, D.: A pattern-based approach to parametric specification mining. In 28th International Conference on Automated Software Engineering (ASE). IEEE/ACM, 658–663 (2013)

  36. Restuccia, F., Meza, A., Kastner, R.: KER: A design and verification framework for safe and secure soc access control. CoRR arxiv:2106.13263 (2021)

  37. Tan, L., Zhang, X., Ma, X., Xiong, W., Zhou, Y.: AutoISES: Automatically inferring security specifications and detecting violations. In 17th USENIX Security Symposium. USENIX Association, 379–394 (2008). http://dl.acm.org/citation.cfm?id=1496711.1496737

  38. Tiwari, M., Wassel, H.M., Mazloom, B., Mysore, S., Chong, F.T., and Sherwood, T.: Complete information flow tracking from the gates up. In Proceedings of the 14th international conference on Architectural support for programming languages and operating systems, 109–120 (2009)

  39. Weimer, W., Necula, G.C.: Mining temporal specifications for error detection. In 11th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS). Springer-Verlag, 461–476 (2005). https://doi.org/10.1007/978-3-540-31980-1_30

  40. Yamaguchi, F., Lindner, F., Rieck, K.: Vulnerability extrapolation: Assisted discovery of vulnerabilities using machine learning. In 5th USENIX Conference on Offensive Technologies (WOOT). USENIX Association, 13 (2011). http://dl.acm.org/citation.cfm?id=2028052.2028065

  41. Yang, J., Evans, D., Bhardwaj, D., Bhat, T., Das, M.: Perracotta: mining temporal API rules from imperfect traces. In 28th International Conference on Software Engineering (ICSE). ACM, 282–291 (2006). https://doi.org/10.1145/1134285.1134325

  42. Zhang, D., Wang, Y., Suh, G.E., Myers, A.C.: A hardware design language for timing-sensitive information-flow security. Acm Sigplan Notices 50(4), 503–516 (2015)

    Article  Google Scholar 

  43. Zhang, R., Stanley, N., Griggs, C., Chi, A., Sturton, C.: Identifying security critical properties for the dynamic verification of a processor. In Architectural Support for Prog. Lang. and Operating Sys. (ASPLOS). ACM (2017)

Download references

Acknowledgements

We thank our reviewers for their insightful comments and suggestions. This material is based upon work supported by the National Science Foundation under Grant Nos. CNS-1816637 and 1718586, by the Semiconductor Research Corporation, and by Intel. Any opinions, findings, conclusions, and recommendations expressed in this paper are solely those of the authors.

Author information

Authors and Affiliations

  1. Willamette University, University of North Carolina at Chapel Hill, Chapel Hill, USA

    Calvin Deutschbein

  2. University of California, San Diego, USA

    Andres Meza, Francesco Restuccia & Ryan Kastner

  3. University of North Carolina at Chapel Hill, Chapel Hill, USA

    Cynthia Sturton

Authors
  1. Calvin Deutschbein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andres Meza
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Francesco Restuccia
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ryan Kastner
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Cynthia Sturton
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Calvin Deutschbein.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

A Sample properties

A Sample properties

In this section, we show examples of Isadora output.

1.1 A1 Case 154: ACW security property

Fig. 7
figure 7

An example of an Isadora property, Case 154, over the Aker ACW

Full size image

To consider the output properties of Isadora, Fig. 7 shows an example of Isadora output, Case 154 of the 303 output properties over the ACW module. This a case that was sampled during evaluation. Here the condition predicates shown are signal equality testing versus zero. Other predicates are captured within the workflow but not propagated to individual properties formatted for output.

A visible difference between an Isadora output property and the property grammar of Sect. 2 is that at output stage Isadora properties may specify multiple source signals, may consider multiple sink signals though do not do so in this case, and may contain multiple invariants as conditions.

Case 154 includes an example of a flow condition between internal and peripheral visible signals in addition to specifying other aspects of design behavior. This is similar to the example of write readiness from Sect. 2, but in Case 154, the flow is from the internal signal to the peripheral, though the power state predicate is identical. Of note, as in the case of write readiness, this flow occurs exclusively within the write channel, as denoted by the ‘\(\texttt{W}\)’ present in ready wire and the data register.

\(\mathtt {AWREADY\_int}\) =/=> \(\texttt{WDATA}\) unless \((\texttt{ARESETN}\) \(\ne 0)\).

1.2 A2 Case 144: ACW functional property

One example of an Isadora property classified as functional, with truncated flow conditions, is presented in Fig. 8, and captures a logical update to an internal decoder signal. This additionally shows an example of a property over multiple sinks, a single source, and for which there are predicates capturing both equality and inequality to zero.

Fig. 8
figure 8

An example of an Isadora property, Case 144, over RISC-V

Full size image

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Deutschbein, C., Meza, A., Restuccia, F. et al. Isadora: automated information-flow property generation for hardware security verification. J Cryptogr Eng 13, 391–407 (2023). https://doi.org/10.1007/s13389-022-00306-w

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-022-00306-w

Keywords

Search

Navigation