Abstract
Proof-carrying hardware (PCH) is a principle for achieving safety for dynamically reconfigurable hardware systems. The producer of a hardware module spends huge effort when creating a proof for a safety policy. The proof is then transferred as a certificate together with the configuration bitstream to the consumer of the hardware module, who can quickly verify the given proof. Previous work utilized SAT solvers and resolution traces to set up a PCH technology and corresponding tool flows. In this article, we present a novel technology for PCH based on inductive invariants. For sequential circuits, our approach is fundamentally stronger than the previous SAT-based one since we avoid the limitations of bounded unrolling. We contrast our technology to existing ones and show that it fits into previously proposed tool flows. We conduct experiments with four categories of benchmark circuits and report consumer and producer runtime and peak memory consumption, as well as the size of the certificates and the distribution of the workload between producer and consumer. Experiments clearly show that our new induction-based technology is superior for sequential circuits, whereas the previous SAT-based technology is the better choice for combinational circuits.
- Elvira Albert, Germán Puebla, and Manuel Hermenegildo. 2005. Abstraction-carrying code. In Logic for Programming, Artificial Intelligence, and Reasoning. Lecture Notes in Computer Science, Vol. 3452. Springer, 380--397. DOI:http://dx.doi.org/10.1007/978-3-540-32275-7_25 Google ScholarCross Ref
- Torben Amtoft, Josiah Dodds, Zhi Zhang, Andrew Appel, Lennart Beringer, John Hatcliff, Xinming Ou, and Andrew Cousino. 2012. A certificate infrastructure for machine-checked proofs of conditional information flow. In Proceedings of the 1st International Conference on Principles of Security and Trust (POST’12). 369--389. DOI:http://dx.doi.org/10.1007/978-3-642-28641-4_20 Google ScholarDigital Library
- Lujo Bauer, Michael A. Schneider, Edward W. Felten, and Andrew W. Appel. 2003. Access control on the Web using proof-carrying authorization. In Proceedings of the 2003 DARPA Information Survivability Conference and Exposition,Vol. 2. IEEE, Los Alamitos, CA, 117--119. DOI:http://dx.doi.org/10.1109/DISCEX.2003.1194942 Google ScholarCross Ref
- Aaron R. Bradley. 2011. SAT-based model checking without unrolling. In Proceedings of the 12th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI’11). 70--87. DOI:http://dx.doi.org/10.1007/978-3-642-18275-4_7 Google ScholarCross Ref
- Ajay Chander, David Espinosa, Nayeem Islam, Peter Lee, and George C. Necula. 2005. Enforcing resource bounds via static verification of dynamic checks. In Programming Languages and Systems. Lecture Notes in Computer Science, Vol. 3444. Springer, 311--325. DOI:http://dx.doi.org/10.1007/978-3-540-31987-0_22 Google ScholarDigital Library
- Edmund Clarke, Daniel Kroening, Joël Ouaknine, and Ofer Strichman. 2005. Computational challenges in bounded model checking. International Journal on Software Tools for Technology Transfer 7, 2, 174--183. DOI:http://dx.doi.org/10.1007/s10009-004-0182-5 Google ScholarDigital Library
- Karl Crary and Stephanie Weirich. 2000. Resource bound certification. In Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’00). ACM, New York, NY, 184--198. DOI:http://dx.doi.org/10.1145/325694.325716 Google ScholarDigital Library
- Stephanie Drzevitzky, Uwe Kastens, and Marco Platzner. 2009. Proof-carrying hardware: Towards runtime verification of reconfigurable modules. In Proceedings of the 2009 International Conference on Reconfigurable Computing and FPGAs (ReConFig’09). IEEE, Los Alamitos, CA, 189--194. DOI:http://dx.doi.org/10.1109/ReConFig.2009.31 Google ScholarDigital Library
- Stephanie Drzevitzky, Uwe Kastens, and Marco Platzner. 2010. Proof-carrying hardware: Concept and prototype tool flow for online verification. International Journal of Reconfigurable Computing 2010, Article No. 180242. DOI:http://dx.doi.org/10.1155/2010/180242 Google ScholarCross Ref
- Niklas Een, Alan Mishchenko, and Robert Brayton. 2011a. Efficient implementation of property directed reachability. In Proceedings of the 2011 Conference on Formal Methods in Computer-Aided Design (FMCAD’11). IEEE, Los Alamitos, CA, 125--134.Google Scholar
- Niklas Een, Alan Mishchenko, and Robert Brayton. 2011b. Efficient implementation of property directed reachability. In Proceedings of the International Conference on Formal Methods in Computer-Aided Design (FMCAD’11). 125--134.Google ScholarDigital Library
- Zyad Hassan, Aaron R. Bradley, and Fabio Somenzi. 2013. Better generalization in IC3. In Proceedings of the 2013 Conference on Formal Methods in Computer-Aided Design (FMCAD’13). IEEE, Los Alamitos, CA, 157--164. DOI:http://dx.doi.org/10.1109/FMCAD.2013.6679405 Google ScholarCross Ref
- Thomas A. Henzinger, George C. Necula, Ranjit Jhala, Grgoire Sutre, Rupak Majumdar, and Westley Weimer. 2002. Temporal-safety proofs for systems code. In Computer Aided Verification. Lecture Notes in Computer Science, Vol. 2404. Springer, 526--538. DOI:http://dx.doi.org/10.1007/3-540-45657-0_45 Google ScholarCross Ref
- Ted Huffmire, Timothy Sherwood, Ryan Kastner, and Timothy Levin. 2008. Enforcing memory policy specifications in reconfigurable hardware. Computers and Security 27, 56, 197--215. DOI:http://dx.doi.org/ 10.1016/j.cose.2008.05.002 Google ScholarDigital Library
- Marie-Christine Jakobs. 2015. Speed up configurable certificate validation by certificate reduction and partitioning. In Software Engineering and Formal Methods. Lecture Notes in Computer Science, Vol. 9276. Springer, 159--174. DOI:http://dx.doi.org/10.1007/978-3-319-22969-0_12 Google ScholarCross Ref
- Marie-Christine Jakobs and Heike Wehrheim. 2014. Certification for configurable program analysis. In Proceedings of the 2014 International SPIN Symposium on Model Checking of Software (SPIN’14). ACM, New York, NY, 30--39. DOI:http://dx.doi.org/10.1145/2632362.2632372 Google ScholarDigital Library
- Yier Jin and Yiorgos Makris. 2012. Proof carrying-based information flow tracking for data secrecy protection and hardware trust. In Proceedings of the 2012 IEEE 30th VLSI Test Symposium (VTS’12). IEEE, Los Alamitos, CA, 252--257. DOI:http://dx.doi.org/10.1109/VTS.2012.6231062 Google ScholarCross Ref
- Yier Jin and Yiorgos Makris. 2013. A proof-carrying based framework for trusted microprocessor IP. In Proceedings of the 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD’13). IEEE, Los Alamitos, CA, 824--829. DOI:http://dx.doi.org/10.1109/ICCAD.2013.6691208 Google ScholarCross Ref
- Eric Love, Yier Jin, and Yiorgos Makris. 2012. Proof-carrying hardware intellectual property: A pathway to trusted module acquisition. IEEE Transactions on Information Forensics and Security 7, 1, 25--40. DOI:http://dx.doi.org/10.1109/TIFS.2011.2160627 Google ScholarDigital Library
- Kedar S. Namjoshi. 2001. Certifying model checkers. In Computer Aided Verification. Lecture Notes in Computer Science, Vol. 2102. Springer, 2--13. DOI:http://dx.doi.org/10.1007/3-540-44585-4_2 Google ScholarCross Ref
- George C. Necula. 1997. Proof-carrying code. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’97). ACM, New York, NY, 106--119. DOI:http://dx.doi.org/10.1145/263699.263712 Google ScholarDigital Library
- George C. Necula and Peter Lee. 1997. Research on proof-carrying code for untrusted-code security. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 204. DOI:http://dx.doi.org/10.1109/SECPRI.1997.601335 Google ScholarCross Ref
- George C. Necula and Peter Lee. 1998. Safe, untrusted agents using proof-carrying code. In Mobile Agents and Security. Lecture Notes in Computer Science, Vol. 1419. Springer, 61--91. DOI:http://dx.doi.org/10.1007/ 3-540-68671-1_5Google Scholar
- Doron Peled and Lenore Zuck. 2001. From model checking to a temporal proof. In Model Checking Software. Lecture Notes in Computer Science, Vol. 2057. Springer, 1--14. DOI:http://dx.doi.org/10.1007/ 3-540-45139-0_1Google Scholar
- Eva Rose. 2003. Lightweight bytecode verification. Journal of Automated Reasoning 31, 3--4, 303--334. DOI:http://dx.doi.org/10.1023/B:JARS.0000021015.15794.82 Google ScholarDigital Library
- Martin Suda. 2013. Triggered clause pushing for IC3. arXiv:1307.4966.Google Scholar
- Tobias Wiersema, Stephanie Drzevitzky, and Marco Platzner. 2014. Memory security in reconfigurable computers: Combining formal verification with monitoring. In Proceedings of the 2014 International Conference on Field-Programmable Technology (FPT’14). IEEE, Los Alamitos, CA, 167--174. DOI:http://dx.doi.org/10.1109/FPT.2014.7082771 Google ScholarCross Ref
- Tobias Wiersema and Marco Platzner. 2016. Verifying worst-case completion times for reconfigurable hardware modules using proof-carrying hardware. In Proceedings of the 11th International Symposium on Reconfigurable Communication-Centric Systems-on-Chip (ReCoSoC’16). IEEE, Los Alamitos, CA. DOI:http://dx.doi.org/10.1109/ReCoSoC.2016.7533910 Google ScholarCross Ref
- Tobias Wiersema, Sen Wu, and Marco Platzner. 2015. On-the-fly verification of reconfigurable image processing modules based on a proof-carrying hardware approach. In Applied Reconfigurable Computing. Lecture Notes in Computer Science, Vol. 9040. Springer, 365--372. DOI:http://dx.doi.org/10.1007/978-3-319-16214-0_32 Google ScholarCross Ref
Index Terms
- Proof-Carrying Hardware via Inductive Invariants
Recommendations
Proof-Carrying Hardware: Runtime Formal Verification for Secure Dynamic Reconfiguration
FPL '10: Proceedings of the 2010 International Conference on Field Programmable Logic and ApplicationsDynamically reconfigurable platforms are the means of choice for combining the performance of hardware and the flexibility of software. Such systems can adapt to any situation by downloading software and hardware functionalities as needed, which makes ...
Inductive proof search modulo
We present an original narrowing-based proof search method for inductive theorems in equational rewrite theories given by a rewrite system $\mathcal{R}$ and a set E of equalities. It has the specificity to be grounded on deduction modulo and to rely on narrowing ...
Proof-Carrying Hardware: Towards Runtime Verification of Reconfigurable Modules
RECONFIG '09: Proceedings of the 2009 International Conference on Reconfigurable Computing and FPGAsDynamically reconfigurable hardware combines hardware performance with software-like flexibility and finds increasing use in networked systems. The capability to load hardware modules at runtime provides these systems with an unparalleled degree of ...
Comments