research-article

Proof-Carrying Hardware via Inductive Invariants

Authors:

Tobias Isenberg,

Marco Platzner,

Heike Wehrheim,

Tobias WiersemaAuthors Info & Claims

ACM Transactions on Design Automation of Electronic Systems (TODAES), Volume 22, Issue 4

Article No.: 61, Pages 1 - 23

https://doi.org/10.1145/3054743

Published: 20 July 2017 Publication History

Abstract

Proof-carrying hardware (PCH) is a principle for achieving safety for dynamically reconfigurable hardware systems. The producer of a hardware module spends huge effort when creating a proof for a safety policy. The proof is then transferred as a certificate together with the configuration bitstream to the consumer of the hardware module, who can quickly verify the given proof. Previous work utilized SAT solvers and resolution traces to set up a PCH technology and corresponding tool flows. In this article, we present a novel technology for PCH based on inductive invariants. For sequential circuits, our approach is fundamentally stronger than the previous SAT-based one since we avoid the limitations of bounded unrolling. We contrast our technology to existing ones and show that it fits into previously proposed tool flows. We conduct experiments with four categories of benchmark circuits and report consumer and producer runtime and peak memory consumption, as well as the size of the certificates and the distribution of the workload between producer and consumer. Experiments clearly show that our new induction-based technology is superior for sequential circuits, whereas the previous SAT-based technology is the better choice for combinational circuits.

References

[1]

Elvira Albert, Germán Puebla, and Manuel Hermenegildo. 2005. Abstraction-carrying code. In Logic for Programming, Artificial Intelligence, and Reasoning. Lecture Notes in Computer Science, Vol. 3452. Springer, 380--397.

[2]

Torben Amtoft, Josiah Dodds, Zhi Zhang, Andrew Appel, Lennart Beringer, John Hatcliff, Xinming Ou, and Andrew Cousino. 2012. A certificate infrastructure for machine-checked proofs of conditional information flow. In Proceedings of the 1st International Conference on Principles of Security and Trust (POST’12). 369--389.

Digital Library

[3]

Lujo Bauer, Michael A. Schneider, Edward W. Felten, and Andrew W. Appel. 2003. Access control on the Web using proof-carrying authorization. In Proceedings of the 2003 DARPA Information Survivability Conference and Exposition,Vol. 2. IEEE, Los Alamitos, CA, 117--119.

[4]

Aaron R. Bradley. 2011. SAT-based model checking without unrolling. In Proceedings of the 12th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI’11). 70--87.

[5]

Ajay Chander, David Espinosa, Nayeem Islam, Peter Lee, and George C. Necula. 2005. Enforcing resource bounds via static verification of dynamic checks. In Programming Languages and Systems. Lecture Notes in Computer Science, Vol. 3444. Springer, 311--325.

Digital Library

[6]

Edmund Clarke, Daniel Kroening, Joël Ouaknine, and Ofer Strichman. 2005. Computational challenges in bounded model checking. International Journal on Software Tools for Technology Transfer 7, 2, 174--183.

Digital Library

[7]

Karl Crary and Stephanie Weirich. 2000. Resource bound certification. In Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’00). ACM, New York, NY, 184--198.

Digital Library

[8]

Stephanie Drzevitzky, Uwe Kastens, and Marco Platzner. 2009. Proof-carrying hardware: Towards runtime verification of reconfigurable modules. In Proceedings of the 2009 International Conference on Reconfigurable Computing and FPGAs (ReConFig’09). IEEE, Los Alamitos, CA, 189--194.

Digital Library

[9]

Stephanie Drzevitzky, Uwe Kastens, and Marco Platzner. 2010. Proof-carrying hardware: Concept and prototype tool flow for online verification. International Journal of Reconfigurable Computing 2010, Article No. 180242.

[10]

Niklas Een, Alan Mishchenko, and Robert Brayton. 2011a. Efficient implementation of property directed reachability. In Proceedings of the 2011 Conference on Formal Methods in Computer-Aided Design (FMCAD’11). IEEE, Los Alamitos, CA, 125--134.

[11]

Niklas Een, Alan Mishchenko, and Robert Brayton. 2011b. Efficient implementation of property directed reachability. In Proceedings of the International Conference on Formal Methods in Computer-Aided Design (FMCAD’11). 125--134.

Digital Library

[12]

Zyad Hassan, Aaron R. Bradley, and Fabio Somenzi. 2013. Better generalization in IC3. In Proceedings of the 2013 Conference on Formal Methods in Computer-Aided Design (FMCAD’13). IEEE, Los Alamitos, CA, 157--164.

[13]

Thomas A. Henzinger, George C. Necula, Ranjit Jhala, Grgoire Sutre, Rupak Majumdar, and Westley Weimer. 2002. Temporal-safety proofs for systems code. In Computer Aided Verification. Lecture Notes in Computer Science, Vol. 2404. Springer, 526--538.

[14]

Ted Huffmire, Timothy Sherwood, Ryan Kastner, and Timothy Levin. 2008. Enforcing memory policy specifications in reconfigurable hardware. Computers and Security 27, 56, 197--215. 10.1016/j.cose.2008.05.002

Digital Library

[15]

Marie-Christine Jakobs. 2015. Speed up configurable certificate validation by certificate reduction and partitioning. In Software Engineering and Formal Methods. Lecture Notes in Computer Science, Vol. 9276. Springer, 159--174.

[16]

Marie-Christine Jakobs and Heike Wehrheim. 2014. Certification for configurable program analysis. In Proceedings of the 2014 International SPIN Symposium on Model Checking of Software (SPIN’14). ACM, New York, NY, 30--39.

Digital Library

[17]

Yier Jin and Yiorgos Makris. 2012. Proof carrying-based information flow tracking for data secrecy protection and hardware trust. In Proceedings of the 2012 IEEE 30th VLSI Test Symposium (VTS’12). IEEE, Los Alamitos, CA, 252--257.

[18]

Yier Jin and Yiorgos Makris. 2013. A proof-carrying based framework for trusted microprocessor IP. In Proceedings of the 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD’13). IEEE, Los Alamitos, CA, 824--829.

[19]

Eric Love, Yier Jin, and Yiorgos Makris. 2012. Proof-carrying hardware intellectual property: A pathway to trusted module acquisition. IEEE Transactions on Information Forensics and Security 7, 1, 25--40.

Digital Library

[20]

Kedar S. Namjoshi. 2001. Certifying model checkers. In Computer Aided Verification. Lecture Notes in Computer Science, Vol. 2102. Springer, 2--13.

[21]

George C. Necula. 1997. Proof-carrying code. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’97). ACM, New York, NY, 106--119.

Digital Library

[22]

George C. Necula and Peter Lee. 1997. Research on proof-carrying code for untrusted-code security. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 204.

[23]

George C. Necula and Peter Lee. 1998. Safe, untrusted agents using proof-carrying code. In Mobile Agents and Security. Lecture Notes in Computer Science, Vol. 1419. Springer, 61--91. 3-540-68671-1_5

[24]

Doron Peled and Lenore Zuck. 2001. From model checking to a temporal proof. In Model Checking Software. Lecture Notes in Computer Science, Vol. 2057. Springer, 1--14. 3-540-45139-0_1

[25]

Eva Rose. 2003. Lightweight bytecode verification. Journal of Automated Reasoning 31, 3--4, 303--334.

Digital Library

[26]

Martin Suda. 2013. Triggered clause pushing for IC3. arXiv:1307.4966.

[27]

Tobias Wiersema, Stephanie Drzevitzky, and Marco Platzner. 2014. Memory security in reconfigurable computers: Combining formal verification with monitoring. In Proceedings of the 2014 International Conference on Field-Programmable Technology (FPT’14). IEEE, Los Alamitos, CA, 167--174.

[28]

Tobias Wiersema and Marco Platzner. 2016. Verifying worst-case completion times for reconfigurable hardware modules using proof-carrying hardware. In Proceedings of the 11th International Symposium on Reconfigurable Communication-Centric Systems-on-Chip (ReCoSoC’16). IEEE, Los Alamitos, CA.

[29]

Tobias Wiersema, Sen Wu, and Marco Platzner. 2015. On-the-fly verification of reconfigurable image processing modules based on a proof-carrying hardware approach. In Applied Reconfigurable Computing. Lecture Notes in Computer Science, Vol. 9040. Springer, 365--372.

Cited By

Witschen LWiersema TPlatzner M(2020)Proof-Carrying Approximate CircuitsIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2020.300806128:9(2084-2088)Online publication date: Sep-2020
https://doi.org/10.1109/TVLSI.2020.3008061
Hansmeier TPlatzner MPantho MAndrews D(2019)An Accelerator for Resolution Proof Checking based on FPGA and Hybrid Memory Cube TechnologyJournal of Signal Processing Systems10.1007/s11265-018-1435-yOnline publication date: 11-Jan-2019
https://doi.org/10.1007/s11265-018-1435-y
Ahmed QWiersema TPlatzner M(2019)Proof-Carrying Hardware Versus the Stealthy Malicious LUT Hardware TrojanIntelligent Information and Database Systems10.1007/978-3-030-17227-5_10(127-136)Online publication date: 29-Mar-2019
https://doi.org/10.1007/978-3-030-17227-5_10
Show More Cited By

Index Terms

Proof-Carrying Hardware via Inductive Invariants
1. Hardware
  1. Hardware validation
    1. Functional verification
  2. Integrated circuits
    1. Reconfigurable logic and FPGAs

Recommendations

Proof-Carrying Hardware: Runtime Formal Verification for Secure Dynamic Reconfiguration
FPL '10: Proceedings of the 2010 International Conference on Field Programmable Logic and Applications

Dynamically reconfigurable platforms are the means of choice for combining the performance of hardware and the flexibility of software. Such systems can adapt to any situation by downloading software and hardware functionalities as needed, which makes ...
Inductive proof search modulo

We present an original narrowing-based proof search method for inductive theorems in equational rewrite theories given by a rewrite system $\mathcal{R}$ and a set E of equalities. It has the specificity to be grounded on deduction modulo and to rely on narrowing ...
Proof-Carrying Hardware: Towards Runtime Verification of Reconfigurable Modules
RECONFIG '09: Proceedings of the 2009 International Conference on Reconfigurable Computing and FPGAs

Dynamically reconfigurable hardware combines hardware performance with software-like flexibility and finds increasing use in networked systems. The capability to load hardware modules at runtime provides these systems with an unparalleled degree of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Design Automation of Electronic Systems

ACM Transactions on Design Automation of Electronic Systems Volume 22, Issue 4

October 2017

430 pages

ISSN:1084-4309

EISSN:1557-7309

DOI:10.1145/3097980

Editor:
Naehyuck Chang
Korea Advanced Institute of Science and Technology, Korea

Issue’s Table of Contents

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 20 July 2017

Accepted: 01 January 2017

Revised: 01 November 2016

Received: 01 July 2016

Published in TODAES Volume 22, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Paderborn Center for Parallel Computing
German Research Foundation (DFG) within the Collaborative Research Center “On-The_Fly Computing”

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
139
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Witschen LWiersema TPlatzner M(2020)Proof-Carrying Approximate CircuitsIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2020.300806128:9(2084-2088)Online publication date: Sep-2020
https://doi.org/10.1109/TVLSI.2020.3008061
Hansmeier TPlatzner MPantho MAndrews D(2019)An Accelerator for Resolution Proof Checking based on FPGA and Hybrid Memory Cube TechnologyJournal of Signal Processing Systems10.1007/s11265-018-1435-yOnline publication date: 11-Jan-2019
https://doi.org/10.1007/s11265-018-1435-y
Ahmed QWiersema TPlatzner M(2019)Proof-Carrying Hardware Versus the Stealthy Malicious LUT Hardware TrojanIntelligent Information and Database Systems10.1007/978-3-030-17227-5_10(127-136)Online publication date: 29-Mar-2019
https://doi.org/10.1007/978-3-030-17227-5_10
Hansmeier TPlatzner MAndrews D(2018)An FPGA/HMC-Based Accelerator for Resolution Proof CheckingApplied Reconfigurable Computing. Architectures, Tools, and Applications10.1007/978-3-319-78890-6_13(153-165)Online publication date: 8-Apr-2018
https://doi.org/10.1007/978-3-319-78890-6_13

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents