research-article

Formal security verification of concurrent firmware in SoCs using instruction-level abstraction for hardware

Authors:

Sharad MalikAuthors Info & Claims

DAC '18: Proceedings of the 55th Annual Design Automation Conference

Article No.: 91, Pages 1 - 6

https://doi.org/10.1145/3195970.3196055

Published: 24 June 2018 Publication History

Abstract

Formal security verification of firmware interacting with hardware in modern Systems-on-Chip (SoCs) is a critical research problem. This faces the following challenges: (1) design complexity and heterogeneity, (2) semantics gaps between software and hardware, (3) concurrency between firmware/hardware and between Intellectual Property Blocks (IPs), and (4) expensive bit-precise reasoning. In this paper, we present a co-verification methodology to address these challenges. We model hardware using the Instruction-Level Abstraction (ILA), capturing firmware-visible behavior at the architecture level. This enables integrating hardware behavior with firmware in each IP into a single thread. The co-verification with multiple firmware across IPs is formulated as a multi-threaded program verification problem, for which we leverage software verification techniques. We also propose an optimization using abstraction to prevent expensive bit-precise reasoning. The evaluation of our methodology on an industry SoC Secure Boot design demonstrates its applicability in SoC security verification.

References

[1]

Clang: a C Language Family Frontend for LLVM. https://clang.llvm.org

[2]

S. Bratus, N. D. Cunha, E. Sparks, and S. W. Smith. 2008. TOCTOU, Traps, and Trusted Computing. In TRUST. 14--32.

Digital Library

[3]

E. Clarke, D. Kroening, and F. Lerda. 2004. CBMC - A Tool for Checking ANSI-C Programs. In TACAS, Vol. 2988. 168--176.

[4]

A. Cui, M. Costello, and S. J. Stolfo. 2013. When Firmware Modifications Attack: A Case Study of Embedded Exploitation. In NDSS.

[5]

R. Deline and K. R. M. Leino. 2005. BoogiePL: A Typed Procedural Language for Checking Object-Oriented Programs of Program and Types. Technical Report.

[6]

D. Große, U. Kühne, and R. Drechsler. 2006. HW/SW Co-Verification of Embedded Systems using Bounded Model Checking. In GLSVLSI. 43--48.

Digital Library

[7]

A. Horn, M. Tautschnig, C. Val, L. Liang, T. Melham, J. Grundy, and D. Kroening. 2013. Formal Co-Validation of Low-Level Hardware/Software Interfaces. In FMCAD. 121--128.

[8]

B.-Y. Huang, H. Zhang, P. Subramanyan, Y. Vizel, A. Gupta, and S. Malik. 2018. Instruction-Level Abstraction (ILA): A Uniform Specification for System-on-Chip (SoC) Verification. arXiv preprint arXiv:1801.01114 (2018).

[9]

S. Krstic, J. Yang, D. W. Palmer, R. B. Osborne, and E. Talmor. 2014. Security of SoC Firmware Load Protocols. In HOST. 70--75.

[10]

A. Lal and S. Qadeer. 2014. Powering the Static Driver Verifier Using Corral. In FSE. 202--212.

Digital Library

[11]

A. Lal, S. Qadeer, and S. Lahiri. 2012. Corral: A Solver for Reachability Modulo Theories. In CAV. 427--443.

Digital Library

[12]

A. Lal and T. Reps. 2009. Reducing Concurrent Analysis Under a Context Bound to Sequential Analysis. Formal Methods in System Design 35, 1 (2009), 73--93.

Digital Library

[13]

J. Li, F. Xie, T. Ball, V. Levin, and C. Mcgarvey. 2010. An Automata-Theoretic Approach to Hardware/Software Co-verification. In FASE. 248--262.

Digital Library

[14]

S. Malik and P. Subramanyan. 2016. INVITED: Specification and Modeling for Systems-on-Chip Security Verification. In DAC. 1--6.

Digital Library

[15]

R. Mukherjee, M. Purandare, R. Polig, and D. Kroening. 2017. Formal Techniques for Effective Co-verification of Hardware/Software Co-designs. In DAC. 1--6.

Digital Library

[16]

M. D. Nguyen, M. Wedler, D. Stoffel, and W. Kunz. 2011. Formal Hardware/Software Co-Verification by Interval Property Checking with Abstraction. In DAC. 510--515.

Digital Library

[17]

Z. Rakamari and M. Emmi. 2014. SMACK: Decoupling Source Language Details. In CAV. 106--113.

Digital Library

[18]

J. H. Salim, R. Olsson, and A. Kuznetsov. 2001. Beyond Softnet. In ALS. 18--18.

Digital Library

[19]

B. Schmidt, C. Villarraga, J. Bormann, D. Stoffel, M. Wedler, and W. Kunz. 2013. A Computational Model for SAT-based Verification of Hardware-dependent Low-Level Embedded System Software. In ASPDAC. 711--716.

[20]

P. Subramanyan and D. Arora. 2015. Formal Verification of Taint-propagation Security Properties in a Commercial SoC Design. In DATE. 1--2.

Digital Library

[21]

P. Subramanyan, B.-Y. Huang, Y. Vizel, A. Gupta, and S. Malik. 2017. Template-based Parameterized Synthesis of Uniform Instruction-Level Abstractions for SoC Verification. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst (2017).

Digital Library

[22]

P. Subramanyan, S. Malik, H. Khattri, A. Maiti, and J. Fung. 2016. Verifying Information Flow Properties of Firmware using Symbolic Execution. In DATE. 1393--1398.

Digital Library

Cited By

Huang BLyubomirsky SLi YHe MSmith GTambe TGaonkar ACanumalla VCheung AWei GGupta ATatlock ZMalik S(2024)Application-level Validation of Accelerator Designs Using a Formal Software/Hardware InterfaceACM Transactions on Design Automation of Electronic Systems10.1145/363905129:2(1-25)Online publication date: 14-Feb-2024
https://dl.acm.org/doi/10.1145/3639051
Qin MZhu JMao BHu W(2024)Hardware/software security co-verification and vulnerability detectionIntegration, the VLSI Journal10.1016/j.vlsi.2023.10208994:COnline publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1016/j.vlsi.2023.102089
Hassan MVörtler TEinwich KDrechsler RGroße D(2023)Toward System-Level Assertions for Heterogeneous SystemsAdvanced Boolean Techniques10.1007/978-3-031-28916-3_5(67-81)Online publication date: 24-Feb-2023
https://doi.org/10.1007/978-3-031-28916-3_5
Show More Cited By

Recommendations

Instruction-Level Abstraction (ILA): A Uniform Specification for System-on-Chip (SoC) Verification

Modern Systems-on-Chip (SoC) designs are increasingly heterogeneous and contain specialized semi-programmable accelerators in addition to programmable processors. In contrast to the pre-accelerator era, when the ISA played an important role in ...
Formal Security Verification of Concurrent Firmware in SoCs using Instruction-Level Abstraction for Hardware^*
2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC)
Formal security verification of firmware interacting with hardware in modern Systems-on-Chip (SoCs) is a critical research problem. This faces the following challenges: (1) design complexity and heterogeneity, (2) semantics gaps between software and ...
Formal Verification of Security Critical Hardware-Firmware Interactions in Commercial SoCs
DAC '19: Proceedings of the 56th Annual Design Automation Conference 2019

We present an effective methodology for formally verifying security-critical flows in a commercial System-on-Chip (SoC) which involve extensive interaction between firmware (FW) and hardware (HW). We describe several HW-FW interaction scenarios that are ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DAC '18: Proceedings of the 55th Annual Design Automation Conference

June 2018

1089 pages

ISBN:9781450357005

DOI:10.1145/3195970

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

EDAC: Electronic Design Automation Consortium
SIGDA: ACM Special Interest Group on Design Automation
IEEE Council on Electronic Design Automation (CEDA)

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 June 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

DAC '18

Sponsor:

EDAC
SIGDA

DAC '18: The 55th Annual Design Automation Conference 2018

June 24 - 29, 2018

California, San Francisco

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Upcoming Conference

DAC '25

Sponsor:
sigda

62nd ACM/IEEE Design Automation Conference

June 22 - 26, 2025

San Francisco , CA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
426
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Huang BLyubomirsky SLi YHe MSmith GTambe TGaonkar ACanumalla VCheung AWei GGupta ATatlock ZMalik S(2024)Application-level Validation of Accelerator Designs Using a Formal Software/Hardware InterfaceACM Transactions on Design Automation of Electronic Systems10.1145/363905129:2(1-25)Online publication date: 14-Feb-2024
https://dl.acm.org/doi/10.1145/3639051
Qin MZhu JMao BHu W(2024)Hardware/software security co-verification and vulnerability detectionIntegration, the VLSI Journal10.1016/j.vlsi.2023.10208994:COnline publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1016/j.vlsi.2023.102089
Hassan MVörtler TEinwich KDrechsler RGroße D(2023)Toward System-Level Assertions for Heterogeneous SystemsAdvanced Boolean Techniques10.1007/978-3-031-28916-3_5(67-81)Online publication date: 24-Feb-2023
https://doi.org/10.1007/978-3-031-28916-3_5
Paganoni MFuria C(2023)Verifying Functional Correctness Properties at the Level of Java BytecodeFormal Methods10.1007/978-3-031-27481-7_20(343-363)Online publication date: 3-Mar-2023
https://doi.org/10.1007/978-3-031-27481-7_20
Herdt VGroße DDrechsler RHerdt VGroße DDrechsler R(2023)Verifizierung von eingebetteten Software-Binärdateien mit Hilfe virtueller PrototypenVerbessertes virtuelles Prototyping10.1007/978-3-031-18174-0_6(153-188)Online publication date: 1-Jan-2023
https://doi.org/10.1007/978-3-031-18174-0_6
Kulik TDongol BLarsen PMacedo HSchneider STran-Jørgensen PWoodcock J(2022)A Survey of Practical Formal Methods for SecurityFormal Aspects of Computing10.1145/352258234:1(1-39)Online publication date: 5-Jul-2022
https://dl.acm.org/doi/10.1145/3522582
Rais MLi YAhmed I(2021)Dynamic-thermal and localized filament-kinetic attacks on fused filament fabrication based 3D printing processAdditive Manufacturing10.1016/j.addma.2021.10220046(102200)Online publication date: Oct-2021
https://doi.org/10.1016/j.addma.2021.102200
Møller BSøndergaard JJensen KPedersen MBøgedal TChristensen APoulsen DLarsen KHansen RJensen TMadsen HUhrenfeldt H(2021)Preliminary Security Analysis, Formalisation, and Verification of OpenTitan Secure Boot CodeSecure IT Systems10.1007/978-3-030-91625-1_11(192-211)Online publication date: 13-Nov-2021
https://doi.org/10.1007/978-3-030-91625-1_11
Herdt VGroße DDrechsler RHerdt VGroße DDrechsler R(2020)Verification of Embedded Software Binaries using Virtual PrototypesEnhanced Virtual Prototyping10.1007/978-3-030-54828-5_6(143-174)Online publication date: 15-Oct-2020
https://doi.org/10.1007/978-3-030-54828-5_6
Dessouky GGens DHaney PPersyn GKanuparthi AKhattri HFung JSadeghi ARajendran JHeninger NTraynor P(2019)HardfailsProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361354(213-230)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361354
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten