skip to main content
research-article

The Mechanized Marriage of Effects and Monads with Applications to High-assurance Hardware

Published: 08 January 2019 Publication History

Abstract

Constructing high-assurance, secure hardware remains a challenge, because to do so relies on both a verifiable means of hardware description and implementation. However, production hardware description languages (HDL) lack the formal underpinnings required by formal methods in security. Still, there is no such thing as high-assurance systems without high-assurance hardware. We present a core calculus of secure hardware description with its formal semantics, security type system, and mechanization in Coq. This calculus is the core of the functional HDL, ReWire, shown in previous work to have useful applications in reconfigurable computing. This work supports a full-fledged, formal methodology for producing high-assurance hardware.

References

[1]
D. Andrews. 2015. Will the future success of reconfigurable computing require a paradigm shift in our research community’s thinking? Keynote address, Applied Reconfigurable Computing. Retrieved from http://hthreads.csce.uark.edu/mediawiki/images/d/d8/Arc-presentation.pdf.
[2]
A. Azevedo de Amorim, N. Collins, A. DeHon, D. Demange, C. Hriţcu, D. Pichardie, B. Pierce, R. Pollack, and A. Tolmach. 2014. A verified information-flow architecture. In Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’14). 165--178.
[3]
C. Baaij and J. Kuper. 2014. Using rewriting to synthesize functional languages to digital circuits. In Proceedings of the Symposium on Trends in Functional Programming (LNCS), Vol. 8322. 17--33.
[4]
J. Bachrach, H. Vo, B. Richards, Y. Lee, A. Waterman, R. Avizienis, J. Wawrzynek, and K. Asanovic. 2012. Chisel: Constructing hardware in a Scala embedded language. In Proceedings of the Design Automation Conference (DAC’12). 1216--1225.
[5]
D. Bacon, R. Rabbah, and S. Shukla. 2013. FPGA programming for the masses. Queue 11, 2, Article 40 (Feb. 2013).
[6]
L. Baugh, N. Neelakantam, and C. Zilles. 2008. Using hardware memory protection to build a high-performance, strongly-atomic hybrid transactional memory. In Proceedings of the 35th Annual International Symposium on Computer Architecture (ISCA’08). 115--126.
[7]
R. Bird and P. Wadler. 1988. Introduction to Functional Programming. Prentice Hall.
[8]
P. Bjesse, K. Claessen, M. Sheeran, and S. Singh. 1998. Lava: Hardware design in Haskell. In Proceedings of the 3rd International Conference on Functional Programming (ICFP’98). 174--184.
[9]
T. Braibant and A. Chlipala. 2013. Formal verification of hardware synthesis. In Proceedings of the International Conference on Computer Aided Verification (CAV’13). 213--228.
[10]
G. Cabodi and M. Murciano. 2006. BDD-Based hardware verification. In Proceedings of the 6th International Conference on Formal Methods for the Design of Computer, Communication, and Software Systems (SFM’06). 78--107.
[11]
J. Choi, M. Vijayaraghavan, B. Sherman, A. Chlipala, and Arvind. 2017. Kami: A platform for high-level parametric hardware specification and its modular verification. Proc. ACM Program. Lang. 1, ICFP, Article 24 (Aug. 2017).
[12]
K. Claessen and J. Hughes. 2000. QuickCheck: A lightweight tool for random testing of Haskell programs. SIGPLAN Not. 35, 9 (Sep. 2000), 268--279.
[13]
D. Cock, G. Klein, and T. Sewell. 2008. Secure microkernels, state monads and scalable refinement. In Proceedings of the International Conference on Theorem Proving in Higher Order Logics (TPHOLs’08). 167--182.
[14]
Coq {n.d.}. The Coq Proof Assistant. Retrieved from https://coq.inria.fr.
[15]
T. Coquand. 1994. Infinite Objects in Type Theory. Springer, Berlin, 62--78.
[16]
K. Crary, A. Kliger, and F. Pfenning. 2005. A monadic analysis of information flow security with mutable state. J. Funct. Program. 15, 2 (Mar. 2005), 249--291.
[17]
C. Doczkal and J. Schwinghammer. 2009. Formalizing a strong normalization proof for Moggi’s computational metalanguage: A case study in Isabelle/HOL-nominal. In Proceedings of the 4th International Workshop on Logical Frameworks and Meta-Languages: Theory and Practice (LFMTP’09). ACM, New York, NY, 57--63.
[18]
Jean H. Gallier. 1990. On Girard’s “candidates de reducibilite.” In Logic and Computer Science. Academic Press, 123--204.
[19]
P. Gammie. 2013. Synchronous digital circuits as functional programs. ACM Comput. Surv. 46, 2, Article 21 (Nov. 2013).
[20]
N. George, H. Lee, D. Novo, T. Rompf, K. J. Brown, A. K. Sujeeth, M. Odersky, K. Olukotun, and P. Ienne. 2014. Hardware system synthesis from domain-specific languages. In Proceedings of the 24th International Conference on Field Programmable Logic and Applications (FPL’14). 1--8.
[21]
D. Ghica and A. Jung. 2016. Categorical semantics of digital circuits. In Proceedings of the International Conference on Formal Methods in Computer-Aided Design (FMCAD’16).
[22]
E. Giménez. 1995. Codifying Guarded Definitions with Recursive Schemes. Springer, Berlin, 39--59.
[23]
J.-Y. Girard, Y. Lafont, and P. Taylor. 1989. Proofs and Types. Vol. 7. Cambridge University Press, Cambridge.
[24]
J. A. Goguen and J. Meseguer. 1984. Unwinding and inference control. In Proceedings of the IEEE Symposium on Security and Privacy. 75--86.
[25]
S. Goncharov and L. Schröder. 2011. A coinductive calculus for asynchronous side-effecting processes. In Proceedings of the 18th International Conference on Fundamentals of Computation Theory. 276--287.
[26]
M. Gordon. 1995. The semantic challenge of Verilog HDL. In Proceedings of the 10th Annual IEEE Symposium on Logic in Computer Science (LICS’95). 136--145.
[27]
I. Graves, W. Harrison, A. Procter, and G. Allwein. 2015. Provably correct development of reconfigurable hardware designs via equational reasoning. In Proceedings of the IEEE International Conference on Field-Programmable Technology (ICFPT’15). 160--171.
[28]
I. Graves, A. Procter, W. Harrison, M. Becchi, and G. Allwein. 2015. Hardware synthesis from functional embedded domain-specific languages: A case study in regular expression compilation. In Proceedings of the Conference on Applied Reconfigurable Computing (LNCS), Vol. 9040. 41--52.
[29]
W. Harrison. 2006. The essence of multitasking. In Algebraic Methodology and Software Technology. Springer, 158--172.
[30]
W. Harrison and J. Hook. 2009. Achieving information flow security through monadic control of effects. J. Comput. Sci. 17, 5 (Oct. 2009), 599--653.
[31]
W. Harrison, A. Procter, and G. Allwein. 2016. Model-driven design and synthesis of the SHA-256 cryptographic hash function in ReWire. In Proceedings of the 27th International Symposium on Rapid System Prototyping (RSP’16). 1--7.
[32]
W. Harrison, A. Procter, I. Graves, M. Becchi, and G. Allwein. 2016. A programming model for reconfigurable computing based in functional concurrency. In Proceedings of the 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip.
[33]
Bluespec Homepage. 2017. Retrieved from http://bluespec.com.
[34]
B. Huffman. 2012. HOLCF’11: A Definitional Domain Theory for Verifying Functional Programs. Ph.D. Dissertation. Portland State University.
[35]
T. Huffmire, C. Irvine, T. Nguyen, T. Levin, R. Kastner, and T. Sherwood. 2010. Handbook of FPGA Design Security. Springer.
[36]
T. Huffmire, S. Prasad, T. Sherwood, and R. Kastner. 2006. Policy-driven memory protection for reconfigurable hardware. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’06). LNCS, Vol. 4189. 461--478.
[37]
T. Huffmire, T. Sherwood, R. Kastner, and T. Levin. 2008. Enforcing memory policy specifications in reconfigurable hardware. Comput. Secur. 27, 5--6 (2008), 197--215.
[38]
C. Kloos and P. Breuer (Eds.). 1995. Formal Semantics for VHDL. Kluwer Academic Publishers.
[39]
H. Lee, K. Brown, A. Sujeeth, H. Chafi, T. Rompf, M. Odersky, and K. Olukotun. 2011. Implementing domain-specific languages for heterogeneous parallel computing. IEEE Micro 31, 5 (Sep. 2011), 42--53.
[40]
X. Leroy. 2009. Formal verification of a realistic compiler. Commun. ACM 52, 7 (July 2009), 107--115.
[41]
X. Li, V. Kashyap, J. Oberg, M. Tiwari, V. R. Rajarathinam, R. Kastner, T. Sherwood, B. Hardekopf, and F. Chong. 2014. Sapper: A language for hardware-level security policy enforcement. In Proceedings of the ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’14).
[42]
X. Li, M. Tiwari, J. Oberg, V. Kashyap, F. Chong, T. Sherwood, and B. Hardekopf. 2011. Caisson: A hardware description language for secure information flow. In Proceedings of the Programming Language Design and Implementation Conference (PLDI’11). 109--120.
[43]
S. Liang, P. Hudak, and M. Jones. 1995. Monad transformers and modular interpreters. In Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’95). 333--343.
[44]
A. Megacz. 2012. Hardware design with generalized arrows. In Proceedings of the 23rd International Conference on Implementation and Application of Functional Languages (IFL’11). Springer-Verlag, Berlin, 164--180.
[45]
T. Melham. 1993. Higher Order Logic and Hardware Verification. Cambridge Tracts in Theoretical Computer Science, Vol. 31. Cambridge University Press.
[46]
J. Mitchell. 1996. Foundations for Programming Languages. MIT Press Cambridge.
[47]
E. Moggi. 1990. An Abstract View of Programming Languages. Technical Report ECS-LFCS-90-113. Department of Computer Science, Edinburgh University.
[48]
E. Moggi. 1991. Notions of computation and monads. Info. Comput. 93, 1 (July 1991), 55--92.
[49]
A. Myers. 2017. personal communication.
[50]
A. Nanevski, G. Morrisett, A. Shinnar, P. Govereau, and L. Birkedal. 2008. Ynot: Dependent types for imperative programs. In Proceedings of the International Conference on Functional Programming (ICFP’08). 229--240.
[51]
F. Nielson, H. Nielson, and C. Hankin. 1999. Principles of Program Analysis.
[52]
R. S. Nikhil and Arvind. 2009. What is bluespec? SIGDA Newslett. 39, 1 (Jan. 2009), 1--1.
[53]
S. Ouchani, O. A. Mohamed, and M. Debbabi. 2013. A formal verification framework for bluespec system verilog. In Proceedings of the Forum on Specification and Design Languages (FDL’13). 1--7.
[54]
S. Peyton Jones (Ed.). 2003. Haskell 98 Language and Libraries, the Revised Report. Cambridge University Press.
[55]
B. C. Pierce, C. Casinghino, M. Gaboardi, M. Greenberg, C. Hriţcu, V. Sjoberg, and B. Yorgey. 2015. Software Foundations. Electronic textbook.
[56]
A. Procter. 2014. Semantics-Driven Design and Implementation of High-assurance Hardware. Ph.D. Dissertation. University of Missouri, 2014. Department of Computer Science.
[57]
A. Procter, W. Harrison, I. Graves, M. Becchi, and G. Allwein. 2015. Semantics driven hardware design, implementation, and verification with ReWire. In Proceedings of the ACM SIGPLAN/SIGBED Conference on Languages, Compilers, Tools and Theory for Embedded Systems (LCTES’15).
[58]
A. Procter, W. Harrison, I. Graves, M. Becchi, and G. Allwein. 2017. A principled approach to secure multi-core processor design with ReWire. ACM Trans. Embed. Comput. Syst. 16, 2, Article 33 (Feb. 2017), 33:1--33:25.
[59]
Code repository for MEMOCODE. 2017. Retrieved from https://goo.gl/FYf6xU.
[60]
D. Richards and D. Lester. 2011. A monadic approach to automated reasoning for bluespec systemverilog. Innovat. Syst. Softw. Eng. 7, 2 (Mar. 2011), 85.
[61]
A. Sabelfeld and A. Myers. 2003. Language-based information-flow security. IEEE J. Sel. Areas Commun. 21, 1 (Jan. 2003).
[62]
I. Sander and A. Jantsch. 2004. System modeling and transformational design refinement in ForSyDe. IEEE Trans. Comput.-Aided Design Integr. Circ. Syst. 23, 1 (2004), 17--32.
[63]
I. Sander and A. Jantsch. 2008. Modelling adaptive systems in ForSyDe. Electron. Notes Theoret. Comput. Sci. 200, 2 (2008), 39--54.
[64]
D. Sangiorgi. 2009. On the origins of bisimulation and coinduction. ACM Trans. Program. Lang. Syst. 31, 4 (May 2009), 15:1--15:41.
[65]
L. Schröder and T. Mossakowski. 2009. HasCasl: Integrated higher-order specification and program development. Theoret. Comput. Sci. 410, 12 (2009), 1217--1260.
[66]
M. Sheeran. 1984. muFP, a language for VLSI design. In Proceedings of the 1984 ACM Symposium on LISP and Functional Programming (LFP’84). ACM, New York, NY, 104--112.
[67]
G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. 2004. Secure program execution via dynamic information flow tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’04). ACM, New York, NY, 85--96.
[68]
W. Swierstra. 2009. A hoare logic for the state monad. In Proceedings of the International Conference on Theorem Proving in Higher Order Logics (TPHOLs’09). 440--451.
[69]
W. W. Tait. 1967. Intensional interpretations of functionals of finite type I. J. Symbol. Logic 32, 2 (1967), 198--212.
[70]
W. W. Tait. 1975. A realizability interpretation of the theory of species. In Logic Colloquium (Lectures Notes in Mathematics), R. Parikh (Ed.), Vol. 453. Springer-Verlag, Boston, 240--251.
[71]
M. Tehranipoor and C. Wang. 2011. Introduction to Hardware Security and Trust. Springer Publishing Company, Incorporated.
[72]
M. Tiwari, Xun Li, H. M. G. Wassel, F. T. Chong, and T. Sherwood. 2009. Execution leases: A hardware-supported mechanism for enforcing strong non-interference. In Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO’09). 493--504.
[73]
M. Tiwari, J. K. Oberg, X. Li, J. Valamehr, T. Levin, B. Hardekopf, R. Kastner, F. T. Chong, and T. Sherwood. 2011. Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security. In Proceedings of the 38th Annual International Symposium on Computer Architecture (ISCA’11). 189--200.
[74]
M. Tiwari, H. M. G. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood. 2009. Complete information flow tracking from the gates up. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’09). ACM, New York, NY, 109--120.
[75]
M. Tiwari, H. M. G. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood. 2009. Complete information flow tracking from the gates up. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’09). ACM, New York, NY, 109--120.
[76]
S. M. Trimberger and J. J. Moore. 2014. FPGA security: Motivations, features, and applications. Proc. IEEE 102, 8 (Aug 2014), 1248--1265.
[77]
D. Volpano, C. Irvine, and G. Smith. 1996. A sound type system for secure flow analysis. J. Comput. Secur. 4, 2--3 (Jan. 1996), 167--187. Retrieved from http://dl.acm.org/citation.cfm?id=353629.353648.
[78]
VST {n. d.}. Verified Software Toolchain. Retrieved from http://vst.cs.princeton.edu.
[79]
A. Procter, W. Harrison, and G. Allwein. 2012. The confinement problem in the presence of faults. In Proceedings of the International Conference on Formal Engineering Methods (ICFEM’12). 182--197.
[80]
P. Wadler. 1998. The marriage of effects and monads. In Proceedings of the International Conference on Functional Programming (ICFP’98). 63--74.
[81]
N. Zeldovich, H. Kannan, M. Dalton, and C. Kozyrakis. 2008. Hardware enforcement of application security policies using tagged memory. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI’08). USENIX Association, Berkeley, CA, 225--240. Retrieved from http://dl.acm.org/citation.cfm?id=1855741.1855757.
[82]
K. Zhai, R. Townsend, L. Lairmore, M. A. Kim, and S. A. Edwards. 2015. Hardware synthesis from a recursive functional language. In Proceedings of the 10th International Conference on Hardware/Software Codesign and System Synthesis (CODES’15). IEEE Press, Piscataway, NJ, 83--93. Retrieved from http://dl.acm.org/citation.cfm?id=2830840.2830850.
[83]
D. Zhang, Y. Wang, G. E. Suh, and A. Myers. 2014. A Hardware Design Language for Efficient Control of Timing Channels. Technical Report 2014-04-10. Department of Computer Science, Cornell University. Extended version of the authors’ ASPLOS’15 paper.

Cited By

View all
  • (2023)Formalized High Level Synthesis with Applications to Cryptographic HardwareNASA Formal Methods10.1007/978-3-031-33170-1_20(332-352)Online publication date: 3-Jun-2023
  • (2020)Verifiable security templates for hardwareProceedings of the 23rd Conference on Design, Automation and Test in Europe10.5555/3408352.3408502(658-661)Online publication date: 9-Mar-2020
  • (2020)Verifiable Security Templates for Hardware2020 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE48585.2020.9116342(658-661)Online publication date: Mar-2020
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Embedded Computing Systems
ACM Transactions on Embedded Computing Systems  Volume 18, Issue 1
Special Issue on MEMOCODE 2017 and Regular Papers
January 2019
259 pages
ISSN:1539-9087
EISSN:1558-3465
DOI:10.1145/3305158
Issue’s Table of Contents
Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

Publication History

Published: 08 January 2019
Accepted: 01 August 2018
Revised: 01 May 2018
Received: 01 December 2017
Published in TECS Volume 18, Issue 1

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. High-level synthesis
  2. hardware verification
  3. security

Qualifiers

  • Research-article
  • Research
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)8
  • Downloads (Last 6 weeks)0
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Formalized High Level Synthesis with Applications to Cryptographic HardwareNASA Formal Methods10.1007/978-3-031-33170-1_20(332-352)Online publication date: 3-Jun-2023
  • (2020)Verifiable security templates for hardwareProceedings of the 23rd Conference on Design, Automation and Test in Europe10.5555/3408352.3408502(658-661)Online publication date: 9-Mar-2020
  • (2020)Verifiable Security Templates for Hardware2020 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE48585.2020.9116342(658-661)Online publication date: Mar-2020
  • (2020)Strongly bounded termination with applications to security and hardware synthesisProceedings of the 5th ACM SIGPLAN International Workshop on Type-Driven Development10.1145/3406089.3409029(1-10)Online publication date: 23-Aug-2020

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media