Abstract
Modern System-on-Chips (SoCs) are notoriously insecure. Hence, the fundamental security feature of IP isolation is heavily used, e. g., secured Memory Mapped IOs (MMIOs), or secured address ranges in case of memories, are marked as non-accessible. One way to provide strong assurance of security is to define isolation as information flow policy in hardware using the notion of non-interference. Since, an insecure hardware opens up the door for attacks across the entire system stack (from software down to hardware), the security validation process should start as early as possible in the SoC design cycle, i. e. at Electronic System Level (ESL). Hence, in this paper we propose the first dynamic information flow analysis at ESL. Our approach allows to validate the run-time behavior of a given SoC implemented using Virtual Prototypes (VPs) against security threat models, such as information leakage (confidentiality) and unauthorized access to data in a memory (integrity). Experiments show the applicability and efficacy of the proposed method on various VPs including a real-world system.
Funding source: Bundesministerium für Bildung und Forschung
Award Identifier / Grant number: 16KIS0821K
Award Identifier / Grant number: 16K1S0606K
Award Identifier / Grant number: 16ES0656
Funding source: Deutsche Forschungsgemeinschaft
Award Identifier / Grant number: 276397488 – SFB 1232
Funding statement: This work was supported by the German Federal Ministry of Education and Research (BMBF) within the projects SATiSFy under grant no. 16KIS0821K, SecRec under grant no. 16K1S0606K, CONVERS under grant no. 16ES0656, the subproject P01 “Predictive function” funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) – Projektnummer 276397488 – SFB 1232, and by the University of Bremen’s graduate school SyDe, funded by the German Excellence Initiative.
About the authors
Mehran Goli received the B. Sc. degree in computer engineering from the University of Shahid Beheshti, Tehran, Iran, in 2012, and M. Sc. degree in computer engineering from the University of Tehran, Tehran, Iran, in 2015. He is currently pursuing the Ph. D. degree with the Group of Computer Architecture, University of Bremen, Bremen, Germany. His current research interests include system level design, verification and validation.
Muhammad Hassan received his B. Sc. degree in Telecommunication Engineering from NUCES-FAST, Islamabad, Pakistan in 2010. He received his M. Sc. degree in Communication Engineering from RWTH Aachen, Aachen, Germany in 2015. He is currently pursing the PhD degree in Computer Architecture Group, University of Bremen, Bremen, Germany. His research interests include Analog/Mixed-Signal verification, System level verification, and validation, and security. He received a best paper award at DVCon Europe 2018.
Dr. Daniel Große received the Dr.-Ing. degree in computer science from the University of Bremen, Germany, in 2008, where he then worked as a postdoctoral researcher in the Group of Computer Architecture. In 2010 he was a substitute professor for computer architecture at Albert-Ludwigs University, Freiburg, Germany. From 2013 to 2014 he was CEO of the EDA start-up solvertec focusing on automated debugging techniques. Since 2015 he is a senior researcher at the University of Bremen and the German Research Center for Artificial Intelligence (DFKI) Bremen and also the scientific coordinator of the graduate school System Design (SyDe), funded within the German Excellence Initiative. His research interests include verification, virtual prototyping, debugging and synthesis. In these areas he has published more than 100 papers in peer-reviewed journals and conferences and served in program committees of numerous conferences, such as DAC, ICCAD, DATE, CODES+ISSS, ETS, FDL, GLSVLSI, and MEMOCODE. He received best paper awards at FDL 2007, DVCon Europe 2018, and ICCAD 2018.
Prof. Dr. Rolf Drechsler received the Diploma and Dr. Phil. Nat. degrees in computer science from J. W. Goethe University Frankfurt am Main, Frankfurt am Main, Germany, in 1992 and 1995, respectively. He was with the Institute of Computer Science, Albert-Ludwigs University, Freiburg im Breisgau, Germany, from 1995 to 2000, and with the Corporate Technology Department, Siemens AG, Munich, Germany, from 2000 to 2001. Since October 2001, he has been with the University of Bremen, Bremen, Germany, where he is currently a Full Professor and the Head of the Group for Computer Architecture, Institute of Computer Science. In 2011, he additionally became the Director of the Cyber-Physical Systems group at the German Research Center for Artificial Intelligence (DFKI) in Bremen. He is a co-founder of the Graduate School of Embedded Systems and he is the coordinator of the Graduate School “System Design” funded within the German Excellence Initiative His current research interests include the development and design of data structures and algorithms with a focus on circuit and system design. Rolf Drechsler was a member of Program Committees of numerous conferences including e. g. DAC, ICCAD, DATE, ASP-DAC, FDL, MEMOCODE, FMCAD, Symposiums Chair ISMVL 1999 and 2014, Symposium Chair ETS 2018, and the Topic Chair for “Formal Verification” DATE 2004, DATE 2005, DAC 2010, as well as DAC 2011. He received best paper awards at HVC in 2006, FDL in 2007 and 2010, DDECS in 2010 and ICCAD in 2013 and 2018. He is an Associate Editor of IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on Very Large Scale Integration Systems, IET Cyber-Physical Systems: Theory & Applications, International Journal on Multiple-Valued Logic and Soft Computing, and ACM Journal on Emerging Technologies in Computing Systems.
References
1. Accellera Systems Initiative. http://www.accellera.org/downloads/standards/systemc, 2016.Search in Google Scholar
2. A. Ardeshiricham, W. Hu, J. Marxen, and R. Kastner. Register transfer level information flow tracking for provably secure hardware design. In DATE, pages 1691–1696. IEEE, 2017.10.23919/DATE.2017.7927266Search in Google Scholar
3. I. S. Association et al.IEEE standard for standard SystemC language reference manual. IEEE Computer Society, 2012.Search in Google Scholar
4. J. Aynsley. TLM-2.0 base protocol checker. https://www.doulos.com/knowhow/systemc/tlm2. Accessed: 2018-01-30.Search in Google Scholar
5. J. Aynsley, editor. OSCI TLM-2.0 Language Reference Manual. Open SystemC Initiative (OSCI), 2009.Search in Google Scholar
6. M.-M. Bidmeshki and Y. Makris. Toward automatic proof generation for information flow policies in third-party hardware ip. In HOST, pages 163–168. IEEE, 2015.10.1109/HST.2015.7140256Search in Google Scholar
7. E. Bosman, A. Slowinska, and H. Bos. Minemu: The world’s fastest taint tracker. In RAID, pages 1–20. Springer, 2011.10.1007/978-3-642-23644-0_1Search in Google Scholar
8. J. Clause, W. Li, and A. Orso. Dytan: a generic dynamic taint analysis framework. In ISSTA, pages 196–206. ACM, 2007.10.1145/1273463.1273490Search in Google Scholar
9. S. Drzevitzky, U. Kastens, and M. Platzner. Proof-carrying hardware: Towards runtime verification of reconfigurable modules. In ReConFig, pages 189–194. IEEE, 2009.10.1109/ReConFig.2009.31Search in Google Scholar
10. S. Drzevitzky and M. Platzner. Achieving hardware security for reconfigurable systems on chip by a proof-carrying code approach. In ReCoSoC, pages 1–8. IEEE, 2011.10.1109/ReCoSoC.2011.5981499Search in Google Scholar
11. A. Ferraiuolo, R. Xu, D. Zhang, A. C. Myers, and G. E. Suh. Verification of a practical hardware security architecture through static information flow analysis. SIGOPS Oper. Syst. Rev., pages 555–568, 2017.10.1145/3037697.3037739Search in Google Scholar
12. V. Ganesh, T. Leek, and M. Rinard. Taint-based directed whitebox fuzzing. In ICSE, pages 474–484. IEEE Computer Society, 2009.10.1109/ICSE.2009.5070546Search in Google Scholar
13. M. Goli, J. Stoppe, and R. Drechsler. Automatic protocol compliance checking of SystemC TLM-2.0 simulation behavior using timed automata. In ICCD, 2017.10.1109/ICCD.2017.65Search in Google Scholar
14. D. Große and R. Drechsler. Quality-Driven SystemC Design. Springer, 2010.10.1007/978-90-481-3631-5Search in Google Scholar
15. X. Guo, R. G. Dutta, and Y. Jin. Eliminating the hardware-software boundary: A proof-carrying approach for trust evaluation on computer systems. TIFS, 12(2):405–417, 2017.10.1109/TIFS.2016.2621999Search in Google Scholar
16. M. Hassan, V. Herdt, H. M. Le, M. Chen, D. Große, and R. Drechsler. Data flow testing for virtual prototypes. In DATE, pages 380–385, 2017.10.23919/DATE.2017.7927020Search in Google Scholar
17. M. Hassan, V. Herdt, H. M. Le, D. Große, and R. Drechsler. Early SoC security validation by VP-based static information flow analysis. In ICCAD, pages 400–407, 2017.10.1109/ICCAD.2017.8203805Search in Google Scholar
18. V. Herdt, D. Große, H. M. Le, and R. Drechsler. Extensible and configurable RISC-V based virtual prototype. In FDL, pages 5–16, 2018.10.1109/FDL.2018.8524047Search in Google Scholar
19. W. Hu, J. Oberg, A. Irturk, M. Tiwari, T. Sherwood, D. Mu, and R. Kastner. Theoretical fundamentals of gate level information flow tracking. TCAD, 30(8):1128–1140, 2011.10.1109/TCAD.2011.2120970Search in Google Scholar
20. Y. Jin, B. Yang, and Y. Makris. Cycle-accurate information assurance by proof-carrying based signal sensitivity tracing. In HOST, pages 99–106. IEEE, 2013.10.1109/HST.2013.6581573Search in Google Scholar
21. V. P. Kemerlis, G. Portokalidis, K. Jee, and A. D. Keromytis. libdft: Practical dynamic data flow tracking for commodity systems. In Acm Sigplan Notices, volume 47, pages 121–132. ACM, 2012.10.1145/2365864.2151042Search in Google Scholar
22. H. Khattri, N. K. V. Mangipudi, and S. Mandujano. Hsdl: A security development lifecycle for hardware technologies. In HOST, pages 116–121. IEEE, 2012.10.1109/HST.2012.6224330Search in Google Scholar
23. P. Kocher, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom. Spectre attacks: Exploiting speculative execution. arXiv preprint arXiv:1801.01203, 2018.10.1109/SP.2019.00002Search in Google Scholar
24. X. Li, V. Kashyap, J. K. Oberg, M. Tiwari, V. R. Rajarathinam, R. Kastner, T. Sherwood, B. Hardekopf, and F. T. Chong. Sapper: A language for hardware-level security policy enforcement. ACM SIGARCH Computer Architecture News, 42(1):97–112, 2014.10.1145/2541940.2541947Search in Google Scholar
25. X. Li, M. Tiwari, J. K. Oberg, V. Kashyap, F. T. Chong, T. Sherwood, and B. Hardekopf. Caisson: a hardware description language for secure information flow. In ACM SIGPLAN Notices, volume 46, pages 109–120. ACM, 2011.10.1145/1993316.1993512Search in Google Scholar
26. M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg. Meltdown. CoRR, abs/1801.01207, 2018.Search in Google Scholar
27. E. Love, Y. Jin, and Y. Makris. Proof-carrying hardware intellectual property: A pathway to trusted module acquisition. TIFS, 7(1):25–40, 2012.10.1109/TIFS.2011.2160627Search in Google Scholar
28. F. Qin, C. Wang, Z. Li, H.-s.Kim, Y. Zhou, and Y. Wu. Lift: A low-overhead practical information flow tracking system for detecting security attacks. In MICRO, pages 135–148. IEEE, 2006.10.1109/MICRO.2006.29Search in Google Scholar
29. B. C. Schafer and A. Mahapatra. S2CBench: Synthesizable SystemC benchmark suite for high-level. IEEE Embedded Systems Letters, (3):53–56, 2014.10.1109/LES.2014.2320556Search in Google Scholar
30. T. Schuster, R. Meyer, R. Buchty, L. Fossati, and M. Berekovic. Socrocket – A virtual platform for the European space agency’s soc development. In ReCoSoC, pages 1–7, 2014, available at http://github.com/socrocket.10.1109/ReCoSoC.2014.6860690Search in Google Scholar
31. S. Skorobogatov and C. Woods. Breakthrough silicon scanning discovers backdoor in military chip. In CHES, pages 23–40. Springer, 2012.10.1007/978-3-642-33027-8_2Search in Google Scholar
32. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In ACM Sigplan Notices, volume 39, pages 85–96. ACM, 2004.10.1145/1037187.1024404Search in Google Scholar
33. M. Tiwari, H. M. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood. Complete information flow tracking from the gates up. In ACM Sigplan Notices, volume 44, pages 109–120. ACM, 2009.10.1145/1508284.1508258Search in Google Scholar
34. N. Vachharajani, M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August. Rifle: An architectural framework for user-centric information-flow security. In MICRO, pages 243–254. IEEE, 2004.Search in Google Scholar
35. W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In USENIX Security Symposium, pages 121–136, 2006.Search in Google Scholar
36. D. Zhang, Y. Wang, G. E. Suh, and A. C. Myers. A hardware design language for timing-sensitive information-flow security. ACM SIGPLAN Notices, 50(4):503–516, 2015.10.1145/2694344.2694372Search in Google Scholar
© 2019 Walter de Gruyter GmbH, Berlin/Boston
