toward a methodology for unified verification of hw sw co
play

Toward a methodology for Unified Verification of HW/SW Co-designs - PowerPoint PPT Presentation

Sep 21, 2022 •121 likes •440 views

Toward a methodology for Unified Verification of HW/SW Co-designs Building a bridge between two worlds Florian Lugou <florian.lugou@telecom-paristech.fr> Ludovic Apvrille <ludovic.apvrille@telecom-paristech.fr> Aurlien

  1. Toward a methodology for Unified Verification of HW/SW Co-designs Building a bridge between two worlds Florian Lugou <florian.lugou@telecom-paristech.fr> Ludovic Apvrille <ludovic.apvrille@telecom-paristech.fr> Aurélien Francillon <aurelien.francillon@eurecom.fr>

  2. Contents Why? SMART Why Hardware/Software co-designs? Why unified verification? Don’t we already do that? Successive verification of HW & SW Unified verification SMASHUP What is it? Using ProVerif Limitations and discussion Demo Institut Mines-Télécom PROOFS 2015 2 3/10/2015

  3. Contents Why? SMART Why Hardware/Software co-designs? Why unified verification? Don’t we already do that? Successive verification of HW & SW Unified verification SMASHUP What is it? Using ProVerif Limitations and discussion Demo Institut Mines-Télécom PROOFS 2015 3 3/10/2015

  4. SMART remote attestation Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust Verifier Prover Generate challenge challenge Compute fingerprint fingerprint Accept or Reject Institut Mines-Télécom PROOFS 2015 4 3/10/2015

  5. SMART a HW/SW co-design Data Processor Memory Backbone Program attests ROM Verifier Key K X Prover Institut Mines-Télécom PROOFS 2015 5 3/10/2015

  6. SMART Bringing formal guarantees We are here interested in SW-level attacks (no side channel attack, etc.). Formal verification of SMART raises challenges : Security of the scheme depends on secrecy of K . Vulnerabilities in SW (ROM) could endanger secrecy. Custom HW must be taken into account. Security depends on HW features such as interrupt masking. Institut Mines-Télécom PROOFS 2015 6 3/10/2015

  7. Growing Interest in HW/SW Co-designs HW modification is costly but : Mass production makes HW customization affordable. Some HW modifications are cheaper than others. In some cases, strong security guarantees can’t be achieved in pure SW. It’s because HW modification is costly that formally verifying it is essential. Institut Mines-Télécom PROOFS 2015 7 3/10/2015

  8. Verifying both Hardware and Software Different models and methods SW prop SW spec source SW SW SW proof SW model integration prover assembly binary assumed HW model HW impl netlist HW HW HW proof HDL HW model prover modelisation spec HW HW prop Different methods of verification. SW: symbolic execution, taint propagation, model checking, . . . HW: model checking, equivalence checking, . . . Institut Mines-Télécom PROOFS 2015 8 3/10/2015

  9. Verifying both Hardware and Software But close interactions However, HW and SW may have close interactions : SW and HW parts involved in a protocol; HW impacts the way SW is executed. This is particularly true for security designs . Institut Mines-Télécom PROOFS 2015 9 3/10/2015

  10. Contents Why? SMART Why Hardware/Software co-designs? Why unified verification? Don’t we already do that? Successive verification of HW & SW Unified verification SMASHUP What is it? Using ProVerif Limitations and discussion Demo Institut Mines-Télécom PROOFS 2015 10 3/10/2015

  11. Successive verification of HW & SW The idea Independant Verification SW prop SW spec source SW SW SW proof SW model integration prover assembly binary assumed HW model HW impl netlist HW HW HW proof HDL HW model prover modelisation spec HW HW prop Institut Mines-Télécom PROOFS 2015 11 3/10/2015

  12. Successive verification of HW & SW The idea Successive Verification prop SW spec source SW prover proof whole model integration assembly 2 binary HW model HW impl netlist refinement HW prover HDL proof 1 spec HW Institut Mines-Télécom PROOFS 2015 11 3/10/2015

  13. Successive verification of HW & SW The idea Manual expression of a formal model that: enables HW to be proved correct against this model, enables the verifier to express properties in this formal environment , and formalizes the effects of SW instructions on the model. The presence of the verifier is needed to bridge the semantic gap between HW and SW Institut Mines-Télécom PROOFS 2015 12 3/10/2015

  14. Successive verification of HW & SW Feasibility and drawbacks Is it feasible? Finding such model is tedious and involves a lot of manual effort . Feasible when SW & HW are disjoint enough to find a simple formal interface. How could we automate this? Institut Mines-Télécom PROOFS 2015 13 3/10/2015

  15. Unified verification The idea Successive Verification prop SW spec source SW prover proof whole model integration assembly binary HW model HW impl netlist refinement HDL HW prover proof spec HW Institut Mines-Télécom PROOFS 2015 14 3/10/2015

  16. Unified verification The idea Unified Verification prop SW spec source SW prover proof whole model integration assembly binary HW model HW impl netlist HW HW language HDL modelisation model spec HW Institut Mines-Télécom PROOFS 2015 14 3/10/2015

  17. Unified verification The idea Use a formal representation of the HDL . Express the effect of each HDL statement , so that the composition of these is a formal representation of the whole . May restrict the scope of designs. Create an interface to integrate software. Institut Mines-Télécom PROOFS 2015 15 3/10/2015

  18. Unified verification ex: loosely coupled designs E.g: HW and SW parts using a protocol to communicate 1 2 agents communicate through a clear interface HW and SW describe the behaviour of each agent doesn’t really matter whether it’s HW or SW Use a common language (as SystemC) and SW analysis tools 1. D. Kroening et al., Formal Verification of SystemC by Automatic Hard- ware/Software Partitioning Institut Mines-Télécom PROOFS 2015 16 3/10/2015

  19. Unified verification ex: tightly coupled designs E.g.: Customizing core processor logic HW customizes the way SW must be modelled would require low level representation of HW automated extraction of SW concepts (program counter, stack frames, etc.) is nowaday mostly unfeasible SW representation that could be linked to a low level representation of HW: binary format Find a compromise between exhaustivity of HW description and scalability of the proof? Institut Mines-Télécom PROOFS 2015 17 3/10/2015

  20. Contents Why? SMART Why Hardware/Software co-designs? Why unified verification? Don’t we already do that? Successive verification of HW & SW Unified verification SMASHUP What is it? Using ProVerif Limitations and discussion Demo Institut Mines-Télécom PROOFS 2015 18 3/10/2015

  21. SMASHUP: What is it? Simple Modelling and Attestation of Software and Hardware Using Proverif. A python compiler from HW + SW to ProVerif specification. SW is provided as assembly language (MSP430). HW is described as a list of standard modules . Properties are expressed as secrecy properties. The specification produced can be checked with ProVerif . Institut Mines-Télécom PROOFS 2015 19 3/10/2015

  22. SMASHUP: What is it? prop SW spec source SW prover whole model proof integration assembly binary HW model HW impl netlist HW HW language HDL modelisation model spec HW Institut Mines-Télécom PROOFS 2015 20 3/10/2015

  23. SMASHUP: What is it? prop SW spec source SW prover whole model proof integration assembly binary ProVerif python modules HW model HW impl netlist HW HW language HDL modelisation model spec HW SMASHUP Institut Mines-Télécom PROOFS 2015 20 3/10/2015

  24. Using ProVerif Introduction “ProVerif is a tool for automatically analyzing the security of cryptographic protocols.” automatically : simple reasoning with Horn clauses • � p i or � p i → q i i security : naturally handles secrecy and authenticity properties protocols : multiple processes sending and receiving messages Motivations: simple logic and security orientation Institut Mines-Télécom PROOFS 2015 21 3/10/2015

  25. Using ProVerif Reasoning with Horn clauses Works on predicates. E.g: attacker ( var ) means the attacker knows value of var. Horn clauses as logic bases. For instance: mess ( ch , m ) ∧ attacker ( ch ) → attacker ( m ) attacker ( ch ) ∧ attacker ( m ) mess ( ch , m ) . and → Verification is based on unification of clauses: attacker ( m ) → attacker ( f ( m )) attacker ( f ( g ( m ))) attacker ( m ) , and → results in attacker ( g ( m )) → attacker ( m ) . Institut Mines-Télécom PROOFS 2015 22 3/10/2015

  26. Using ProVerif Application to verification of low-level SW new predicate: state ( pc , s ) means “a state where PC equals pc and system is in state s is reachable” effect of an instruction: state ( pc , s ) → state ( pc ′ , s ′ ) Memory is modelled as an array of variables. Example of HW modification (adding interrupts): state ( pc , s , 1 ) attacker ( s ) → attacker ( s ′ ) ∧ state ( pc , s , 1 ) state ( pc + 1 , s ′ , 1 ) . and → Institut Mines-Télécom PROOFS 2015 23 3/10/2015

  27. Limitations and discussion Working with concrete types : No representation of numbers in ProVerif. Simple arithmetic operations increase complexity (ProVerif only allows constructors or reductions). Idea : interface ProVerif with theory solvers (bit vector, etc.). Working at binary level (shellcodes, ROP , etc.). Re-work the HW Description Language to enable finer-grained description of HW designs. Institut Mines-Télécom PROOFS 2015 24 3/10/2015

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

WP verification methodology and tools Paul Jackson School of Informatics University of Edinburgh

WP verification methodology and tools Paul Jackson School of Informatics University of Edinburgh

WP verification methodology and tools Paul Jackson School of Informatics University of Edinburgh Formal Verification Spring 2017 Levels of formal verification Checking freedom from run-time exceptions Dominant level for Spark tools

263 views • 8 slides
A unified approach to performance modelling and verification Stephen Gilmore and Le la Kloul

A unified approach to performance modelling and verification Stephen Gilmore and Le la Kloul

A unified approach to performance modelling and verification Stephen Gilmore and Le la Kloul Laboratory for Foundations of Computer Science The University of Edinburgh SAFECOMP, Sept 2003 Stephen Gilmore DEGAS project, LFCS, Edinburgh 1

761 views • 47 slides
APESS: A Unified Methodology for the Development and Review of Quantitative Deliverables Anthony

APESS: A Unified Methodology for the Development and Review of Quantitative Deliverables Anthony

Novartis Global Drug Development APESS: A Unified Methodology for the Development and Review of Quantitative Deliverables Anthony Rossini 1 , Anne Mounier 1 and Andy Richardson 2 Introduction 1. Quantitative Deliverables 2. Operating in

210 views • 17 slides
Flexible Software to Hardware migration methodology for FPGA design and verification. Matias

Flexible Software to Hardware migration methodology for FPGA design and verification. Matias

Flexible Software to Hardware migration methodology for FPGA design and verification. Matias Trapaglia 1 , Ricardo Cayssials 2,3 , Lorenzo De Pasquale 2 , Edgardo Ferro 3 1 CONICET, 2 UTN FRBB, Department of Electronics Engineering, 3

442 views • 27 slides
Unified Static and Runtime Verification of Object-Oriented Software Wolfgang Ahrendt 1 , Mauricio

Unified Static and Runtime Verification of Object-Oriented Software Wolfgang Ahrendt 1 , Mauricio

Unified Static and Runtime Verification of Object-Oriented Software Wolfgang Ahrendt 1 , Mauricio Chimento 1 , Gerardo Schneider 2 , Gordon J. Pace 3 1 Chalmers University of Technology, Gothenburg, Sweden 2 University of Gothenburg, Sweden 3

449 views • 32 slides
An Integrated Modeling, Synthesis and Verification Methodology Xiaojian Liu Greg Smith June

An Integrated Modeling, Synthesis and Verification Methodology Xiaojian Liu Greg Smith June

HLS Based HW and SW Co-Design of Complex IP Subsystems An Integrated Modeling, Synthesis and Verification Methodology Xiaojian Liu Greg Smith June 4th, 2013 David Hansen Jeff Wong Louie Lee PAGE 1 2 Author Page Xiaojian Liu,

469 views • 15 slides
UVVM - The fastest growing FPGA verification methodology world-wide! Workshop on Open Source

UVVM - The fastest growing FPGA verification methodology world-wide! Workshop on Open Source

UVVM - The fastest growing FPGA verification methodology world-wide! Workshop on Open Source Design Automation (OSDA) 2019 Please also see related conference paper: https://osda.gitlab.io/19/tallaksen.pdf www.bitvis.no Your partner for

1.3k views • 43 slides
UNIFIED PAYMENTS AT A GLANCE DEAR MERCHANT, WELCOME TO UNIFIED PAYMENTS! At Unified Payments,

UNIFIED PAYMENTS AT A GLANCE DEAR MERCHANT, WELCOME TO UNIFIED PAYMENTS! At Unified Payments,

UNIFIED PAYMENTS AT A GLANCE DEAR MERCHANT, WELCOME TO UNIFIED PAYMENTS! At Unified Payments, we strive to make our customers our #1 priority. Running a busi - ness is already complicated enough, we're here to make it easier for you so that

105 views • 9 slides
SPORTS! Unified Basketball Special Olympics U NIFIED B ASKETBALL Unified Basketball helps

SPORTS! Unified Basketball Special Olympics U NIFIED B ASKETBALL Unified Basketball helps

SPORTS! Unified Basketball Special Olympics U NIFIED B ASKETBALL Unified Basketball helps promote social interaction, and physical activity. It teaches leadership and teamwork. Unified Basketball teams are made up of Unified

352 views • 11 slides
Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records OVERVIEW 01 04 Scope of Verification Peggys Picks Types of verification, Verifying exam results or parameters, privacy graduation using databases

1.25k views • 81 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

The Center for Verification and Evaluation (CVE) Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive Support Services Agenda What is Re-Verification? o Simplified Reverification Program VIP

320 views • 21 slides
Survey Results Presentation for Ventura Unified School District by Isom Advisors, a Division of

Survey Results Presentation for Ventura Unified School District by Isom Advisors, a Division of

Survey Results Presentation for Ventura Unified School District by Isom Advisors, a Division of Urban Futures, Inc. August 2019 1470 Maria Lane, Ste. 315 - Walnut Creek, CA 94596 Methodology There are 71,063 registered voters in the District

414 views • 17 slides
A unifying methodology A Gentle Introduction to the EM Algorithm Dempster, Laird &amp; Rubin

A unifying methodology A Gentle Introduction to the EM Algorithm Dempster, Laird &amp; Rubin

A unifying methodology A Gentle Introduction to the EM Algorithm Dempster, Laird &amp; Rubin (1977) unified many strands of apparently unrelated work under the banner of The EM Algorithm Ted Pedersen EM had gone incognito for many

839 views • 4 slides
Verification &amp; Validation Verification is getting the system right : Verification and

Verification &amp; Validation Verification is getting the system right : Verification and

Verification &amp; Validation Verification is getting the system right : Verification and Validation Does the program you built do what you designed it to do? Dr. James A. Bednar Validation is getting the right system : jbednar@inf.ed.ac.uk

331 views • 8 slides
verification (MRV) under the Climate Change Convention Friends of the CBD Workshop 21-23 April

verification (MRV) under the Climate Change Convention Friends of the CBD Workshop 21-23 April

Overview of measurement, reporting and verification (MRV) under the Climate Change Convention Friends of the CBD Workshop 21-23 April 2016, Bogis-Bossey, Switzerland Xuehong Wang, Programme Officer, Review, Methodology and Training sub-programme,

417 views • 10 slides
The Dataverse Network: An Infrastructure for Data Sharing Gary King Institute for Quantitative

The Dataverse Network: An Infrastructure for Data Sharing Gary King Institute for Quantitative

The Dataverse Network: An Infrastructure for Data Sharing Gary King Institute for Quantitative Social Science Harvard University (8/14/08 talk at UseR! 2008, Technische Universit at, Dortmund, Germany) (8/14/08 talk at UseR! 2008

1.89k views • 151 slides
Introduction t to o AXI Custom om I IP Cristi tian Sister erna na Universidad

Introduction t to o AXI Custom om I IP Cristi tian Sister erna na Universidad

Introduction t to o AXI Custom om I IP Cristi tian Sister erna na Universidad Nacional San Juan Argentina ICTP AXI - Custom IP Agen enda Describe the AXI4 transactions Summarize the AXI4 valid/ready acknowledgment model

886 views • 84 slides
The ACCELERATE Trial Impact of the Cholesteryl Ester Transfer Protein Inhibitor Evacetrapib on

The ACCELERATE Trial Impact of the Cholesteryl Ester Transfer Protein Inhibitor Evacetrapib on

The ACCELERATE Trial Impact of the Cholesteryl Ester Transfer Protein Inhibitor Evacetrapib on Cardiovascular Outcome Stephen J Nicholls for the ACCELERATE investigators Disclosure Research support: AstraZeneca, Amgen, Anthera, Eli Lilly,

431 views • 11 slides
SCBench: A Benchmark Design Suite for SystemC Verification and Validation Bin Lin Department of

SCBench: A Benchmark Design Suite for SystemC Verification and Validation Bin Lin Department of

SCBench: A Benchmark Design Suite for SystemC Verification and Validation Bin Lin Department of Computer Science Portland State University 1 Agenda Background and Motivation Overview of Benchmark Designs Key Features of SCBench

528 views • 19 slides
Verilog for Testbenches Big picture: Two main Hardware Description Languages (HDL) out there

Verilog for Testbenches Big picture: Two main Hardware Description Languages (HDL) out there

Verilog for Testbenches Verilog for Testbenches Big picture: Two main Hardware Description Languages (HDL) out there VHDL Designed by committee on request of the DoD Based on Ada Verilog Designed by a company for their own

436 views • 18 slides
p4v Practical Verification for Programmable Data Planes Jed Liu Robert Soul Bill Hallahan

p4v Practical Verification for Programmable Data Planes Jed Liu Robert Soul Bill Hallahan

p4v Practical Verification for Programmable Data Planes Jed Liu Robert Soul Bill Hallahan Han Wang Cole Schlesinger Clin Cacaval Milad Sharif Nick McKeown Jeongkeun Lee Nate Foster Fixed-function routers... Fixed-function

725 views • 57 slides
One Patients Point of View DANNY VAN LEEUWEN Empowering people as they travel together

One Patients Point of View DANNY VAN LEEUWEN Empowering people as they travel together

2018 www.pccds-ln.org One Patients Point of View DANNY VAN LEEUWEN Empowering people as they travel together towards best health 2018 About Me An action catalyst empowering people traveling together toward best health, wears many hats in

472 views • 16 slides
Overview of the Patient Safety Component Objectives 1. Describe NHSN and its purposes 2. Define

Overview of the Patient Safety Component Objectives 1. Describe NHSN and its purposes 2. Define

Overview of the Patient Safety Component Objectives 1. Describe NHSN and its purposes 2. Define the authority and confidentiality protections for NHSN 3. Identify the requirements for participating in the Patient Safety Component 4. Describe

627 views • 46 slides

More recommend