Relational Models of Microarchitectures for Formal Security Analyses

12/20/2021
by   Nicholas Mosier, et al.
0

There is a growing need for hardware-software contracts which precisely define the implications of microarchitecture on software security-i.e., security contracts. It is our view that such contracts should explicitly account for microarchitecture-level implementation details that underpin hardware leakage, thereby establishing a direct correspondence between a contract and the microarchitecture it represents. At the same time, these contracts should remain as abstract as possible so as to support efficient formal analyses. With these goals in mind, we propose leakage containment models (LCMs)-novel axiomatic security contracts which support formally reasoning about the security guarantees of programs when they run on particular microarchitectures. Our core contribution is an axiomatic vocabulary for formally defining LCMs, derived from the established axiomatic vocabulary used to formalize processor memory consistency models. Using this vocabulary, we formalize microarchitectural leakage-focusing on leakage through hardware memory systems-so that it can be automatically detected in programs. To illustrate the efficacy of LCMs, we present two case studies. First, we demonstrate that our leakage definition faithfully captures a sampling of (transient and non-transient) microarchitectural attacks from the literature. Second, we develop a static analysis tool based on LCMs which automatically identifies Spectre vulnerabilities in programs and scales to analyze realistic-sized codebases, like libsodium.

READ FULL TEXT
research
05/11/2023

Specification and Verification of Side-channel Security for Open-source Processors via Leakage Contracts

Leakage contracts have recently been proposed as a new security abstract...
research
06/08/2023

Formalizing, Verifying and Applying ISA Security Guarantees as Universal Contracts

Progress has recently been made on specifying instruction set architectu...
research
07/18/2023

CONTRACTFIX: A Framework for Automatically Fixing Vulnerabilities in Smart Contracts

The increased adoption of smart contracts in many industries has made th...
research
09/09/2021

Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts

We introduce the Clockwork Finance Framework (CFF), a general purpose, f...
research
07/16/2021

SMLtoCoq: Automated Generation of Coq Specifications and Proof Obligations from SML Programs with Contracts

Formally reasoning about functional programs is supposed to be straightf...
research
08/09/2022

STELLA: Sparse Taint Analysis for Enclave Leakage Detection

Intel SGX (Software Guard Extension) is a promising TEE (trusted executi...
research
08/06/2013

Intensional view of General Single Processor Operating Systems

Operating systems are currently viewed ostensively. As a result they mea...

Please sign up or login with your details

Forgot password? Click here to reset