skip to main content
research-article
Public Access

Identifying Security Critical Properties for the Dynamic Verification of a Processor

Authors Info & Claims
Published:04 April 2017Publication History
Skip Abstract Section

Abstract

We present a methodology for identifying security critical properties for use in the dynamic verification of a processor. Such verification has been shown to be an effective way to prevent exploits of vulnerabilities in the processor, given a meaningful set of security properties. We use known processor errata to establish an initial set of security-critical invariants of the processor. We then use machine learning to infer an additional set of invariants that are not tied to any particular, known vulnerability, yet are critical to security.

We build a tool chain implementing the approach and evaluate it for the open-source OR1200 RISC processor. We find that our tool can identify 19 (86.4%) of the 22 manually crafted security-critical properties from prior work and generates 3 new security properties not covered in prior work.

References

  1. Intel pentium processor statistical analysis of floating point flaw. Intel White Paper, July 2004.Google ScholarGoogle Scholar
  2. Revision Guide for AMD Family 16h Models 00h-0Fh Processors. Product Revision, 2013.Google ScholarGoogle Scholar
  3. Intel Core i7--600, i5--500, i5--400 and i3--300 Mobile Processor Series. Specification Update, 2014.Google ScholarGoogle Scholar
  4. M. Abramovici and P. Bradley. Integrated circuit security: New threats and solutions. In Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, CSIIRW '09, pages 55:1--55:3, New York, NY, USA, 2009. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. A. V. Aho, M. S. Lam, R. Sethi, and J. D. Ullman. Compilers: Principles, Techniques, and Tools (2nd Edition). Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2006.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. F. E. Allen. Program optimization. In Annual Review in Automatic Programming, vol. 5, pages 239--307, 1969.Google ScholarGoogle Scholar
  7. D. Athow. Pentium FDIV: The processor bug that shook the world. techradar.pro, October 2014.Google ScholarGoogle Scholar
  8. T. M. Austin. DIVA: A reliable substrate for deep submicron microarchitecture design. In Microarchitecture, 1999. MICRO-32. Proceedings. 32nd Annual International Symposium on, pages 196--207, 1999. Google ScholarGoogle ScholarCross RefCross Ref
  9. A. A. Bayazit and S. Malik. Complementary use of runtime validation and model checking. In Proceedings of the 2005 IEEE/ACM International Conference on Computer-aided Design, ICCAD '05, pages 1052--1059, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarGoogle ScholarCross RefCross Ref
  10. M. Bilzor, T. Huffmire, C. Irvine, and T. Levin. Security checkers: Detecting processor malicious inclusions at runtime. In Hardware-Oriented Security and Trust (HOST), 2011 IEEE International Symposium on, pages 34--39, June 2011.Google ScholarGoogle ScholarCross RefCross Ref
  11. M. Bilzor, T. Huffmire, C. Irvine, and T. Levin. Evaluating security requirements in a general-purpose processor by combining assertion checkers with code coverage. In Hardware-Oriented Security and Trust (HOST), 2012 IEEE International Symposium on, pages 49--54. IEEE, 2012. Google ScholarGoogle ScholarCross RefCross Ref
  12. P.-H. Chang and L. C. Wang. Automatic assertion extraction via sequential data mining of simulation traces. In Design Automation Conference (ASP-DAC), 2010 15th Asia and South Pacific, pages 607--612. IEEE, 2010. Google ScholarGoogle ScholarCross RefCross Ref
  13. K. Constantinides and T. Austin. Using introspective software-based testing for post-silicon debug and repair. In Design Automation Conference (DAC), 2010 47th ACM/IEEE, pages 537--542, June 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. K. Constantinides, O. Mutlu, T. Austin, and V. Bertacco. Software-based online detection of hardware defects mechanisms, architectural support, and evaluation. In 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007), pages 97--108, Dec 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. T. de Raadt. Intel Core 2. OpenBSD-misc mailing list, June 2007. http://marc.info/?l-openbsd-isc&m=118296441702631;.Google ScholarGoogle Scholar
  16. M. D. Ernst, J. H. Perkins, P. J. Guo, S. McCamant, C. Pacheco, M. S. Tschantz, and C. Xiao. The Daikon system for dynamic detection of likely invariants. Sci. Comput. Program., 69 (1--3): 35--45, Dec. 2007.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. H. Foster, A. Krolnik, and D. Lacey. Assertion-Based Design. Springer US, 2005. Google ScholarGoogle ScholarCross RefCross Ref
  18. J. Friedman, T. Hastie, and R. Tibshirani. glmnet: Lasso and elastic-net regularized generalized linear models. R package version, 1, 2009.Google ScholarGoogle Scholar
  19. S. Hangal, S. Narayanan, N. Chandra, and S. Chakravorty. IODINE: A tool to automatically infer dynamic invariants for hardware designs. In Proceedings of 42nd Design Automation Conference. IEEE, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. L. C. Heller and M. S. Farrell. Millicode in an IBM zSeries processor. IBM Journal of Research and Development, 48 (3.4): 425--434, May 2004.Google ScholarGoogle Scholar
  21. S. Hertz, D. Sheridan, and S. Vasudevan. Mining hardware assertions with guidance from static analysis. Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on, 32 (6): 952--965, 2013.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. M. Hicks, C. Sturton, S. T. King, and J. M. Smith. SPECS: A lightweight runtime mechanism for protecting software from security-critical processor bugs. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '15, pages 517--529, Istanbul, Turkey, 2015. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. D. Lampret. OpenRISC 1200 IP core specification, 2001.Google ScholarGoogle Scholar
  24. S. Ma and J. Huang. Penalized feature selection and classification in bioinformatics. Briefings in bioinformatics, 9 (5): 392--403, 2008. Google ScholarGoogle ScholarCross RefCross Ref
  25. A. Meixner and D. J. Sorin. Detouring: Translating software to circumvent hard faults in simple cores. In 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN), pages 80--89, June 2008. Google ScholarGoogle ScholarCross RefCross Ref
  26. C. Min, S. Kashyap, B. Lee, C. Song, and T. Kim. Cross-checking semantic correctness: The case of finding file system bugs. In Proceedings of the 25th Symposium on Operating Systems Principles, SOSP '15, pages 361--377, New York, NY, USA, 2015. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. S. Narayanasamy, B. Carneal, and B. Calder. Patching processor design errors. In 2006 International Conference on Computer Design, pages 491--498, Oct 2006. Google ScholarGoogle ScholarCross RefCross Ref
  28. J. H. Perkins, S. Kim, S. Larsen, S. Amarasinghe, J. Bachrach, M. Carbin, C. Pacheco, F. Sherwood, S. Sidiroglou, G. Sullivan, W.-F. Wong, Y. Zibin, M. D. Ernst, and M. Rinard. Automatically patching errors in deployed software. In Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles, SOSP '09, pages 87--102, New York, NY, USA, 2009. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. S. Sarangi, S. Narayanasamy, B. Carneal, A. Tiwari, B. Calder, and J. Torrellas. Patching processor design errors with programmable hardware. IEEE Micro, 27 (1): 12--25, Jan. 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. S. R. Sarangi, A. Tiwari, and J. Torrellas. Phoenix: Detecting and recovering from permanent processor design bugs with programmable hardware. In Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 39, pages 26--37, Washington, DC, USA, 2006. IEEE Computer Society.Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. L. Tan, X. Zhang, X. Ma, W. Xiong, and Y. Zhou. AutoISES: Automatically inferring security specifications and detecting violations. In Proceedings of the 17th Conference on Security Symposium, SS'08, pages 379--394, Berkeley, CA, USA, 2008. USENIX Association.Google ScholarGoogle Scholar
  32. S. G. Tucker. Microprogram control for System/360. IBM Systems Journal, 6 (4): 222--241, 1967. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. F. Yamaguchi, F. Lindner, and K. Rieck. Vulnerability extrapolation: Assisted discovery of vulnerabilities using machine learning. In Proceedings of the 5th USENIX Conference on Offensive Technologies, WOOT'11, pages 13--13, Berkeley, CA, USA, 2011. USENIX Association.Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. H. Zou and T. Hastie. Regularization and variable selection via the elastic net. Journal of the Royal Statistical Society: Series B (Statistical Methodology), 67 (2): 301--320, 2005. Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. Identifying Security Critical Properties for the Dynamic Verification of a Processor

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image ACM SIGPLAN Notices
            ACM SIGPLAN Notices  Volume 52, Issue 4
            ASPLOS '17
            April 2017
            811 pages
            ISSN:0362-1340
            EISSN:1558-1160
            DOI:10.1145/3093336
            Issue’s Table of Contents
            • cover image ACM Conferences
              ASPLOS '17: Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems
              April 2017
              856 pages
              ISBN:9781450344654
              DOI:10.1145/3037697

            Copyright © 2017 ACM

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 4 April 2017

            Check for updates

            Qualifiers

            • research-article

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!