Abstract
Constructing high-assurance, secure hardware remains a challenge, because to do so relies on both a verifiable means of hardware description and implementation. However, production hardware description languages (HDL) lack the formal underpinnings required by formal methods in security. Still, there is no such thing as high-assurance systems without high-assurance hardware. We present a core calculus of secure hardware description with its formal semantics, security type system, and mechanization in Coq. This calculus is the core of the functional HDL, ReWire, shown in previous work to have useful applications in reconfigurable computing. This work supports a full-fledged, formal methodology for producing high-assurance hardware.
- D. Andrews. 2015. Will the future success of reconfigurable computing require a paradigm shift in our research community’s thinking? Keynote address, Applied Reconfigurable Computing. Retrieved from http://hthreads.csce.uark.edu/mediawiki/images/d/d8/Arc-presentation.pdf.Google Scholar
- A. Azevedo de Amorim, N. Collins, A. DeHon, D. Demange, C. Hriţcu, D. Pichardie, B. Pierce, R. Pollack, and A. Tolmach. 2014. A verified information-flow architecture. In Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’14). 165--178. Google Scholar
Digital Library
- C. Baaij and J. Kuper. 2014. Using rewriting to synthesize functional languages to digital circuits. In Proceedings of the Symposium on Trends in Functional Programming (LNCS), Vol. 8322. 17--33. Google Scholar
Digital Library
- J. Bachrach, H. Vo, B. Richards, Y. Lee, A. Waterman, R. Avizienis, J. Wawrzynek, and K. Asanovic. 2012. Chisel: Constructing hardware in a Scala embedded language. In Proceedings of the Design Automation Conference (DAC’12). 1216--1225. Google Scholar
Digital Library
- D. Bacon, R. Rabbah, and S. Shukla. 2013. FPGA programming for the masses. Queue 11, 2, Article 40 (Feb. 2013). Google Scholar
Digital Library
- L. Baugh, N. Neelakantam, and C. Zilles. 2008. Using hardware memory protection to build a high-performance, strongly-atomic hybrid transactional memory. In Proceedings of the 35th Annual International Symposium on Computer Architecture (ISCA’08). 115--126. Google Scholar
Digital Library
- R. Bird and P. Wadler. 1988. Introduction to Functional Programming. Prentice Hall. Google Scholar
Digital Library
- P. Bjesse, K. Claessen, M. Sheeran, and S. Singh. 1998. Lava: Hardware design in Haskell. In Proceedings of the 3rd International Conference on Functional Programming (ICFP’98). 174--184. Google Scholar
Digital Library
- T. Braibant and A. Chlipala. 2013. Formal verification of hardware synthesis. In Proceedings of the International Conference on Computer Aided Verification (CAV’13). 213--228.Google Scholar
- G. Cabodi and M. Murciano. 2006. BDD-Based hardware verification. In Proceedings of the 6th International Conference on Formal Methods for the Design of Computer, Communication, and Software Systems (SFM’06). 78--107. Google Scholar
Digital Library
- J. Choi, M. Vijayaraghavan, B. Sherman, A. Chlipala, and Arvind. 2017. Kami: A platform for high-level parametric hardware specification and its modular verification. Proc. ACM Program. Lang. 1, ICFP, Article 24 (Aug. 2017). Google Scholar
Digital Library
- K. Claessen and J. Hughes. 2000. QuickCheck: A lightweight tool for random testing of Haskell programs. SIGPLAN Not. 35, 9 (Sep. 2000), 268--279. Google Scholar
Digital Library
- D. Cock, G. Klein, and T. Sewell. 2008. Secure microkernels, state monads and scalable refinement. In Proceedings of the International Conference on Theorem Proving in Higher Order Logics (TPHOLs’08). 167--182. Google Scholar
Digital Library
- Coq {n.d.}. The Coq Proof Assistant. Retrieved from https://coq.inria.fr.Google Scholar
- T. Coquand. 1994. Infinite Objects in Type Theory. Springer, Berlin, 62--78. Google Scholar
Digital Library
- K. Crary, A. Kliger, and F. Pfenning. 2005. A monadic analysis of information flow security with mutable state. J. Funct. Program. 15, 2 (Mar. 2005), 249--291. Google Scholar
Digital Library
- C. Doczkal and J. Schwinghammer. 2009. Formalizing a strong normalization proof for Moggi’s computational metalanguage: A case study in Isabelle/HOL-nominal. In Proceedings of the 4th International Workshop on Logical Frameworks and Meta-Languages: Theory and Practice (LFMTP’09). ACM, New York, NY, 57--63. Google Scholar
Digital Library
- Jean H. Gallier. 1990. On Girard’s “candidates de reducibilite.” In Logic and Computer Science. Academic Press, 123--204.Google Scholar
- P. Gammie. 2013. Synchronous digital circuits as functional programs. ACM Comput. Surv. 46, 2, Article 21 (Nov. 2013). Google Scholar
Digital Library
- N. George, H. Lee, D. Novo, T. Rompf, K. J. Brown, A. K. Sujeeth, M. Odersky, K. Olukotun, and P. Ienne. 2014. Hardware system synthesis from domain-specific languages. In Proceedings of the 24th International Conference on Field Programmable Logic and Applications (FPL’14). 1--8.Google Scholar
- D. Ghica and A. Jung. 2016. Categorical semantics of digital circuits. In Proceedings of the International Conference on Formal Methods in Computer-Aided Design (FMCAD’16). Google Scholar
Digital Library
- E. Giménez. 1995. Codifying Guarded Definitions with Recursive Schemes. Springer, Berlin, 39--59.Google Scholar
- J.-Y. Girard, Y. Lafont, and P. Taylor. 1989. Proofs and Types. Vol. 7. Cambridge University Press, Cambridge. Google Scholar
Digital Library
- J. A. Goguen and J. Meseguer. 1984. Unwinding and inference control. In Proceedings of the IEEE Symposium on Security and Privacy. 75--86.Google Scholar
- S. Goncharov and L. Schröder. 2011. A coinductive calculus for asynchronous side-effecting processes. In Proceedings of the 18th International Conference on Fundamentals of Computation Theory. 276--287. Google Scholar
Digital Library
- M. Gordon. 1995. The semantic challenge of Verilog HDL. In Proceedings of the 10th Annual IEEE Symposium on Logic in Computer Science (LICS’95). 136--145. Google Scholar
Digital Library
- I. Graves, W. Harrison, A. Procter, and G. Allwein. 2015. Provably correct development of reconfigurable hardware designs via equational reasoning. In Proceedings of the IEEE International Conference on Field-Programmable Technology (ICFPT’15). 160--171.Google Scholar
- I. Graves, A. Procter, W. Harrison, M. Becchi, and G. Allwein. 2015. Hardware synthesis from functional embedded domain-specific languages: A case study in regular expression compilation. In Proceedings of the Conference on Applied Reconfigurable Computing (LNCS), Vol. 9040. 41--52.Google Scholar
- W. Harrison. 2006. The essence of multitasking. In Algebraic Methodology and Software Technology. Springer, 158--172. Google Scholar
Digital Library
- W. Harrison and J. Hook. 2009. Achieving information flow security through monadic control of effects. J. Comput. Sci. 17, 5 (Oct. 2009), 599--653. Google Scholar
Digital Library
- W. Harrison, A. Procter, and G. Allwein. 2016. Model-driven design and synthesis of the SHA-256 cryptographic hash function in ReWire. In Proceedings of the 27th International Symposium on Rapid System Prototyping (RSP’16). 1--7. Google Scholar
Digital Library
- W. Harrison, A. Procter, I. Graves, M. Becchi, and G. Allwein. 2016. A programming model for reconfigurable computing based in functional concurrency. In Proceedings of the 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip.Google Scholar
- Bluespec Homepage. 2017. Retrieved from http://bluespec.com.Google Scholar
- B. Huffman. 2012. HOLCF’11: A Definitional Domain Theory for Verifying Functional Programs. Ph.D. Dissertation. Portland State University. Google Scholar
Digital Library
- T. Huffmire, C. Irvine, T. Nguyen, T. Levin, R. Kastner, and T. Sherwood. 2010. Handbook of FPGA Design Security. Springer. Google Scholar
Digital Library
- T. Huffmire, S. Prasad, T. Sherwood, and R. Kastner. 2006. Policy-driven memory protection for reconfigurable hardware. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’06). LNCS, Vol. 4189. 461--478. Google Scholar
Digital Library
- T. Huffmire, T. Sherwood, R. Kastner, and T. Levin. 2008. Enforcing memory policy specifications in reconfigurable hardware. Comput. Secur. 27, 5--6 (2008), 197--215. Google Scholar
Digital Library
- C. Kloos and P. Breuer (Eds.). 1995. Formal Semantics for VHDL. Kluwer Academic Publishers. Google Scholar
Digital Library
- H. Lee, K. Brown, A. Sujeeth, H. Chafi, T. Rompf, M. Odersky, and K. Olukotun. 2011. Implementing domain-specific languages for heterogeneous parallel computing. IEEE Micro 31, 5 (Sep. 2011), 42--53. Google Scholar
Digital Library
- X. Leroy. 2009. Formal verification of a realistic compiler. Commun. ACM 52, 7 (July 2009), 107--115. Google Scholar
Digital Library
- X. Li, V. Kashyap, J. Oberg, M. Tiwari, V. R. Rajarathinam, R. Kastner, T. Sherwood, B. Hardekopf, and F. Chong. 2014. Sapper: A language for hardware-level security policy enforcement. In Proceedings of the ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’14). Google Scholar
Digital Library
- X. Li, M. Tiwari, J. Oberg, V. Kashyap, F. Chong, T. Sherwood, and B. Hardekopf. 2011. Caisson: A hardware description language for secure information flow. In Proceedings of the Programming Language Design and Implementation Conference (PLDI’11). 109--120. Google Scholar
Digital Library
- S. Liang, P. Hudak, and M. Jones. 1995. Monad transformers and modular interpreters. In Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’95). 333--343. Google Scholar
Digital Library
- A. Megacz. 2012. Hardware design with generalized arrows. In Proceedings of the 23rd International Conference on Implementation and Application of Functional Languages (IFL’11). Springer-Verlag, Berlin, 164--180. Google Scholar
Digital Library
- T. Melham. 1993. Higher Order Logic and Hardware Verification. Cambridge Tracts in Theoretical Computer Science, Vol. 31. Cambridge University Press. Google Scholar
Digital Library
- J. Mitchell. 1996. Foundations for Programming Languages. MIT Press Cambridge. Google Scholar
Digital Library
- E. Moggi. 1990. An Abstract View of Programming Languages. Technical Report ECS-LFCS-90-113. Department of Computer Science, Edinburgh University.Google Scholar
- E. Moggi. 1991. Notions of computation and monads. Info. Comput. 93, 1 (July 1991), 55--92. Google Scholar
Digital Library
- A. Myers. 2017. personal communication.Google Scholar
- A. Nanevski, G. Morrisett, A. Shinnar, P. Govereau, and L. Birkedal. 2008. Ynot: Dependent types for imperative programs. In Proceedings of the International Conference on Functional Programming (ICFP’08). 229--240. Google Scholar
Digital Library
- F. Nielson, H. Nielson, and C. Hankin. 1999. Principles of Program Analysis. Google Scholar
Digital Library
- R. S. Nikhil and Arvind. 2009. What is bluespec? SIGDA Newslett. 39, 1 (Jan. 2009), 1--1. Google Scholar
Digital Library
- S. Ouchani, O. A. Mohamed, and M. Debbabi. 2013. A formal verification framework for bluespec system verilog. In Proceedings of the Forum on Specification and Design Languages (FDL’13). 1--7.Google Scholar
- S. Peyton Jones (Ed.). 2003. Haskell 98 Language and Libraries, the Revised Report. Cambridge University Press.Google Scholar
- B. C. Pierce, C. Casinghino, M. Gaboardi, M. Greenberg, C. Hriţcu, V. Sjoberg, and B. Yorgey. 2015. Software Foundations. Electronic textbook.Google Scholar
- A. Procter. 2014. Semantics-Driven Design and Implementation of High-assurance Hardware. Ph.D. Dissertation. University of Missouri, 2014. Department of Computer Science.Google Scholar
- A. Procter, W. Harrison, I. Graves, M. Becchi, and G. Allwein. 2015. Semantics driven hardware design, implementation, and verification with ReWire. In Proceedings of the ACM SIGPLAN/SIGBED Conference on Languages, Compilers, Tools and Theory for Embedded Systems (LCTES’15). Google Scholar
Digital Library
- A. Procter, W. Harrison, I. Graves, M. Becchi, and G. Allwein. 2017. A principled approach to secure multi-core processor design with ReWire. ACM Trans. Embed. Comput. Syst. 16, 2, Article 33 (Feb. 2017), 33:1--33:25. Google Scholar
Digital Library
- Code repository for MEMOCODE. 2017. Retrieved from https://goo.gl/FYf6xU.Google Scholar
- D. Richards and D. Lester. 2011. A monadic approach to automated reasoning for bluespec systemverilog. Innovat. Syst. Softw. Eng. 7, 2 (Mar. 2011), 85. Google Scholar
Digital Library
- A. Sabelfeld and A. Myers. 2003. Language-based information-flow security. IEEE J. Sel. Areas Commun. 21, 1 (Jan. 2003). Google Scholar
Digital Library
- I. Sander and A. Jantsch. 2004. System modeling and transformational design refinement in ForSyDe. IEEE Trans. Comput.-Aided Design Integr. Circ. Syst. 23, 1 (2004), 17--32. Google Scholar
Digital Library
- I. Sander and A. Jantsch. 2008. Modelling adaptive systems in ForSyDe. Electron. Notes Theoret. Comput. Sci. 200, 2 (2008), 39--54. Google Scholar
Digital Library
- D. Sangiorgi. 2009. On the origins of bisimulation and coinduction. ACM Trans. Program. Lang. Syst. 31, 4 (May 2009), 15:1--15:41. Google Scholar
Digital Library
- L. Schröder and T. Mossakowski. 2009. HasCasl: Integrated higher-order specification and program development. Theoret. Comput. Sci. 410, 12 (2009), 1217--1260. Google Scholar
Digital Library
- M. Sheeran. 1984. muFP, a language for VLSI design. In Proceedings of the 1984 ACM Symposium on LISP and Functional Programming (LFP’84). ACM, New York, NY, 104--112. Google Scholar
Digital Library
- G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. 2004. Secure program execution via dynamic information flow tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’04). ACM, New York, NY, 85--96. Google Scholar
Digital Library
- W. Swierstra. 2009. A hoare logic for the state monad. In Proceedings of the International Conference on Theorem Proving in Higher Order Logics (TPHOLs’09). 440--451. Google Scholar
Digital Library
- W. W. Tait. 1967. Intensional interpretations of functionals of finite type I. J. Symbol. Logic 32, 2 (1967), 198--212.Google Scholar
Cross Ref
- W. W. Tait. 1975. A realizability interpretation of the theory of species. In Logic Colloquium (Lectures Notes in Mathematics), R. Parikh (Ed.), Vol. 453. Springer-Verlag, Boston, 240--251.Google Scholar
- M. Tehranipoor and C. Wang. 2011. Introduction to Hardware Security and Trust. Springer Publishing Company, Incorporated. Google Scholar
Digital Library
- M. Tiwari, Xun Li, H. M. G. Wassel, F. T. Chong, and T. Sherwood. 2009. Execution leases: A hardware-supported mechanism for enforcing strong non-interference. In Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO’09). 493--504. Google Scholar
Digital Library
- M. Tiwari, J. K. Oberg, X. Li, J. Valamehr, T. Levin, B. Hardekopf, R. Kastner, F. T. Chong, and T. Sherwood. 2011. Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security. In Proceedings of the 38th Annual International Symposium on Computer Architecture (ISCA’11). 189--200. Google Scholar
Digital Library
- M. Tiwari, H. M. G. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood. 2009. Complete information flow tracking from the gates up. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’09). ACM, New York, NY, 109--120. Google Scholar
Digital Library
- M. Tiwari, H. M. G. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood. 2009. Complete information flow tracking from the gates up. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’09). ACM, New York, NY, 109--120. Google Scholar
Digital Library
- S. M. Trimberger and J. J. Moore. 2014. FPGA security: Motivations, features, and applications. Proc. IEEE 102, 8 (Aug 2014), 1248--1265.Google Scholar
Cross Ref
- D. Volpano, C. Irvine, and G. Smith. 1996. A sound type system for secure flow analysis. J. Comput. Secur. 4, 2--3 (Jan. 1996), 167--187. Retrieved from http://dl.acm.org/citation.cfm?id=353629.353648. Google Scholar
Digital Library
- VST {n. d.}. Verified Software Toolchain. Retrieved from http://vst.cs.princeton.edu.Google Scholar
- A. Procter, W. Harrison, and G. Allwein. 2012. The confinement problem in the presence of faults. In Proceedings of the International Conference on Formal Engineering Methods (ICFEM’12). 182--197. Google Scholar
Digital Library
- P. Wadler. 1998. The marriage of effects and monads. In Proceedings of the International Conference on Functional Programming (ICFP’98). 63--74. Google Scholar
Digital Library
- N. Zeldovich, H. Kannan, M. Dalton, and C. Kozyrakis. 2008. Hardware enforcement of application security policies using tagged memory. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI’08). USENIX Association, Berkeley, CA, 225--240. Retrieved from http://dl.acm.org/citation.cfm?id=1855741.1855757. Google Scholar
Digital Library
- K. Zhai, R. Townsend, L. Lairmore, M. A. Kim, and S. A. Edwards. 2015. Hardware synthesis from a recursive functional language. In Proceedings of the 10th International Conference on Hardware/Software Codesign and System Synthesis (CODES’15). IEEE Press, Piscataway, NJ, 83--93. Retrieved from http://dl.acm.org/citation.cfm?id=2830840.2830850. Google Scholar
Digital Library
- D. Zhang, Y. Wang, G. E. Suh, and A. Myers. 2014. A Hardware Design Language for Efficient Control of Timing Channels. Technical Report 2014-04-10. Department of Computer Science, Cornell University. Extended version of the authors’ ASPLOS’15 paper.Google Scholar
Index Terms
The Mechanized Marriage of Effects and Monads with Applications to High-assurance Hardware
Recommendations
A core calculus for secure hardware: its formal semantics and proof system
MEMOCODE '17: Proceedings of the 15th ACM-IEEE International Conference on Formal Methods and Models for System DesignConstructing high assurance, secure hardware remains a challenge, because to do so relies on both a verifiable means of hardware description and implementation. However, production hardware description languages (HDL) lack the formal underpinnings ...
Mechanized Certification of Secure Hardware Designs
MTV '07: Proceedings of the 2007 Eighth International Workshop on Microprocessor Test and VerificationWe develop a framework for mechanized certification of secure hardware systems built out of commercial off-the-shelf (COTS) components purchased from untrusted vendors. Certification requires a guarantee that the fabricated system satisfies the ...
Increasing hardware efficiency with multifunction loop accelerators
CODES+ISSS '06: Proceedings of the 4th international conference on Hardware/software codesign and system synthesisTo meet the conflicting goals of high-performance low-cost embedded systems, critical application loop nests are commonly executed on specialized hardware accelerators. These loop accelerators are traditionally designed in a single-function manner, ...






Comments