skip to main content
research-article

The Mechanized Marriage of Effects and Monads with Applications to High-assurance Hardware

Published:08 January 2019Publication History
Skip Abstract Section

Abstract

Constructing high-assurance, secure hardware remains a challenge, because to do so relies on both a verifiable means of hardware description and implementation. However, production hardware description languages (HDL) lack the formal underpinnings required by formal methods in security. Still, there is no such thing as high-assurance systems without high-assurance hardware. We present a core calculus of secure hardware description with its formal semantics, security type system, and mechanization in Coq. This calculus is the core of the functional HDL, ReWire, shown in previous work to have useful applications in reconfigurable computing. This work supports a full-fledged, formal methodology for producing high-assurance hardware.

References

  1. D. Andrews. 2015. Will the future success of reconfigurable computing require a paradigm shift in our research community’s thinking? Keynote address, Applied Reconfigurable Computing. Retrieved from http://hthreads.csce.uark.edu/mediawiki/images/d/d8/Arc-presentation.pdf.Google ScholarGoogle Scholar
  2. A. Azevedo de Amorim, N. Collins, A. DeHon, D. Demange, C. Hriţcu, D. Pichardie, B. Pierce, R. Pollack, and A. Tolmach. 2014. A verified information-flow architecture. In Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’14). 165--178. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. C. Baaij and J. Kuper. 2014. Using rewriting to synthesize functional languages to digital circuits. In Proceedings of the Symposium on Trends in Functional Programming (LNCS), Vol. 8322. 17--33. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. J. Bachrach, H. Vo, B. Richards, Y. Lee, A. Waterman, R. Avizienis, J. Wawrzynek, and K. Asanovic. 2012. Chisel: Constructing hardware in a Scala embedded language. In Proceedings of the Design Automation Conference (DAC’12). 1216--1225. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. D. Bacon, R. Rabbah, and S. Shukla. 2013. FPGA programming for the masses. Queue 11, 2, Article 40 (Feb. 2013). Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. L. Baugh, N. Neelakantam, and C. Zilles. 2008. Using hardware memory protection to build a high-performance, strongly-atomic hybrid transactional memory. In Proceedings of the 35th Annual International Symposium on Computer Architecture (ISCA’08). 115--126. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. R. Bird and P. Wadler. 1988. Introduction to Functional Programming. Prentice Hall. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. P. Bjesse, K. Claessen, M. Sheeran, and S. Singh. 1998. Lava: Hardware design in Haskell. In Proceedings of the 3rd International Conference on Functional Programming (ICFP’98). 174--184. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. T. Braibant and A. Chlipala. 2013. Formal verification of hardware synthesis. In Proceedings of the International Conference on Computer Aided Verification (CAV’13). 213--228.Google ScholarGoogle Scholar
  10. G. Cabodi and M. Murciano. 2006. BDD-Based hardware verification. In Proceedings of the 6th International Conference on Formal Methods for the Design of Computer, Communication, and Software Systems (SFM’06). 78--107. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. J. Choi, M. Vijayaraghavan, B. Sherman, A. Chlipala, and Arvind. 2017. Kami: A platform for high-level parametric hardware specification and its modular verification. Proc. ACM Program. Lang. 1, ICFP, Article 24 (Aug. 2017). Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. K. Claessen and J. Hughes. 2000. QuickCheck: A lightweight tool for random testing of Haskell programs. SIGPLAN Not. 35, 9 (Sep. 2000), 268--279. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. D. Cock, G. Klein, and T. Sewell. 2008. Secure microkernels, state monads and scalable refinement. In Proceedings of the International Conference on Theorem Proving in Higher Order Logics (TPHOLs’08). 167--182. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Coq {n.d.}. The Coq Proof Assistant. Retrieved from https://coq.inria.fr.Google ScholarGoogle Scholar
  15. T. Coquand. 1994. Infinite Objects in Type Theory. Springer, Berlin, 62--78. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. K. Crary, A. Kliger, and F. Pfenning. 2005. A monadic analysis of information flow security with mutable state. J. Funct. Program. 15, 2 (Mar. 2005), 249--291. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. C. Doczkal and J. Schwinghammer. 2009. Formalizing a strong normalization proof for Moggi’s computational metalanguage: A case study in Isabelle/HOL-nominal. In Proceedings of the 4th International Workshop on Logical Frameworks and Meta-Languages: Theory and Practice (LFMTP’09). ACM, New York, NY, 57--63. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Jean H. Gallier. 1990. On Girard’s “candidates de reducibilite.” In Logic and Computer Science. Academic Press, 123--204.Google ScholarGoogle Scholar
  19. P. Gammie. 2013. Synchronous digital circuits as functional programs. ACM Comput. Surv. 46, 2, Article 21 (Nov. 2013). Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. N. George, H. Lee, D. Novo, T. Rompf, K. J. Brown, A. K. Sujeeth, M. Odersky, K. Olukotun, and P. Ienne. 2014. Hardware system synthesis from domain-specific languages. In Proceedings of the 24th International Conference on Field Programmable Logic and Applications (FPL’14). 1--8.Google ScholarGoogle Scholar
  21. D. Ghica and A. Jung. 2016. Categorical semantics of digital circuits. In Proceedings of the International Conference on Formal Methods in Computer-Aided Design (FMCAD’16). Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. E. Giménez. 1995. Codifying Guarded Definitions with Recursive Schemes. Springer, Berlin, 39--59.Google ScholarGoogle Scholar
  23. J.-Y. Girard, Y. Lafont, and P. Taylor. 1989. Proofs and Types. Vol. 7. Cambridge University Press, Cambridge. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. J. A. Goguen and J. Meseguer. 1984. Unwinding and inference control. In Proceedings of the IEEE Symposium on Security and Privacy. 75--86.Google ScholarGoogle Scholar
  25. S. Goncharov and L. Schröder. 2011. A coinductive calculus for asynchronous side-effecting processes. In Proceedings of the 18th International Conference on Fundamentals of Computation Theory. 276--287. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. M. Gordon. 1995. The semantic challenge of Verilog HDL. In Proceedings of the 10th Annual IEEE Symposium on Logic in Computer Science (LICS’95). 136--145. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. I. Graves, W. Harrison, A. Procter, and G. Allwein. 2015. Provably correct development of reconfigurable hardware designs via equational reasoning. In Proceedings of the IEEE International Conference on Field-Programmable Technology (ICFPT’15). 160--171.Google ScholarGoogle Scholar
  28. I. Graves, A. Procter, W. Harrison, M. Becchi, and G. Allwein. 2015. Hardware synthesis from functional embedded domain-specific languages: A case study in regular expression compilation. In Proceedings of the Conference on Applied Reconfigurable Computing (LNCS), Vol. 9040. 41--52.Google ScholarGoogle Scholar
  29. W. Harrison. 2006. The essence of multitasking. In Algebraic Methodology and Software Technology. Springer, 158--172. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. W. Harrison and J. Hook. 2009. Achieving information flow security through monadic control of effects. J. Comput. Sci. 17, 5 (Oct. 2009), 599--653. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. W. Harrison, A. Procter, and G. Allwein. 2016. Model-driven design and synthesis of the SHA-256 cryptographic hash function in ReWire. In Proceedings of the 27th International Symposium on Rapid System Prototyping (RSP’16). 1--7. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. W. Harrison, A. Procter, I. Graves, M. Becchi, and G. Allwein. 2016. A programming model for reconfigurable computing based in functional concurrency. In Proceedings of the 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip.Google ScholarGoogle Scholar
  33. Bluespec Homepage. 2017. Retrieved from http://bluespec.com.Google ScholarGoogle Scholar
  34. B. Huffman. 2012. HOLCF’11: A Definitional Domain Theory for Verifying Functional Programs. Ph.D. Dissertation. Portland State University. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. T. Huffmire, C. Irvine, T. Nguyen, T. Levin, R. Kastner, and T. Sherwood. 2010. Handbook of FPGA Design Security. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. T. Huffmire, S. Prasad, T. Sherwood, and R. Kastner. 2006. Policy-driven memory protection for reconfigurable hardware. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’06). LNCS, Vol. 4189. 461--478. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. T. Huffmire, T. Sherwood, R. Kastner, and T. Levin. 2008. Enforcing memory policy specifications in reconfigurable hardware. Comput. Secur. 27, 5--6 (2008), 197--215. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. C. Kloos and P. Breuer (Eds.). 1995. Formal Semantics for VHDL. Kluwer Academic Publishers. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. H. Lee, K. Brown, A. Sujeeth, H. Chafi, T. Rompf, M. Odersky, and K. Olukotun. 2011. Implementing domain-specific languages for heterogeneous parallel computing. IEEE Micro 31, 5 (Sep. 2011), 42--53. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. X. Leroy. 2009. Formal verification of a realistic compiler. Commun. ACM 52, 7 (July 2009), 107--115. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. X. Li, V. Kashyap, J. Oberg, M. Tiwari, V. R. Rajarathinam, R. Kastner, T. Sherwood, B. Hardekopf, and F. Chong. 2014. Sapper: A language for hardware-level security policy enforcement. In Proceedings of the ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’14). Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. X. Li, M. Tiwari, J. Oberg, V. Kashyap, F. Chong, T. Sherwood, and B. Hardekopf. 2011. Caisson: A hardware description language for secure information flow. In Proceedings of the Programming Language Design and Implementation Conference (PLDI’11). 109--120. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. S. Liang, P. Hudak, and M. Jones. 1995. Monad transformers and modular interpreters. In Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’95). 333--343. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. A. Megacz. 2012. Hardware design with generalized arrows. In Proceedings of the 23rd International Conference on Implementation and Application of Functional Languages (IFL’11). Springer-Verlag, Berlin, 164--180. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. T. Melham. 1993. Higher Order Logic and Hardware Verification. Cambridge Tracts in Theoretical Computer Science, Vol. 31. Cambridge University Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. J. Mitchell. 1996. Foundations for Programming Languages. MIT Press Cambridge. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. E. Moggi. 1990. An Abstract View of Programming Languages. Technical Report ECS-LFCS-90-113. Department of Computer Science, Edinburgh University.Google ScholarGoogle Scholar
  48. E. Moggi. 1991. Notions of computation and monads. Info. Comput. 93, 1 (July 1991), 55--92. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. A. Myers. 2017. personal communication.Google ScholarGoogle Scholar
  50. A. Nanevski, G. Morrisett, A. Shinnar, P. Govereau, and L. Birkedal. 2008. Ynot: Dependent types for imperative programs. In Proceedings of the International Conference on Functional Programming (ICFP’08). 229--240. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. F. Nielson, H. Nielson, and C. Hankin. 1999. Principles of Program Analysis. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. R. S. Nikhil and Arvind. 2009. What is bluespec? SIGDA Newslett. 39, 1 (Jan. 2009), 1--1. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. S. Ouchani, O. A. Mohamed, and M. Debbabi. 2013. A formal verification framework for bluespec system verilog. In Proceedings of the Forum on Specification and Design Languages (FDL’13). 1--7.Google ScholarGoogle Scholar
  54. S. Peyton Jones (Ed.). 2003. Haskell 98 Language and Libraries, the Revised Report. Cambridge University Press.Google ScholarGoogle Scholar
  55. B. C. Pierce, C. Casinghino, M. Gaboardi, M. Greenberg, C. Hriţcu, V. Sjoberg, and B. Yorgey. 2015. Software Foundations. Electronic textbook.Google ScholarGoogle Scholar
  56. A. Procter. 2014. Semantics-Driven Design and Implementation of High-assurance Hardware. Ph.D. Dissertation. University of Missouri, 2014. Department of Computer Science.Google ScholarGoogle Scholar
  57. A. Procter, W. Harrison, I. Graves, M. Becchi, and G. Allwein. 2015. Semantics driven hardware design, implementation, and verification with ReWire. In Proceedings of the ACM SIGPLAN/SIGBED Conference on Languages, Compilers, Tools and Theory for Embedded Systems (LCTES’15). Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. A. Procter, W. Harrison, I. Graves, M. Becchi, and G. Allwein. 2017. A principled approach to secure multi-core processor design with ReWire. ACM Trans. Embed. Comput. Syst. 16, 2, Article 33 (Feb. 2017), 33:1--33:25. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Code repository for MEMOCODE. 2017. Retrieved from https://goo.gl/FYf6xU.Google ScholarGoogle Scholar
  60. D. Richards and D. Lester. 2011. A monadic approach to automated reasoning for bluespec systemverilog. Innovat. Syst. Softw. Eng. 7, 2 (Mar. 2011), 85. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. A. Sabelfeld and A. Myers. 2003. Language-based information-flow security. IEEE J. Sel. Areas Commun. 21, 1 (Jan. 2003). Google ScholarGoogle ScholarDigital LibraryDigital Library
  62. I. Sander and A. Jantsch. 2004. System modeling and transformational design refinement in ForSyDe. IEEE Trans. Comput.-Aided Design Integr. Circ. Syst. 23, 1 (2004), 17--32. Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. I. Sander and A. Jantsch. 2008. Modelling adaptive systems in ForSyDe. Electron. Notes Theoret. Comput. Sci. 200, 2 (2008), 39--54. Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. D. Sangiorgi. 2009. On the origins of bisimulation and coinduction. ACM Trans. Program. Lang. Syst. 31, 4 (May 2009), 15:1--15:41. Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. L. Schröder and T. Mossakowski. 2009. HasCasl: Integrated higher-order specification and program development. Theoret. Comput. Sci. 410, 12 (2009), 1217--1260. Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. M. Sheeran. 1984. muFP, a language for VLSI design. In Proceedings of the 1984 ACM Symposium on LISP and Functional Programming (LFP’84). ACM, New York, NY, 104--112. Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. 2004. Secure program execution via dynamic information flow tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’04). ACM, New York, NY, 85--96. Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. W. Swierstra. 2009. A hoare logic for the state monad. In Proceedings of the International Conference on Theorem Proving in Higher Order Logics (TPHOLs’09). 440--451. Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. W. W. Tait. 1967. Intensional interpretations of functionals of finite type I. J. Symbol. Logic 32, 2 (1967), 198--212.Google ScholarGoogle ScholarCross RefCross Ref
  70. W. W. Tait. 1975. A realizability interpretation of the theory of species. In Logic Colloquium (Lectures Notes in Mathematics), R. Parikh (Ed.), Vol. 453. Springer-Verlag, Boston, 240--251.Google ScholarGoogle Scholar
  71. M. Tehranipoor and C. Wang. 2011. Introduction to Hardware Security and Trust. Springer Publishing Company, Incorporated. Google ScholarGoogle ScholarDigital LibraryDigital Library
  72. M. Tiwari, Xun Li, H. M. G. Wassel, F. T. Chong, and T. Sherwood. 2009. Execution leases: A hardware-supported mechanism for enforcing strong non-interference. In Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO’09). 493--504. Google ScholarGoogle ScholarDigital LibraryDigital Library
  73. M. Tiwari, J. K. Oberg, X. Li, J. Valamehr, T. Levin, B. Hardekopf, R. Kastner, F. T. Chong, and T. Sherwood. 2011. Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security. In Proceedings of the 38th Annual International Symposium on Computer Architecture (ISCA’11). 189--200. Google ScholarGoogle ScholarDigital LibraryDigital Library
  74. M. Tiwari, H. M. G. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood. 2009. Complete information flow tracking from the gates up. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’09). ACM, New York, NY, 109--120. Google ScholarGoogle ScholarDigital LibraryDigital Library
  75. M. Tiwari, H. M. G. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood. 2009. Complete information flow tracking from the gates up. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’09). ACM, New York, NY, 109--120. Google ScholarGoogle ScholarDigital LibraryDigital Library
  76. S. M. Trimberger and J. J. Moore. 2014. FPGA security: Motivations, features, and applications. Proc. IEEE 102, 8 (Aug 2014), 1248--1265.Google ScholarGoogle ScholarCross RefCross Ref
  77. D. Volpano, C. Irvine, and G. Smith. 1996. A sound type system for secure flow analysis. J. Comput. Secur. 4, 2--3 (Jan. 1996), 167--187. Retrieved from http://dl.acm.org/citation.cfm?id=353629.353648. Google ScholarGoogle ScholarDigital LibraryDigital Library
  78. VST {n. d.}. Verified Software Toolchain. Retrieved from http://vst.cs.princeton.edu.Google ScholarGoogle Scholar
  79. A. Procter, W. Harrison, and G. Allwein. 2012. The confinement problem in the presence of faults. In Proceedings of the International Conference on Formal Engineering Methods (ICFEM’12). 182--197. Google ScholarGoogle ScholarDigital LibraryDigital Library
  80. P. Wadler. 1998. The marriage of effects and monads. In Proceedings of the International Conference on Functional Programming (ICFP’98). 63--74. Google ScholarGoogle ScholarDigital LibraryDigital Library
  81. N. Zeldovich, H. Kannan, M. Dalton, and C. Kozyrakis. 2008. Hardware enforcement of application security policies using tagged memory. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI’08). USENIX Association, Berkeley, CA, 225--240. Retrieved from http://dl.acm.org/citation.cfm?id=1855741.1855757. Google ScholarGoogle ScholarDigital LibraryDigital Library
  82. K. Zhai, R. Townsend, L. Lairmore, M. A. Kim, and S. A. Edwards. 2015. Hardware synthesis from a recursive functional language. In Proceedings of the 10th International Conference on Hardware/Software Codesign and System Synthesis (CODES’15). IEEE Press, Piscataway, NJ, 83--93. Retrieved from http://dl.acm.org/citation.cfm?id=2830840.2830850. Google ScholarGoogle ScholarDigital LibraryDigital Library
  83. D. Zhang, Y. Wang, G. E. Suh, and A. Myers. 2014. A Hardware Design Language for Efficient Control of Timing Channels. Technical Report 2014-04-10. Department of Computer Science, Cornell University. Extended version of the authors’ ASPLOS’15 paper.Google ScholarGoogle Scholar

Index Terms

  1. The Mechanized Marriage of Effects and Monads with Applications to High-assurance Hardware

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format .

      View HTML Format
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!