VeriCHERI: Exhaustive Formal Security Verification of CHERI at the RTL

Protecting data in memory from attackers continues to be a concern in computing systems. CHERI is a promising approach to achieve such protection, by providing and enforcing fine-grained memory protection directly in the hardware. Creating trust for the entire system stack, however, requires a gap-f...

Full description

Saved in:
Bibliographic Details
Published in:arXiv.org 2024-07
Main Authors: Duque Antón, Anna Lena, Müller, Johannes, Schmitz, Philipp, Jauch, Tobias, Wezel, Alex, Deutschmann, Lucas, Mohammad Rahmani Fadiheh, Stoffel, Dominik, Kunz, Wolfgang
Format: Article
Language:English
Subjects:
Hardware
Microprocessors
RISC
Security
Verification
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Duque Antón, Anna Lena
Müller, Johannes
Schmitz, Philipp
Jauch, Tobias
Wezel, Alex
Deutschmann, Lucas
Mohammad Rahmani Fadiheh
Stoffel, Dominik
Kunz, Wolfgang
description Protecting data in memory from attackers continues to be a concern in computing systems. CHERI is a promising approach to achieve such protection, by providing and enforcing fine-grained memory protection directly in the hardware. Creating trust for the entire system stack, however, requires a gap-free verification of CHERI's hardware-based protection mechanisms. Existing verification methods for CHERI target the abstract ISA model rather than the underlying hardware implementation. Fully ensuring the CHERI security guarantees for a concrete RTL implementation is a challenge in previous flows and demands high manual efforts. This paper presents VeriCHERI, a novel approach to security verification. It is conceptionally different from previous works in that it does not require any ISA specification. Instead of checking compliance with a golden ISA model, we check against well-established global security objectives of confidentiality and integrity. Fully covering these objectives, VeriCHERI uses as few as four unbounded properties to exhaustively prove or disprove any vulnerability. We demonstrate the effectiveness and scalability of VeriCHERI on a RISC-V based processor implementing a CHERI variant.
doi_str_mv 10.48550/arxiv.2407.18679
format article
fullrecord <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_3085746976</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3085746976</sourcerecordid><originalsourceid>FETCH-LOGICAL-a526-972508a6dd7c2cb7ffba7e7b74a41a86253a9a2bcf4b9adfd004a2da181a9be93</originalsourceid><addsrcrecordid>eNotjctKw0AYRgdBsNQ-gLsB14lzv7iTkNpCQKjBbfknmaFTaqOTSalvb72szuY730HojpJSGCnJA6RzPJVMEF1So7S9QjPGOS2MYOwGLcZxTwhhSjMp-Qwt33yK1arerB9xfd7BNOZ48ng5pHc44FffTSnmL_yzCrGDHIcjHgL-NTBknHceb9rmFl0HOIx-8c85apd1W62K5uV5XT01BUimCnuJEgOq73XHOqdDcKC9dlqAoGAUkxwsMNcF4Sz0oSdEAOuBGgrWecvn6P7v9iMNn5Mf83Y_TOl4KW45MVILZbXi358UTDU</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3085746976</pqid></control><display><type>article</type><title>VeriCHERI: Exhaustive Formal Security Verification of CHERI at the RTL</title><source>Publicly Available Content Database</source><creator>Duque Antón, Anna Lena ; Müller, Johannes ; Schmitz, Philipp ; Jauch, Tobias ; Wezel, Alex ; Deutschmann, Lucas ; Mohammad Rahmani Fadiheh ; Stoffel, Dominik ; Kunz, Wolfgang</creator><creatorcontrib>Duque Antón, Anna Lena ; Müller, Johannes ; Schmitz, Philipp ; Jauch, Tobias ; Wezel, Alex ; Deutschmann, Lucas ; Mohammad Rahmani Fadiheh ; Stoffel, Dominik ; Kunz, Wolfgang</creatorcontrib><description>Protecting data in memory from attackers continues to be a concern in computing systems. CHERI is a promising approach to achieve such protection, by providing and enforcing fine-grained memory protection directly in the hardware. Creating trust for the entire system stack, however, requires a gap-free verification of CHERI's hardware-based protection mechanisms. Existing verification methods for CHERI target the abstract ISA model rather than the underlying hardware implementation. Fully ensuring the CHERI security guarantees for a concrete RTL implementation is a challenge in previous flows and demands high manual efforts. This paper presents VeriCHERI, a novel approach to security verification. It is conceptionally different from previous works in that it does not require any ISA specification. Instead of checking compliance with a golden ISA model, we check against well-established global security objectives of confidentiality and integrity. Fully covering these objectives, VeriCHERI uses as few as four unbounded properties to exhaustively prove or disprove any vulnerability. We demonstrate the effectiveness and scalability of VeriCHERI on a RISC-V based processor implementing a CHERI variant.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.2407.18679</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Hardware ; Microprocessors ; RISC ; Security ; Verification</subject><ispartof>arXiv.org, 2024-07</ispartof><rights>2024. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/3085746976?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>776,780,25733,27904,36991,44569</link.rule.ids></links><search><creatorcontrib>Duque Antón, Anna Lena</creatorcontrib><creatorcontrib>Müller, Johannes</creatorcontrib><creatorcontrib>Schmitz, Philipp</creatorcontrib><creatorcontrib>Jauch, Tobias</creatorcontrib><creatorcontrib>Wezel, Alex</creatorcontrib><creatorcontrib>Deutschmann, Lucas</creatorcontrib><creatorcontrib>Mohammad Rahmani Fadiheh</creatorcontrib><creatorcontrib>Stoffel, Dominik</creatorcontrib><creatorcontrib>Kunz, Wolfgang</creatorcontrib><title>VeriCHERI: Exhaustive Formal Security Verification of CHERI at the RTL</title><title>arXiv.org</title><description>Protecting data in memory from attackers continues to be a concern in computing systems. CHERI is a promising approach to achieve such protection, by providing and enforcing fine-grained memory protection directly in the hardware. Creating trust for the entire system stack, however, requires a gap-free verification of CHERI's hardware-based protection mechanisms. Existing verification methods for CHERI target the abstract ISA model rather than the underlying hardware implementation. Fully ensuring the CHERI security guarantees for a concrete RTL implementation is a challenge in previous flows and demands high manual efforts. This paper presents VeriCHERI, a novel approach to security verification. It is conceptionally different from previous works in that it does not require any ISA specification. Instead of checking compliance with a golden ISA model, we check against well-established global security objectives of confidentiality and integrity. Fully covering these objectives, VeriCHERI uses as few as four unbounded properties to exhaustively prove or disprove any vulnerability. We demonstrate the effectiveness and scalability of VeriCHERI on a RISC-V based processor implementing a CHERI variant.</description><subject>Hardware</subject><subject>Microprocessors</subject><subject>RISC</subject><subject>Security</subject><subject>Verification</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNotjctKw0AYRgdBsNQ-gLsB14lzv7iTkNpCQKjBbfknmaFTaqOTSalvb72szuY730HojpJSGCnJA6RzPJVMEF1So7S9QjPGOS2MYOwGLcZxTwhhSjMp-Qwt33yK1arerB9xfd7BNOZ48ng5pHc44FffTSnmL_yzCrGDHIcjHgL-NTBknHceb9rmFl0HOIx-8c85apd1W62K5uV5XT01BUimCnuJEgOq73XHOqdDcKC9dlqAoGAUkxwsMNcF4Sz0oSdEAOuBGgrWecvn6P7v9iMNn5Mf83Y_TOl4KW45MVILZbXi358UTDU</recordid><startdate>20240726</startdate><enddate>20240726</enddate><creator>Duque Antón, Anna Lena</creator><creator>Müller, Johannes</creator><creator>Schmitz, Philipp</creator><creator>Jauch, Tobias</creator><creator>Wezel, Alex</creator><creator>Deutschmann, Lucas</creator><creator>Mohammad Rahmani Fadiheh</creator><creator>Stoffel, Dominik</creator><creator>Kunz, Wolfgang</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20240726</creationdate><title>VeriCHERI: Exhaustive Formal Security Verification of CHERI at the RTL</title><author>Duque Antón, Anna Lena ; Müller, Johannes ; Schmitz, Philipp ; Jauch, Tobias ; Wezel, Alex ; Deutschmann, Lucas ; Mohammad Rahmani Fadiheh ; Stoffel, Dominik ; Kunz, Wolfgang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a526-972508a6dd7c2cb7ffba7e7b74a41a86253a9a2bcf4b9adfd004a2da181a9be93</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Hardware</topic><topic>Microprocessors</topic><topic>RISC</topic><topic>Security</topic><topic>Verification</topic><toplevel>online_resources</toplevel><creatorcontrib>Duque Antón, Anna Lena</creatorcontrib><creatorcontrib>Müller, Johannes</creatorcontrib><creatorcontrib>Schmitz, Philipp</creatorcontrib><creatorcontrib>Jauch, Tobias</creatorcontrib><creatorcontrib>Wezel, Alex</creatorcontrib><creatorcontrib>Deutschmann, Lucas</creatorcontrib><creatorcontrib>Mohammad Rahmani Fadiheh</creatorcontrib><creatorcontrib>Stoffel, Dominik</creatorcontrib><creatorcontrib>Kunz, Wolfgang</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Duque Antón, Anna Lena</au><au>Müller, Johannes</au><au>Schmitz, Philipp</au><au>Jauch, Tobias</au><au>Wezel, Alex</au><au>Deutschmann, Lucas</au><au>Mohammad Rahmani Fadiheh</au><au>Stoffel, Dominik</au><au>Kunz, Wolfgang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>VeriCHERI: Exhaustive Formal Security Verification of CHERI at the RTL</atitle><jtitle>arXiv.org</jtitle><date>2024-07-26</date><risdate>2024</risdate><eissn>2331-8422</eissn><abstract>Protecting data in memory from attackers continues to be a concern in computing systems. CHERI is a promising approach to achieve such protection, by providing and enforcing fine-grained memory protection directly in the hardware. Creating trust for the entire system stack, however, requires a gap-free verification of CHERI's hardware-based protection mechanisms. Existing verification methods for CHERI target the abstract ISA model rather than the underlying hardware implementation. Fully ensuring the CHERI security guarantees for a concrete RTL implementation is a challenge in previous flows and demands high manual efforts. This paper presents VeriCHERI, a novel approach to security verification. It is conceptionally different from previous works in that it does not require any ISA specification. Instead of checking compliance with a golden ISA model, we check against well-established global security objectives of confidentiality and integrity. Fully covering these objectives, VeriCHERI uses as few as four unbounded properties to exhaustively prove or disprove any vulnerability. We demonstrate the effectiveness and scalability of VeriCHERI on a RISC-V based processor implementing a CHERI variant.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.2407.18679</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2024-07
issn 2331-8422
language eng
recordid cdi_proquest_journals_3085746976
source Publicly Available Content Database
subjects Hardware
Microprocessors
RISC
Security
Verification
title VeriCHERI: Exhaustive Formal Security Verification of CHERI at the RTL
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-27T17%3A51%3A19IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=VeriCHERI:%20Exhaustive%20Formal%20Security%20Verification%20of%20CHERI%20at%20the%20RTL&rft.jtitle=arXiv.org&rft.au=Duque%20Ant%C3%B3n,%20Anna%20Lena&rft.date=2024-07-26&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.2407.18679&rft_dat=%3Cproquest%3E3085746976%3C/proquest%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-a526-972508a6dd7c2cb7ffba7e7b74a41a86253a9a2bcf4b9adfd004a2da181a9be93%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=3085746976&rft_id=info:pmid/&rfr_iscdi=true