LAUSR.org creates dashboard-style pages of related content for over 1.5 million academic articles. Sign Up to like articles & get recommendations!

FinalFilter: Asserting Security Properties of a Processor at Runtime

Photo from wikipedia

& IN AN IDEAL world, it would be possible to build a provably correct and secure processor. However, the complexity of today’s processors puts this ideal out of reach. The… Click to show full abstract

& IN AN IDEAL world, it would be possible to build a provably correct and secure processor. However, the complexity of today’s processors puts this ideal out of reach. The complete verification of a modern processor remains intractable. Statically verifying even a simple security property—for example, “hardware privilege escalation never occurs”—remains beyond the state of the art in formal verification. Testing can complement formal verification methods, yet testing is incomplete and bugs in the hardware that leave it vulnerable continue to elude test suites. Further, a crafty malicious actor can evade typical testing coverage metrics. Recent efforts, including that of three of the authors, have explored the use of static analysis on the design files (e.g., hardware description level source code or gate-level netlists) to find suspicious circuitry. These techniques rely on heuristics to define patterns that indicate a likely trojan and then search for instances in the design that match the pattern. However, malicious circuitry that does not match the pattern will be missed, as will inadvertent bugs that open vulnerabilities. By the time the weakness is uncovered, the hardware is already in the end user’s hands and vulnerable to attack. In the absence of a full proof of correctness, what is needed is a final filter: a runtime verification technique that works—postdeployment—to detect and respond to security property violations as they occur during execution. In this article, we make the case for final filters using our tool, FinalFilter, as a case study.

Keywords: security properties; verification; asserting security; security; finalfilter asserting

Journal Title: IEEE Micro
Year Published: 2019

Link to full text (if available)


Share on Social Media:                               Sign Up to like & get
recommendations!

Related content

More Information              News              Social Media              Video              Recommended



                Click one of the above tabs to view related content.