10 likes | 178 Views
Security Checkers Using the Property Specification Language (PSL) to Create Synthesizable, Security-Focused, Dynamic Verification Units. Michael Bilzor Ted Huffmire Cynthia Irvine Tim Levin. U.S. Naval Postgraduate School. Architectural Specification: Security Reqmts.
E N D
Security Checkers Using the Property Specification Language (PSL) to Create Synthesizable, Security-Focused, Dynamic Verification Units • Michael Bilzor • Ted Huffmire • Cynthia Irvine • Tim Levin U.S. Naval Postgraduate School ArchitecturalSpecification:Security Reqmts. assert always { ~ `A_SM; `A_SM } |-> (except_start || rst) ; assert always { ~ spr_we; spr_we } |-> `A_SM ; assert always ({ { ( ex_pc >= `A_IVT ) } | { rst !== 0 } | { `A_SM !== 0 } || { ( except_start ; ex_pc < `A_IVT ) ; `A_RFE } }); assert always { ~ we_o } |-> ( { true ; true ; stable( `A_UART_OUT ) } ); assert always except_start -> ( (except_type > 0) && (except_type < 16) ) ; assert always {(dtlb_done && ((~dcpu_we_i && ~supv && ~dtlb_ure) || (~dcpu_we_i && supv && ~dtlb_sre))) } |-> fault ; assert always {(dtlb_done && ((dcpu_we_i && ~supv && ~dtlb_uwe) || (dcpu_we_i && supv && ~dtlb_swe))) } |-> fault ; assert always ( {(mtxd_pad_o !== 4'h0)} |-> ( (WillTransmit) || (`A_SM === 1'b1) || (prev(eth_top.txethmac1.TxData[0]) != 1'bX)) ); assert always ( { stable(dvr_0[0]) } |-> ( (rst) || (`A_SM) ); assert always ({ ( if_insn === 32'hXXXXXXXX ) || ( ~ ( ( (if_insn[31:26] > 10) && (if_insn[31:26] < 17) ) || ( (if_insn[31:26] < 28) && (if_insn[31:26] > 21) ) ) }); PSL Parser and Rewrite Rules ProcessorImplementation:HDL Design PSL Assertions (Temporal Logic) Parse Tree module SERE3 (clk, reset, c, b, a, holds); ... // Original assertion = assert always ({a} |=> ({{b}[*3]; c})) @ (rose(clk)); // Rewritten assertion = assert {[+]} |-> ({{a} ; true} |-> ({{b} ; {b} ; {b} ; c})) @ (rose (clk)) ; always @(posedge clk, posedge reset) begin if (reset) begin SERE3_q0 <= 0; SERE3_q3 <= 0; ... end else if (clk) begin ... Automata Construction and Combination "Checker"Automata Automata to HDL Conversion ExperimentPlatforms Synthesizable HDL Checkers ProcessorImplementationWith Checkers Built In • Plasma (MIPS-1) • OpenRISC • PROBLEM: How to express security requirements in a hardware design. • GOAL: Provide a method for expressing and enforcing security requirements in a processor at runtime. • IDEA: Complement existing functional verification methods by using assertions in the Property Specification Language (PSL) to map architectural security requirements to a processor's implementation. Then convert the PSL assertions into synthesizable HDL security checkers, so the checkers can remain part of the design through FPGA evaluation and silicon fabrication, if desired. • ANTICIPATED BENEFITS: A methodology that makes it easier to transcribe architectural security requirements into dynamic verification units. The ability to detect some hardware malicious inclusions at runtime. • FUTURE RESEARCH: Evaluate on more processor platforms. Experiment against adversary malicious-inclusion designers. Fabricate demonstrations in silicon. FPGAEmulation Simulation Monitor Layer Target Layer Fabricated3D-IC Fabrication