
Verification of hardware security architecture through static analysis [pdf] - lbeziaud
http://www.cse.psu.edu/~dbz5017/pub/asplos17.pdf
======
lbeziaud
Abstract: _Hardware-based mechanisms for software isolation are becoming
increasingly popular, but implementing these mechanisms correctly has proved
difficult, undermining the root of security. This work introduces an effective
way to formally verify important properties of such hardware security
mechanisms. In our approach, hardware is developed using a lightweight
security-typed hardware description language (HDL) that performs static
information flow analysis. We show the practicality of our approach by
implementing and verifying a simplified but realistic multi-core prototype of
the ARM TrustZone architecture. To make the security-typed HDL expressive
enough to verify a realistic processor, we develop new type system features.
Our experiments suggest that information flow analysis is efficient, and
programmer effort is modest. We also show that information flow constraints
are an effective way to detect hardware vulnerabilities, including several
found in commercial processors._

