ABSTRACT
This paper presents a novel secure hardware description language (HDL) that uses an information flow type system to ensure that hardware is secure at design time. The novelty of this HDL lies in its ability to securely share hardware modules and storage elements across multiple security levels. Unlike previous secure HDLs, the new HDL enables secure sharing at a fine granularity and without implicitly adding hardware for security enforcement; this is important because the implicitly added hardware can break functionality and harm efficiency. The new HDL enables practical hardware designs that are secure, correct, and efficient. We demonstrate the practicality of the new HDL by using it to design and type-check a synthesizable pipelined processor implementation that support protection rings and instructions that change modes.
- Bob Bentley. Validating the Intel Pentium 4 Microprocessor. In Proceedings of the Design Automation Conference (DAC), 2001. Google ScholarDigital Library
- Jeremy Condit, Matthew Harren, Zachary Anderson, David Gay, and George C. Necula. Dependent Types for Low-level Programming. ESOP'07. Google ScholarDigital Library
- Dorothy E. Denning. A Lattice Model of Secure Information Flow. Communications of the ACM, 1976. Google ScholarDigital Library
- Advanced Micro Devices. Revision Guide for AMD Athlon 64 and AMD Opteron Processors, 2005.Google Scholar
- Xun Li, Vineeth Kashyap, Jason K. Oberg, Mohit Tiwari, Vasanth Ram Rajarathinam, Ryan Kastner, Timothy Sherwood, Ben Hardekopf, and Frederic T. Chong. Sapper: A Language for Hardware-level Security Policy Enforcement. In ASPLOS, 2014. Google ScholarDigital Library
- Xun Li, Mohit Tiwari, Jason K. Oberg, Vineeth Kashyap, Frederic T. Chong, Timothy Sherwood, and Ben Hardekopf. Caisson: A Hardware Description Language for Secure Information Flow. In PLDI, 2011. Google ScholarDigital Library
- Jason Oberg, Wei Hu, Ali Irturk, Mohit Tiwari, Timothy Sherwood, and Ryan Kastner. Theoretical Analysis of Gate Level Information Flow Tracking. In DAC, 2010. Google ScholarDigital Library
- Andrei Sabelfeld and Andrew C. Myers. Language-based Information-flow Security. IEEE Journal on Selected Areas in Communications, 2006. Google ScholarDigital Library
- Andrei Sabelfeld and David Sands. Declassification: Dimensions and Principles. JCS, 2009. Google ScholarDigital Library
- Mohit Tiwari, Jason K. Oberg, Xun Li, Jonathan Valamehr, Timothy Levin, Ben Hardekopf, Ryan Kastner, Frederic T. Chong, and Timothy Sherwood. Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow Security. In ISCA, 2011. Google ScholarDigital Library
- Mohit Tiwari, Hassan M.G. Wassel, Bita Mazloom, Shashidhar Mysore, Frederic T. Chong, and Timothy Sherwood. Complete Information Flow Tracking from the Gates Up. In ASPLOS, 2009. Google ScholarDigital Library
- Rafal Wojtczuk and Joanna Rutkowska. Attacking SMM Memory via Intel CPU Cache Poisoning, 2009.Google Scholar
- Steve Zdancewic and Andrew C. Myers. Observational determinism for concurrent program security. In CSFW, 2003.Google ScholarCross Ref
- Danfeng Zhang, Yao Wang, G. Edward Suh, and Andrew C. Myers. A hardware design language for efficient control of timing channels. Technical Report http://hdl.handle.net/1813/36274, Cornell University, 2014.Google Scholar
- Danfeng Zhang, Yao Wang, G. Edward Suh, and Andrew C. Myers. A Hardware Design Language for Timing-Sensitive Information-Flow Security. In ASPLOS, 2015. Google ScholarDigital Library
- Lantien Zheng and Andrew C. Myers. Dynamic Security Labels and Static Information Flow Control. In IJIS, 2007. Google ScholarDigital Library
- Secure Information Flow Verification with Mutable Dependent Types
Recommendations
Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis
ASPLOS '17: Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating SystemsHardware-based mechanisms for software isolation are becoming increasingly popular, but implementing these mechanisms correctly has proved difficult, undermining the root of security. This work introduces an effective way to formally verify important ...
Dependent Information Flow Types
POPL '15: Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming LanguagesIn this paper, we develop a novel notion of dependent information flow types. Dependent information flow types fit within the standard framework of dependent type theory, but, unlike usual dependent types, crucially allow the security level of a type, ...
Comments