Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

A Principled Approach to Secure Multi-core Processor Design with ReWire

A Principled Approach to Secure Multi-core Processor Design with ReWire There is no such thing as high assurance without high assurance hardware. High assurance hardware is essential because any and all high assurance systems ultimately depend on hardware that conforms to, and does not undermine, critical system properties and invariants. And yet, high assurance hardware development is stymied by the conceptual gap between formal methods and hardware description languages used by engineers. This article advocates a semantics-directed approach to bridge this conceptual gap. We present a case study in the design of secure processors, which are formally derived via principled techniques grounded in functional programming and equational reasoning. The case study comprises the development of secure single- and dual-core variants of a single processor, both based on a common semantic specification of the ISA. We demonstrate via formal equational reasoning that the dual-core processor respects a no-write-down information flow policy. The semantics-directed approach enables a modular and extensible style of system design and verification. The secure processors require only a very small amount of additional code to specify and implement, and their security verification arguments are concise and readable. Our approach rests critically on ReWire, a functional programming language providing a suitable foundation for formal verification of hardware designs. This case study demonstrates both ReWires expressiveness as a programming language and its power as a framework for formal, high-level reasoning about hardware systems. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png ACM Transactions on Embedded Computing Systems (TECS) Association for Computing Machinery

A Principled Approach to Secure Multi-core Processor Design with ReWire

Loading next page...
 
/lp/association-for-computing-machinery/a-principled-approach-to-secure-multi-core-processor-design-with-wGTh5CdF0f

References (49)

Publisher
Association for Computing Machinery
Copyright
Copyright © 2017 ACM
ISSN
1539-9087
eISSN
1558-3465
DOI
10.1145/2967497
Publisher site
See Article on Publisher Site

Abstract

There is no such thing as high assurance without high assurance hardware. High assurance hardware is essential because any and all high assurance systems ultimately depend on hardware that conforms to, and does not undermine, critical system properties and invariants. And yet, high assurance hardware development is stymied by the conceptual gap between formal methods and hardware description languages used by engineers. This article advocates a semantics-directed approach to bridge this conceptual gap. We present a case study in the design of secure processors, which are formally derived via principled techniques grounded in functional programming and equational reasoning. The case study comprises the development of secure single- and dual-core variants of a single processor, both based on a common semantic specification of the ISA. We demonstrate via formal equational reasoning that the dual-core processor respects a no-write-down information flow policy. The semantics-directed approach enables a modular and extensible style of system design and verification. The secure processors require only a very small amount of additional code to specify and implement, and their security verification arguments are concise and readable. Our approach rests critically on ReWire, a functional programming language providing a suitable foundation for formal verification of hardware designs. This case study demonstrates both ReWires expressiveness as a programming language and its power as a framework for formal, high-level reasoning about hardware systems.

Journal

ACM Transactions on Embedded Computing Systems (TECS)Association for Computing Machinery

Published: Jan 10, 2017

Keywords: Equational reasoning

There are no references for this article.