Filters








9,983 Hits in 6.2 sec

Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis

Andrew Ferraiuolo, Rui Xu, Danfeng Zhang, Andrew C. Myers, G. Edward Suh
2017 ACM SIGOPS Operating Systems Review  
In our approach, hardware is developed using a lightweight security-typed hardware description language (HDL) that performs static information flow analysis.  ...  We show the practicality of our approach by implementing and verifying a simplified but realistic multi-core prototype of the ARM TrustZone architecture.  ...  We show how to use static analysis of information flow to check that the security goals of this architecture are met.  ... 
doi:10.1145/3093315.3037739 fatcat:oodlt4wftbfqlggzbwgt5lfxdq

Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis

Andrew Ferraiuolo, Rui Xu, Danfeng Zhang, Andrew C. Myers, G. Edward Suh
2017 SIGARCH Computer Architecture News  
In our approach, hardware is developed using a lightweight security-typed hardware description language (HDL) that performs static information flow analysis.  ...  We show the practicality of our approach by implementing and verifying a simplified but realistic multi-core prototype of the ARM TrustZone architecture.  ...  We show how to use static analysis of information flow to check that the security goals of this architecture are met.  ... 
doi:10.1145/3093337.3037739 fatcat:6krhpkwm7rgxffphqlttolbkeu

Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis

Andrew Ferraiuolo, Rui Xu, Danfeng Zhang, Andrew C. Myers, G. Edward Suh
2017 SIGPLAN notices  
In our approach, hardware is developed using a lightweight security-typed hardware description language (HDL) that performs static information flow analysis.  ...  We show the practicality of our approach by implementing and verifying a simplified but realistic multi-core prototype of the ARM TrustZone architecture.  ...  We show how to use static analysis of information flow to check that the security goals of this architecture are met.  ... 
doi:10.1145/3093336.3037739 fatcat:gh34pjg7u5givesjrzib3ohw2e

Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis

Andrew Ferraiuolo, Rui Xu, Danfeng Zhang, Andrew C. Myers, G. Edward Suh
2017 Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS '17  
In our approach, hardware is developed using a lightweight security-typed hardware description language (HDL) that performs static information flow analysis.  ...  We show the practicality of our approach by implementing and verifying a simplified but realistic multi-core prototype of the ARM TrustZone architecture.  ...  We show how to use static analysis of information flow to check that the security goals of this architecture are met.  ... 
doi:10.1145/3037697.3037739 dblp:conf/asplos/FerraiuoloXZMS17 fatcat:drlwqqelynagbau4wovubnsp2m

Position paper

Xun Li, Vineeth Kashyap, Jason K. Oberg, Mohit Tiwari, Vasanth Ram Rajarathinam, Ryan Kastner, Timothy Sherwood, Ben Hardekopf, Frederic T. Chong
2013 Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security - PLAS '13  
We describe Sapper, a language for creating critical hardware components that have provably secure information flow.  ...  Sapper uses a hybrid approach that leverages unique language features and static analysis to determine a set of dynamic checks that are automatically inserted into the hardware design.  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the  ... 
doi:10.1145/2465106.2465214 dblp:conf/pldi/0001KOTRKSHC13 fatcat:v5mwy4pquzdj5bjo5564tir4yi

Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security

Mohit Tiwari, Jason K. Oberg, Xun Li, Jonathan Valamehr, Timothy Levin, Ben Hardekopf, Ryan Kastner, Frederic T. Chong, Timothy Sherwood
2011 SIGARCH Computer Architecture News  
To test the viability of this approach we design, test, and statically verify the information-flow security of a hardware/software system complete with support for unbounded operation, inter-process communication  ...  This skeleton couples a critical slice of the low level hardware implementation with a microkernel in a way that allows information flow properties of the entire construction to be statically verified  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the  ... 
doi:10.1145/2024723.2000087 fatcat:touo4wpb3zbedmxuwa6hesdlpi

Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security

Mohit Tiwari, Jason K. Oberg, Xun Li, Jonathan Valamehr, Timothy Levin, Ben Hardekopf, Ryan Kastner, Frederic T. Chong, Timothy Sherwood
2011 Proceeding of the 38th annual international symposium on Computer architecture - ISCA '11  
To test the viability of this approach we design, test, and statically verify the information-flow security of a hardware/software system complete with support for unbounded operation, inter-process communication  ...  This skeleton couples a critical slice of the low level hardware implementation with a microkernel in a way that allows information flow properties of the entire construction to be statically verified  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the  ... 
doi:10.1145/2000064.2000087 dblp:conf/isca/TiwariOLVLHKCS11 fatcat:n4fu5qhf2zdktmnly66wx4ihli

Secure information flow analysis for hardware design

Xun Li, Mohit Tiwari, Ben Hardekopf, Timothy Sherwood, Frederic T. Chong
2010 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security - PLAS '10  
Language-based information flow analyses can be applied to hardware description languages, but a straight-forward application either conservatively rules out many secure hardware designs, or constrains  ...  We demonstrate that choosing the right level of abstraction for the analysis, by working on Finite State Machines instead of the hardware code, allows both precise information flow analysis and high-level  ...  Approaches based on program analysis have been proposed to help functional hardware verification, i.e, static analysis [9] and model checking [6] .  ... 
doi:10.1145/1814217.1814225 dblp:conf/pldi/0001THSC10 fatcat:xmafkdzyz5erbppl5v7cbojita

A high assurance virtualization platform for ARMv8

Christoph Baumann, Mats Naslund, Christian Gehrmann, Oliver Schwarz, Hans Thorsen
2016 2016 European Conference on Networks and Communications (EuCNC)  
Formal verification at machine code level guarantees information isolation between different guest systems (e.g. OSs) running on the platform.  ...  Besides the hypervisor, a secure boot component is included and verified to ensure system integrity.  ...  Parts of the verification work are supported by a framework grant from the Swedish Foundation for Strategic Research.  ... 
doi:10.1109/eucnc.2016.7561034 dblp:conf/eucnc/BaumannNGST16 fatcat:ntvwca4gefb4tbreqetcyxuj5u

Dynamic Information Flow Tracking: Taxonomy, Challenges, and Opportunities

Kejun Chen, Xiaolong Guo, Qingxu Deng, Yier Jin
2021 Micromachines  
Based on the analysis, we classify the existing solutions into three categories, i.e., software, hardware, software and hardware co-design.  ...  Dynamic information flow tracking (DIFT) has been proven an effective technique to track data usage; prevent control data attacks and non-control data attacks at runtime; and analyze program performance  ...  In addition to software-based DIFT design, Ferraiuolo et al. in [14] verified practical security architecture through static information flow analysis.  ... 
doi:10.3390/mi12080898 fatcat:zfkiddrjvbfjli7ht6x5jgyp7q

A multi-flow information flow tracking approach for proving quantitative hardware security properties

Yu Tai, Wei Hu, Lu Zhang, Dejun Mu, Ryan Kastner
2021 Tsinghua Science and Technology  
Experimental results show that our method can be used to prove a new type of information flow security property with verification performance benefits.  ...  a small amount of information flows to enable desirable interactions.  ...  Caisson [18] is a novel Hardware Description Language (HDL) with a static type system dedicated to security analysis.  ... 
doi:10.26599/tst.2019.9010042 fatcat:k6unmub46rcqhitpadnxg2reru

On the Complexity of Generating Gate Level Information Flow Tracking Logic

Wei Hu, Jason Oberg, Ali Irturk, Mohit Tiwari, Timothy Sherwood, Dejun Mu, Ryan Kastner
2012 IEEE Transactions on Information Forensics and Security  
Recently, gate level information flow tracking (GLIFT) has been proposed to verify information flow security at the level of Boolean gates.  ...  Index Terms-Algorithm design and analysis, Boolean functions, computational complexity, gate level information flow tracking, information security.  ...  ACKNOWLEDGMENT The authors would like to thank the reviewers for their valuable feedback, which was of great help in improving this paper.  ... 
doi:10.1109/tifs.2012.2189105 fatcat:qx4hz5m4vra7dex2zxoippiphm

Hardware supported Software and Control Flow Integrity

Ruan de Clercq
2017 Zenodo  
This includes developing the first known Control Flow Integrity architecture based on instruction-set randomisation, that also enforces software integrity through modifications to a processor.  ...  The main contributions of this thesis are two-fold. First, we analyse existing hardware-based Control Flow Integrity (CFI) architectures.  ...  A major problem is that high-security CFI, aka fine-grained CFI, relies on a CFG which is generated through static analysis.  ... 
doi:10.5281/zenodo.2643373 fatcat:3elmla7my5fa5jyeti73b7pnkm

Analysis of three multilevel security architectures

Timothy E. Levin, Cynthia E. Irvine, Clark Weissman, Thuy D. Nguyen
2007 Proceedings of the 2007 ACM workshop on Computer security architecture - CSAW '07  
This paper provides an analysis of the relative merits of three architectural types -one based on a security kernel, another based on a traditional separation kernel, and a third based on a least-privilege  ...  Various system architectures have been proposed for high assurance enforcement of multilevel security.  ...  Verification of Configuration Data Verification of configuration data in PK-based architectures is a significant concern, as this data determines the system's security policy.  ... 
doi:10.1145/1314466.1314473 dblp:conf/ccs/LevinIWN07 fatcat:pvyu3olitnc5bp7rfstjauujwq

PRIMA

Trent Jaeger, Reiner Sailer, Umesh Shankar
2006 Proceedings of the eleventh ACM symposium on Access control models and technologies - SACMAT '06  
The recent availability of secure hardware has made it practical for a system to measure its own integrity, such that it can generate an integrity proof for remote parties.  ...  A PRIMA prototype has been built based on the open-source Linux Integrity Measurement Architecture (IMA) using SELinux policies to provide the information flow.  ...  CW-Lite is a pared-down version of Clark-Wilson integrity that relaxes its formal verification requirement and uses the system security policy's implied information flows to reduce requirements on trusted  ... 
doi:10.1145/1133058.1133063 dblp:conf/sacmat/JaegerSS06 fatcat:77fzik5uufanfphs2guctu6phi
« Previous Showing results 1 — 15 out of 9,983 results