A hardware design language for timing-sensitive information-flow security

Danfeng Zhang; Yao Wang; G. Edward Suh; Andrew C. Myers

doi:10.1145/2694344.2694372

A hardware design language for timing-sensitive information-flow security

Danfeng Zhang, Yao Wang, G. Edward Suh, Andrew C. Myers

Computer Science and Engineering

Research output: Contribution to journal › Article › peer-review

139 Scopus citations

Abstract

Information security can be compromised by leakage via lowlevel hardware features. One recently prominent example is cache probing attacks, which rely on timing channels created by caches. We introduce a hardware design language, SecVerilog, which makes it possible to statically analyze information flow at the hardware level. With SecVerilog, systems can be built with verifiable control of timing channels and other information channels. SecVerilog is Verilog, extended with expressive type annotations that enable precise reasoning about information flow. It also comes with rigorous formal assurance: we prove that SecVerilog enforces timing-sensitive noninterference and thus ensures secure information flow. By building a secure MIPS processor and its caches, we demonstrate that SecVerilog makes it possible to build complex hardware designs with verified security, yet with low overhead in time, space, and HW designer effort.

Original language	English (US)
Pages (from-to)	503-516
Number of pages	14
Journal	ACM SIGPLAN Notices
Volume	50
Issue number	4
DOIs	https://doi.org/10.1145/2694344.2694372
State	Published - Apr 2015

All Science Journal Classification (ASJC) codes

General Computer Science

Access to Document

10.1145/2694344.2694372

Cite this

@article{eda9112999e647ac86100abb50ad3260,

title = "A hardware design language for timing-sensitive information-flow security",

abstract = "Information security can be compromised by leakage via lowlevel hardware features. One recently prominent example is cache probing attacks, which rely on timing channels created by caches. We introduce a hardware design language, SecVerilog, which makes it possible to statically analyze information flow at the hardware level. With SecVerilog, systems can be built with verifiable control of timing channels and other information channels. SecVerilog is Verilog, extended with expressive type annotations that enable precise reasoning about information flow. It also comes with rigorous formal assurance: we prove that SecVerilog enforces timing-sensitive noninterference and thus ensures secure information flow. By building a secure MIPS processor and its caches, we demonstrate that SecVerilog makes it possible to build complex hardware designs with verified security, yet with low overhead in time, space, and HW designer effort.",

author = "Danfeng Zhang and Yao Wang and Suh, {G. Edward} and Myers, {Andrew C.}",

note = "Publisher Copyright: Copyright {\textcopyright} 2015 ACM.",

year = "2015",

month = apr,

doi = "10.1145/2694344.2694372",

language = "English (US)",

volume = "50",

pages = "503--516",

journal = "ACM SIGPLAN Notices",

issn = "1523-2867",

publisher = "Association for Computing Machinery (ACM)",

number = "4",

}

TY - JOUR

T1 - A hardware design language for timing-sensitive information-flow security

AU - Zhang, Danfeng

AU - Wang, Yao

AU - Suh, G. Edward

AU - Myers, Andrew C.

PY - 2015/4

Y1 - 2015/4

N2 - Information security can be compromised by leakage via lowlevel hardware features. One recently prominent example is cache probing attacks, which rely on timing channels created by caches. We introduce a hardware design language, SecVerilog, which makes it possible to statically analyze information flow at the hardware level. With SecVerilog, systems can be built with verifiable control of timing channels and other information channels. SecVerilog is Verilog, extended with expressive type annotations that enable precise reasoning about information flow. It also comes with rigorous formal assurance: we prove that SecVerilog enforces timing-sensitive noninterference and thus ensures secure information flow. By building a secure MIPS processor and its caches, we demonstrate that SecVerilog makes it possible to build complex hardware designs with verified security, yet with low overhead in time, space, and HW designer effort.

AB - Information security can be compromised by leakage via lowlevel hardware features. One recently prominent example is cache probing attacks, which rely on timing channels created by caches. We introduce a hardware design language, SecVerilog, which makes it possible to statically analyze information flow at the hardware level. With SecVerilog, systems can be built with verifiable control of timing channels and other information channels. SecVerilog is Verilog, extended with expressive type annotations that enable precise reasoning about information flow. It also comes with rigorous formal assurance: we prove that SecVerilog enforces timing-sensitive noninterference and thus ensures secure information flow. By building a secure MIPS processor and its caches, we demonstrate that SecVerilog makes it possible to build complex hardware designs with verified security, yet with low overhead in time, space, and HW designer effort.

UR - http://www.scopus.com/inward/record.url?scp=84951072703&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84951072703&partnerID=8YFLogxK

U2 - 10.1145/2694344.2694372

DO - 10.1145/2694344.2694372

M3 - Article

AN - SCOPUS:84951072703

SN - 1523-2867

VL - 50

SP - 503

EP - 516

JO - ACM SIGPLAN Notices

JF - ACM SIGPLAN Notices

IS - 4

ER -

A hardware design language for timing-sensitive information-flow security

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this