TL;DR
This paper introduces a formal verification method called UPEC to systematically detect all transient execution side channel vulnerabilities in RTL processor designs, including unknown attack vectors, ensuring hardware security at the design level.
Contribution
It presents a novel formal proof methodology for RTL security verification against transient execution attacks, capable of identifying both known and unknown vulnerabilities without prior attack knowledge.
Findings
UPEC detects new attack scenarios in experimental RTL designs.
UPEC scales to complex processor architectures like RocketChip, Ariane, and BOOM.
First exhaustive RTL verification technique for transient execution side channels.
Abstract
Hardware (HW) security issues have been emerging at an alarming rate in recent years. Transient execution attacks, in particular, pose a genuine threat to the security of modern computing systems. Despite recent advances, understanding the intricate implications of microarchitectural design decisions on processor security remains a great challenge and has caused a number of update cycles in the past. number of update cycles in the past. This papers addresses the need for a new approach to HW sign-off verification which guarantees the security of processors at the Register Transfer Level (RTL). To this end, we introduce a formal definition of security with respect to transient execution attacks, formulated as a HW property. We present a formal proof methodology based on Unique Program Execution Checking (UPEC) which can be used to systematically detect all vulnerabilities to transient…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
