Reasoning Compositionally Almost Security
Prof. Andrew Myers from Cornell visited our division at UB span weeks ago, together with gave a talk. I had taken merely about notes during the talk, together with figured I should organize them a piffling together with postal service here.
I was delighted to run into Andrew had a blog. I merely wishing he posted to a greater extent than frequently. I peculiarly liked the upgoer-five-editor composed "What I do" post, the "GashlyCode-Tinies" post, together with the "Deserialization considered harmful" posts.
I similar it when researchers together with professors blog. Blogging gives us a dissimilar venue amongst an informal format to introduce our opinions. This enables us to furnish intuitive together with simpler explanations, opine open-endedly without needing to furnish proof/validation, together with fifty-fifty exhibit our humorous together with human-sides. Blogging is ideal for professing, I think.
Anyways dorsum to Andrew's talk. The beak was most a span recent papers
"Secure Information Flow Verification amongst Mutable Dependent Types" together with "Verification of a practical hardware safety architecture through static information period of time analysis"
Andrew had worked on this thought for software systems, together with lately wondered if nosotros tin role this thought likewise for achieving hardware security. This is because fifty-fifty if y'all own got safety at the software level, if the hardware marking leaks, y'all didn't hit anything. And in that place were really interesting exploits inward recent years using side-channel attacks together with timing attacks to leak information from the hardware (i.e., information cache, didactics cache, computation unit, retentiveness controller).
SecVerilog is essentially Verilog summation merely about theme safety labels. The thought is to blueprint a flake arrangement that doesn't leak, past times modeling/verifying it inward Secverilog. The safety model is that the assailant sees contents of populace hardware nation (high/low) at each clock tick.
Using SecVerilog Andrew's squad produced a formally verified MIPS processor. The static analysis overhead of SecVerilog was extremely low: it was ii seconds for the consummate MIPS processor.
I was delighted to run into Andrew had a blog. I merely wishing he posted to a greater extent than frequently. I peculiarly liked the upgoer-five-editor composed "What I do" post, the "GashlyCode-Tinies" post, together with the "Deserialization considered harmful" posts.
I similar it when researchers together with professors blog. Blogging gives us a dissimilar venue amongst an informal format to introduce our opinions. This enables us to furnish intuitive together with simpler explanations, opine open-endedly without needing to furnish proof/validation, together with fifty-fifty exhibit our humorous together with human-sides. Blogging is ideal for professing, I think.
Anyways dorsum to Andrew's talk. The beak was most a span recent papers
"Secure Information Flow Verification amongst Mutable Dependent Types" together with "Verification of a practical hardware safety architecture through static information period of time analysis"
Compositional safety enforcement
An thought that worked for compositional safety enforcement inward software is to "control the period of time of information throughout a computing system". The undercover period of time shouldn't enter populace period of time together with leak outside. In other words, similar inward Ghostbusters, y'all must non allow the undercover together with populace information streams cross within a component. The components that possess this belongings compose together with past times composing them together y'all larn end-to-end safety inward your system. (I am non inward the safety field, but I had heard most this thought applied to hit Android arrangement security.)Andrew had worked on this thought for software systems, together with lately wondered if nosotros tin role this thought likewise for achieving hardware security. This is because fifty-fifty if y'all own got safety at the software level, if the hardware marking leaks, y'all didn't hit anything. And in that place were really interesting exploits inward recent years using side-channel attacks together with timing attacks to leak information from the hardware (i.e., information cache, didactics cache, computation unit, retentiveness controller).
Secure HDLs
The thought is to develop a secure hardware description linguistic communication (HDL) that uses the information period of time type ideas described higher upward to ensure that hardware is secure at blueprint time. Chip blueprint already uses Verilog every bit an HDL together with synthesize chips from Verilog programs. (Chip blueprint is nevertheless a relatively constrained domain that synthesis from high-level code is possible.) So Andrew's squad add together safety annotations to Verilog to furnish SecVerilog.SecVerilog is essentially Verilog summation merely about theme safety labels. The thought is to blueprint a flake arrangement that doesn't leak, past times modeling/verifying it inward Secverilog. The safety model is that the assailant sees contents of populace hardware nation (high/low) at each clock tick.
Using SecVerilog Andrew's squad produced a formally verified MIPS processor. The static analysis overhead of SecVerilog was extremely low: it was ii seconds for the consummate MIPS processor.
0 Response to "Reasoning Compositionally Almost Security"
Post a Comment