Towards a Trustworthy Stack: Formal Verification of Low-Level Hardware and Software

Abstract: Computer systems, consisting of hardware and software, have gained significant importance in the digitalised world. These computer systems rely on critical components to provide core functionalities and handle sensitive data. A fundamental requirement for these critical components is functional correctness, which ensures that the components work as their specifications prescribe. For instance, a pipelined processor will execute instructions concurrently in different stages such as fetch, decode and execute, and must produce results as specified in the instruction set architecture (ISA) manual. In addition to functional correctness, security properties such as confidentiality and integrity are important. In particular, confidentiality requires that sensitive data is only accessible to authorised users. To construct a correct and secure computer (i.e., a trustworthy stack), this thesis focuses on the functional correctness and confidentiality of peripherals and pipelined processors using the HOL4 interactive theorem prover.For functional correctness, we use a refinement-based verification approach where the execution of a target system is constrained by a reference system. We have studied this for two different target systems, a synchronous serial peripheral interface (SPI) device along with its driver, and a 5-stage pipelined processor. Specifically, we formalise an SPI device and its driver, and present an abstract model as the reference system. The abstract model ensures correct communications in the SPI half- and full-duplex modes. The refinement between the abstract and SPI models is established using weak bisimulation. Secondly, we implement and verify a 5-stage in-order pipelined processor Silver-Pi for the RISC ISA Silver. The correctness of Silver-Pi is proved by exhibiting a refinement relation between the traces of the processor and the Silver ISA. Silver-Pi is implemented using the verified HOL4 Verilog library, which ensures the correctness of the processor down to its Verilog implementation. For the SPI case study, weak bisimulation ensures that the SPI model has the same information flows as the abstract model, which prevents malicious driver operations e.g., an infinite loop based on a secret value.In general, to prevent secret leaks caused by phenomena such as instruction pipelining and out-of-order (OoO) execution, the target and reference systems are augmented by observations that extract visible parts of the machine state to attackers. This allows a variety of information channels based on e.g. timing and cache access behaviour to be captured. As a security policy, we use the notion of conditional noninterference (CNI), which guarantees that a target system does not leak more information than what the reference system allows.In order to analyse the timing channel of Silver-Pi, the observation function extracts the parts of the ISA state that may affect the execution time of a program. With this reference system, we prove that Silver-Pi satisfies CNI.For OoO execution, we present the formalisation of a machine independent language, MIL, which uses a small set of primitive events to describe both in-order and OoO execution at a microarchitecture-like level. A notion of CNI in MIL rules out trace-driven cache side channels by comparing OoO and in-order execution of a program. We present a semi-automated verification strategy for CNI using the executable semantics and demonstrate this strategy with several examples. The executable semantics computes results and generates observations during the execution of MIL programs.