Formalizing, Verifying and Applying ISA Security Guarantees as Universal Contracts

ERC (European Research Council)HORIZON-ERCID: 101040088
EC Contribution
€15,000
Consortium Size
1 orgs
Start Year
2022
Summary

The Instruction Set Architecture (ISA) is the interface that processor hardware offers to software developers. Current ISAs do not explicitly specify the security properties guaranteed by that interface, so that, for example, recent severe micro-architectural side-channel vulnerabilities like Spectre did not even violate the specifications. This project proposes a fundamentally new approach to specify ISA security properties by using what we call universal contracts. These are formal contracts in a compositional program logic that automatically hold for arbitrary code. Such contracts capture ISA-enforced upper bounds on the effects of arbitrary (even attacker-controlled) software. While this approach is widely different from traditional specifications, the approach looks extremely promising: universal contracts can be applied to general security primitives, mechanically verified against the ISA's operational semantics and they make it possible to obtain full-system security proofs by manually verifying only the trusted code of a sytem.In this project, we will contribute reusable techniques and tools for applying universal contracts in realistic ISAs. To this end, we will (1) design, prove and evaluate universal contracts for ISAs with state-of-practice security primitives, (2) develop semi-automation machinery for verifying universal contracts of ISAs, (3) extend universal contracts to deal with semantic complications like concurrency or micro-architectural side-channels and (4) design, implement and evaluate techniques which facilitate the construction of trusted software that relies on universal contracts, particularly assembly-level reasoning support and secure compilers. If successful, the project has the potential to fundamentally improve the security foundations of all software-based systems, by (1) clearly dividing the security responsibilities between hardware and software developers and (2) enabling scalable, rigorous, full-system security proofs.

Consortium (1)

Project Results (6)

Source: CORDIS, the EU research results database.

Publications (5)
Journal of the ACM
Journal of the ACM· 2024DOI
Aïna Linn Georges; Armaël Guéneau; Thomas Van Strydonck; Amin Timany; Alix Trieu; Dominique Devriese; Lars Birkedal
Type Inference Logics
Proceedings of the ACM on Programming Languages· 2024DOI
Denis Carnier, François Pottier, Steven Keuchel
CHERI-TrEE: Flexible enclaves on capability machines
IEEE European Symposium on Security and Privacy (EuroS&P)· 2023DOI
Van Strydonck, Thomas; Noorman, Job; Jackson, Jennifer; Alves Dias, Leonardo; Vanderstraeten, Robin; Oswald, David; Piessens, Frank; Devriese, Dominique
Formalizing, Verifying and Applying ISA Security Guarantees as Universal Contracts
ACM Conference on Computer and Communications Security (CCS)· 2023DOI
Sander Huyghebaert; Steven Keuchel; Coen De Roover; Dominique Devriese
Goose: an OCaml environment for quantum computing
JFLA 2023 - 34èmes Journées Francophones des Langages Applicatifs· 2023
Carnier, Denis; Correnson, Arthur; McNally, Christopher; Moawad, Youssef
Deliverables (1)
Data Management Plan