# Unique Program Execution Checking: Formal Security Guarantees for RISC-V Systems

Alex Wezel<sup>1</sup>, Lucas Deutschmann<sup>1</sup>, Tobias Jauch<sup>1</sup>, Dino Mehmedagić<sup>1</sup>, Johannes Müller<sup>1</sup>, Mohamed Ali<sup>1</sup>, Anna Lena Duque Antón¹, Philipp Schmitz¹, Mohammad Rahmani Fadiheh², Dominik Stoffel¹, Wolfgang Kunz¹ <sup>1</sup>RPTU Kaiserslautern-Landau, Germany; <sup>2</sup>Stanford University, USA

#### Motivation

Discovery of Meltdown and Spectre sparked interest in hardware security





- Industry and academia found various vulnerabilities
- Need for exhaustive security guarantees



## Unique Program Execution Checking

UPEC exhaustively detects all propagation of information from or to critical locations in a given RTL design:

- Possible leakage of confidential information
- Malicious interference with protected data (integrity)

UPEC proves that a system executes uniquely w.r.t. the signals of interest called Source of Discrepancy (SoD)

#### Computational Model

- Duplicate the DUV to construct a miter circuit
- Choose the Source of Discrepancy (SoD) to determine which signals should be observed
- Since the SoD is the only difference between the two DUVs, all resulting differences originate from the SoD



## Generic UPEC Property

```
assume:
                          S_1 \setminus SoD == S_2 \setminus SoD;
  at t:
  during[t, t+k]: I_1 \setminus SoD == I_2 \setminus SoD;
                          threat model();
  at t:
prove:
  during[t, t+k]: S_1 \setminus SoD == S_2 \setminus SoD;
  during[t, t+k]: O_1 == O_2;
```

- Prove the property and inspect counterexamples
- Harmless propagation → refine SoD
- Propagation violating security -> apply appropriate mitigation
- Repeat until no more counterexample appears
- DUV is guaranteed to be secure w.r.t. the threat model

### Case Studies

- ✓ UPEC exhaustively verifies confidentiality even in deep out-of-order pipelines and entire SoCs
- ✓ UPEC detects data-dependent timing in accelerators and qualifies individual instructions in a processor as data-oblivious
- ✓ UPEC guarantees system integrity for integration of untrusted 3<sup>rd</sup>-Party-IPs in SoCs

| Security Target                  | DUV        | Detected Vulnerabilities                                 | Reference |
|----------------------------------|------------|----------------------------------------------------------|-----------|
| Transient-Execution-<br>Attacks  | BOOM       | Multiple Spectre variants, Meltdown                      |           |
| Data-Independent-<br>Timing      | Ibex       | Timing dependency for misaligned memory accesses         |           |
| Functional Security Bugs in SoCs | Pulpissimo | Confused deputy attack using an accelerator ignoring PMP |           |
| Operation Integrity in SoCs      | OpenTitan  | Denial-of-Service attack using an untrusted IP           |           |

# Summary

- ✓ UPEC is a scalable methodology for exhaustively detecting malicious information flows
- ✓ Independent of functional correctness of the DUV
- ✓ Case studies show the versatility of UPEC and its easy adaptibility to different threat models
- ✓ UPEC enables to provide a hardware root of trust for higher levels of the system stack

# Publications

- Mohammad Rahmani Fadiheh, Alex Wezel, Johannes Müller, Jörg Bormann, Sayak Ray, Jason M. Fung, Subhasish Mitra, Dominik Stoffel, Wolfgang Kunz. An Exhaustive Approach to Detecting Transient Execution Side Channels in RTL Designs of Processors, IEEE Transactions on Computers, 2023
- Tobias Jauch, Alex Wezel, Mohammad R. Fadiheh, Philipp Schmitz, Sayak Ray, Jason M. Fung, Christopher W. Fletcher, Dominik Stoffel, and Wolfgang Kunz. Secure-by-Construction Design Methodology for CPUs: Implementing Secure Speculation on the RTL, IEEE/ACM International Conference on Computer-Aided Design, 2023
- Lucas Deutschmann, Johannes Müller, Mohammad R. Fadiheh, Dominik Stoffel, Wolfgang Kunz. A Scalable Formal Verification Methodology for Data-Oblivious Hardware, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2024
- Johannes Müller, Mohammad Rahmani Fadiheh, Anna Lena Duque Antón, Thomas Eisenbarth, Dominik Stoffel, Wolfgang Kunz. A Formal Approach to Confidentiality Verification in SoCs at the Register Transfer Level, ACM/IEEE Design Automation Conference, 2021
- Dino Mehmedagic, Mohammad Rahmani Fadiheh, Johannes Müller, Anna Lena Duque Antón, Dominik Stoffel, Wolfgang Kunz. Design of Access Control Mechanisms in Systems-on-Chip with Formal Integrity Guarantees, USENIX Security Conference, 2023



