Verifying RISC-V Physical Memory Protection

11/03/2022

∙

We formally verify an open-source hardware implementation of physical memory protection (PMP) in RISC-V, which is a standard feature used for memory isolation in security critical systems such as the Keystone trusted execution environment. PMP provides per-hardware-thread machine-mode control registers that specify the access privileges for physical memory regions. We first formalize the functional property of the PMP rules based on the RISC-V ISA manual. Then, we use the LIME tool to translate an open-source implementation of the PMP hardware module written in Chisel to the UCLID5 formal verification language. We encode the formal specification in UCLID5 and verify the functional correctness of the hardware. This is an initial effort towards verifying the Keystone framework, where the trusted computing base (TCB) relies on PMP to provide security guarantees such as integrity and confidentiality.

READ FULL TEXT

Verifying RISC-V Physical Memory Protection

FVCARE:Formal Verification of Security Primitives in Resilient Embedded SoCs

AutoSVA: Democratizing Formal Verification of RTL Module Interactions

Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing

Towards a Formally Verified Security Monitor for VM-based Confidential Computing

Runtime Verification of Linux Kernel Security Module

A Turning Point for Verified Spectre Sandboxing

Towards Formal Verification of a TPM Software Stack

Verifying RISC-V Physical Memory Protection

Related Research

FVCARE:Formal Verification of Security Primitives in Resilient Embedded SoCs

AutoSVA: Democratizing Formal Verification of RTL Module Interactions

Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing

Towards a Formally Verified Security Monitor for VM-based Confidential Computing

Runtime Verification of Linux Kernel Security Module

A Turning Point for Verified Spectre Sandboxing

Towards Formal Verification of a TPM Software Stack