API tools faq
paste
Advertisement
Guest User

List of ways to find side channels in hardware/software 1

a guest
Jan 8th, 2018
1,573
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.08 KB | None | 0 0
raw download clone embed print report
  1. Prior Work in Finding Information-Flow Violations in Hardware and/or Software (Jan 2018)
  2.  
  3. I'm throwing this list together for anyone curious about how people are tackling these issues in CompSci and/or industry. Didn't have much time for revision. So, hopefully there's not much redundancy or something off-topic in here. A few are definitely good: I read them a few times starting when they were published. They're really getting to the fundamentals with some of this stuff plus creating tight integration between what's stated about hardware and software.
  4.  
  5. Here's a commercialized one:
  6. http://www.ccs.neu.edu/home/pete/acl206/slides/hardin.pdf
  7.  
  8. Formal verification of specs, microcode, and security policy they hold in ACL2. Part of that is embedding a separation kernel a la MILS or SKPP model. It also has triplicated registers for fault-tolerance. Then, they integrate high-level languages like SPARK and microCryptol with that using certified compilers or equivalence checking.
  9.  
  10. Here's some examples from CompSci work:
  11.  
  12. https://eprint.iacr.org/2016/846.pdf
  13.  
  14. http://users.ece.utexas.edu/~tiwari/pubs/tiwari-dissertation.pdf
  15.  
  16. http://cs.ucsb.edu/~sherwood/glift/
  17.  
  18. http://ieeexplore.ieee.org/document/7927266/
  19.  
  20. http://www.eecs.ucf.edu/~jinyier/papers/VTS12.pdf
  21.  
  22. http://www.cse.psu.edu/~dbz5017/pub/asplos17.pdf
  23.  
  24. Just also found a super-old one that tries to do it with capability-based mechanisms.
  25.  
  26. https://dl.acm.org/citation.cfm?id=803030
  27.  
  28. Most hardware work in information-flow analysis and control is currently focused on making hardware that controls bad software. I don't think most of them consider a CPU failure. If anything, they might be more vulnerable from a practical strategy of trying to reuse existing cores by making info-flow components that operate side-by-side with them. Here's an example from that area, though, since they could be modified to address recent concerns.
  29.  
  30. http://www.crash-safe.org/assets/verified-ifc-popl2014.pdf
  31.  
  32. http://csl.stanford.edu/~christos/publications/2010.hari_kannan.phd_thesis.slides.pdf
  33.  
  34. Nick P.
  35. Security Engineer/Researcher
  36. (High-assurance focus)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!