Hardware (HW) security issues have been emerging at an alarming rate in
recent years. Transient execution attacks, in particular, pose a genuine threat
to the security of modern computing systems. Despite recent advances,
understanding the intricate implications of microarchitectural design decisions
on processor security remains a great challenge and has caused a number of
update cycles in the past. number of update cycles in the past. This papers
addresses the need for a new approach to HW sign-off verification which
guarantees the security of processors at the Register Transfer Level (RTL). To
this end, we introduce a formal definition of security with respect to
transient execution attacks, formulated as a HW property. We present a formal
proof methodology based on Unique Program Execution Checking (UPEC) which can
be used to systematically detect all vulnerabilities to transient execution
attacks in RTL designs. UPEC does not exploit any a priori knowledge on known
attacks and can therefore detect also vulnerabilities based on new, so far
unknown, types of channels. This is demonstrated by two new attack scenarios
discovered in our experiments with UPEC. UPEC scales to a wide range of HW
designs, including in-order processors (RocketChip), pipelines with
out-of-order writeback (Ariane), and processors with deep out-of-order
speculative execution (BOOM). To the best of our knowledge, UPEC is the first
RTL verification technique that exhaustively covers transient execution side
channels in processors of realistic complexity.

By admin