SpecCert: Specifying and Verifying Hardware-Based Security Enforcement

  • Thomas LetanEmail author
  • Pierre Chifflier
  • Guillaume Hiet
  • Pierre Néron
  • Benjamin Morin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9995)


Over time, hardware designs have constantly grown in complexity and modern platforms involve multiple interconnected hardware components. During the last decade, several vulnerability disclosures have proven that trust in hardware can be misplaced. In this article, we give a formal definition of Hardware-based Security Enforcement (HSE) mechanisms, a class of security enforcement mechanisms such that a software component relies on the underlying hardware platform to enforce a security policy. We then model a subset of a x86-based hardware platform specifications and we prove the soundness of a realistic HSE mechanism within this model using Coq, a proof assistant system.


Security Policy Software Component Computing Platform Hardware Architecture Cache Line 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Barthe, G., Betarte, G., Campo, J.D., Luna, C.: Formally verifying isolation and availability in an idealized model of virtualization. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 231–245. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21437-0_19 CrossRefGoogle Scholar
  2. 2.
    Barthe, G., Betarte, G., Campo, J.D., Luna, C.: Cache-leakage resilient OS isolation in an idealized model of virtualization. In: 2012 IEEE 25th Computer Security Foundations Symposium (CSF), pp. 186–197. IEEE (2012)Google Scholar
  3. 3.
    Barthe, G., Betarte, G., Campo, J.D., Luna, C., Pichardie, D.: System-level non-interference for constant-time cryptography. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1267–1279. ACM (2014)Google Scholar
  4. 4.
    Basin, D., Jugé, V., Klaedtke, F., Zălinescu, E.: Enforceable security policies revisited. ACM Trans. Inf. Syst. Secur. (TISSEC) 16(1), 3 (2013)CrossRefzbMATHGoogle Scholar
  5. 5.
    Kallenberg, C., Cornwell, S., Kovah, X., Butterworth, J.: Setup for failure: defeating secure boot. In: The Symposium on Security for Asia Network (SyScan) (April 2014)Google Scholar
  6. 6.
    Domas, C.: The memory sinkhole. In: BlackHat USA, July 2015Google Scholar
  7. 7.
    Drzevitzky, S.: Proof-carrying hardware: runtime formal verification for secure dynamic reconfiguration. In: 2010 International Conference on Field Programmable Logic and Applications (FPL), pp. 255–258. IEEE (2010)Google Scholar
  8. 8.
    Guo, X., Dutta, R.G., Mishra, P., Jin, Y.: Scalable SoC trust verification using integrated theorem proving and model checking. In: IEEE Symposium on Hardware Oriented Security and Trust, pp. 124–129 (2016)Google Scholar
  9. 9.
    Intel: CHIPSEC: Platform Security Assessment Framework.
  10. 10.
    Intel: Desktop 4th Generation Intel Core Processor Family, Desktop Intel Pentium Processor Family, and Desktop Intel Celeron Processor FamilyGoogle Scholar
  11. 11.
    Intel: Intel 5100 Memory Controller Hub ChipsetGoogle Scholar
  12. 12.
    Intel: Intel 64 and IA32 Architectures Software Developer ManualGoogle Scholar
  13. 13.
    Intel: Intel Trusted Execution Technology (Intel TXT), July 2015Google Scholar
  14. 14.
    Kallenberg, C., Wojtczuk, R.: Speed racer: exploiting an Intel flash protection race condition, 6 January 2015Google Scholar
  15. 15.
    Kennedy, A., Benton, N., Jensen, J.B., Dagand, P.E.: Coq: the world’s best macro assembler? In: Proceedings of the 15th Symposium on Principles and Practice of Declarative Programming, pp. 13–24. ACM (2013)Google Scholar
  16. 16.
    Letan, T., Hiet, G., Chifflier, P., Néron, P., Morin, B.: SpecCert: specifying and verifying hardware-based security enforcement. Technical report, CentraleSupélec; Agence Nationale de Sécurité des Systèmes d’Information (2016). Google Scholar
  17. 17.
    Lie, D., Mitchell, J., Thekkath, C., Horowitz, M., et al.: Specifying and verifying hardware for tamper-resistant software. In: Proceedings of 2003 Symposium on Security and Privacy, 2003, pp. 166–177. IEEE (2003)Google Scholar
  18. 18.
    Duflot, L., Levillain, O., Morin, B., Grumelard, O.: Getting into the SMRAM: SMM reloaded CanSecWest (March 2009)Google Scholar
  19. 19.
    Love, E., Jin, Y., Makris, Y.: Proof-carrying hardware intellectual property: a pathway to trusted module acquisition. IEEE Trans. Inf. Forensics Secur. 7(1), 25–40 (2012)CrossRefGoogle Scholar
  20. 20.
    Makris, Y.: Trusted module acquisition through proof-carrying hardware intellectual property. Technical report (2015)Google Scholar
  21. 21.
    Morrisett, G., Tan, G., Tassarotti, J., Tristan, J.B., Gan, E.: Rocksalt: better, faster, stronger SFI for the x86. ACM SIGPLAN Not. 47, 395–404 (2012). ACMCrossRefGoogle Scholar
  22. 22.
    Wojtczuk, R., Rutkowska, J.: Attacking intel TXT via SINIT code execution hijacking. In: Black Hat DC Conference (February 2009)Google Scholar
  23. 23.
    Wojtczuk, R., Rutkowska, J.: Attacking SMM memory via intel CPU cache poisoning (March 2009)Google Scholar
  24. 24.
    Rutkowska, J., Wojtczuk, R.: Preventing and detecting Xen hypervisor subversions. In: Blackhat Briefings USA (2008)Google Scholar
  25. 25.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(1), 30–50 (2000)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Sewell, P., Sarkar, S., Owens, S., Nardelli, F.Z., Myreen, M.O.: x86-tso: a rigorous and usable programmer’s model for x86 multiprocessors. Commun. ACM 53(7), 89–97 (2010)CrossRefGoogle Scholar
  27. 27.
    Bulygin, Y., Loucaides, J., Furtak, A., Bazhaniuk, O., Matrosov, A.: Summary of Attacks Against BIOS and Secure Boot, def Con 22 (August 2014)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Thomas Letan
    • 1
    • 2
    Email author
  • Pierre Chifflier
    • 1
  • Guillaume Hiet
    • 2
  • Pierre Néron
    • 1
  • Benjamin Morin
    • 1
  1. 1.French Network Information Security Agency (ANSSI)ParisFrance
  2. 2.CIDRE – Inria, IRISA, CentraleSupélecRennesFrance

Personalised recommendations