Formal Verification of Security Properties on RISC-V Processors

Abstract:
Hardware Security and trustworthiness are becoming ever more important, especially for security-critical applications like autonomous driving and service robots. With the increase in distribution of RISC-V processors, security issues in them arise. Security vulnerabilities and design flaws in processors can be exploited by attackers, e.g. by running software exploiting the vulnerabilities. This can lead to drastic consequences like damaging whole system functionality and even human lives can be endangered. Hence, it is very important to verify compliance of processors with the design specification and microarchitecture intent to harden the hardware against malicious attacks. Detection and removal of design bugs results in improved processor security. Therefore, we formally verified the security-critical functionality of a commercial RISC-V processor using model checking based formal verification with the verification tool Jasper, and give an overview about this work in this paper. To formally verify them, we determined and implemented a comprehensive list of properties for security-critical functionality, derived from RISC-V specification and processor microarchitecture intent. The properties cover the security-critical functionality within a RISC-V processor. With our verification experiments, we detected design bugs which have been confirmed by the design team.