Security Verification Method Research Articles

Register transfer level hardware design information flow modeling and security verification method

Information flow analysis can effectively model the security behavior and security properties of hardware design. However, the existing gate level information flow analysis methods cannot deal with large-scale designs due to computing power and verification effectiveness, and the register transfer level (RTL) information flow analysis methods require formal languages to rewrite hardware designs. This paper proposes a RTL hardware design information flow modeling and security verification method. Based on the RTL functional model, this method develops an information flow tracking logical model to model security behavior and security properties of RTL hardware designs from the perspective of information flow. This method can be integrated into EDA flows and uses EDA testing and verification tools to capture security property violations and detect security vulnerabilities based on non-interference security policy. The results on experiments with Trust-Hub hardware Trojan benchmarks show that the proposed method can effectively detect hardware Trojans.

Hardware/software security co-verification and vulnerability detection: An information flow perspective

Security vulnerabilities provide attackers unauthorized access to critical resources and effective attack surfaces to compromise a system. Security verification is an emerging technique for detecting and locating such threats. However, existing security verification methods are typically restricted within the hardware or software boundary and incapable of meeting cross-layer verification requirements due to the differences in design semantics and the lack of a security model that fits both hardware and software. We attempt to address such a limitation from the perspective of information flow analysis and propose a hardware/software security co-verification method, which can check information flow security properties on fine-grained hardware information flow models. The proposed method can pinpoint security vulnerabilities by capturing information flow security property violations under clues of malicious information flows. Our information flow security model and properties are described using standard hardware design and verification languages, which allows our method to be seamlessly integrated with electronics design automation flows. Experimental results using RISC-V hardware/software designs show that the proposed method detects software, hardware and system-level security vulnerabilities, effectively.

Cryptographic core design security verification and vulnerability detection based on information flow analysis

Cryptographic cores are the key components to enforce information security properties related to confidentiality and integrity. Since the security of a cryptographic core implementation and the security of the cryptographic algorithm itself from the mathematical perspective are two different problems, cryptographic cores may contain hidden security vulnerabilities such as design flaws and side channels. Security analysis methods based on functional verification rely heavily on the quality of test vectors and usually have low test coverage, which is difficult to meet the security verification requirements of security-critical components like cryptographic cores. This work proposes a cryptographic core security verification and vulnerability detection method from the perspective of information flow security. The proposed method can accurately measure all logical information flows in cryptographic core designs to formally verify security properties such as confidentiality and integrity. It can detect potential security vulnerabilities in cryptographic implementations by capturing harmful information flows. Experimental results show that our information flow security verification method is effective in detecting sensitive information leakage caused by the design vulnerabilities and side channels in cryptographic cores.

Scrutinizing the Vulnerability of Ephemeral Diffie–Hellman over COSE (EDHOC) for IoT Environment Using Formal Approaches

Most existing conventional security mechanisms are insufficient, mainly attributable to their requirements for heavy processing capacity, large protocol message size, and longer round trips, for resource-intensive devices operating in an Internet of Things (IoT) context. These devices necessitate efficient communication and security protocols that are cognizant of the severe resource restrictions regarding energy, computation, communication, and storage. To realize this, the IETF (Internet Engineering Task Force) is currently working towards standardizing an ephemeral key-based lightweight and authenticated key exchange protocol called EDHOC (Ephemeral Diffie–Hellman over COSE). The protocol’s primary purpose is to build an OSCORE (Object Security for Constrained RESTful Environments) security environment by supplying crucial security properties such as secure key exchange, mutual authentication, perfect forward secrecy, and identity protection. EDHOC will most likely dominate IoT security once it becomes a standard. It is, therefore, imperative to inspect the protocol for any security flaw. In this regard, two previous studies have shown different security vulnerabilities of the protocol using formal security verification methods. Yet, both missed the vital security flaws we found in this paper: resource exhaustion and privacy attacks. In finding these vulnerabilities, we leveraged BAN-Logic and AVISPA to formally verify both EDHOC protocol variants. Consequently, we described these security flaws together with the results of the related studies and put forward recommended solutions as part of our future work.

CoCon: A Conference Management System with Formally Verified Document Confidentiality

We present a case study in formally verified security for realistic systems: the information flow security verification of the functional kernel of a web application, the CoCon conference management system. We use the Isabelle theorem prover to specify and verify fine-grained confidentiality properties, as well as complementary safety and “traceback” properties. The challenges posed by this development in terms of expressiveness have led to bounded-deducibility security, a novel security model and verification method generally applicable to systems describable as input/output automata.

Cost Sensitive Face Security Verification Based on Limited Expression-Pose Pattern Sparse Representation Model

Face security verification has been recognized as a cost sensitive classification problem. To deal with this problem, many cost sensitive classifiers have been proposed to alleviate the facial variation. However, no suficient attention is paid to the research on sparse representation cost sensitive face verification. In this paper, we proposed a coarse to find face security verification method, called cost sensitive face verification based on limited expression-pose pattern (CSFV_LEP) for security verification task. The main contributions of the proposed method are as follows: (1) a discrimination dictionary is established in a common way to discriminate whether visitor is an internal member; (2) a confirmation dictionary, which contains only limited expression-pose details, is used to confirm whether this is the correct classification. Meanwhile, we use adaptive weight matrix from similarity information to enhance the robustness of the two dictionaries. Experiments show that, the proposed method has high verifiable and ideal secure performance according to accuracy and efficiency, and contribute to reduce cost penalization during the sparse coding stages.

CBTC System Dynamic Data Security Verification Method

Communication based train control system as a train control system is designed to ensure driving safety, the system description and system function of the real environment is driven by different types of data. Data security is an important component part of CBTC system security, the dynamic data as interactive data within the system is more important influence on system safety, it is necessary to put forward the formal modeling for dynamic data security verification. This paper puts forward a kind of dynamic data security verification method for train control system based on UPPAAL. The unified modeling language (UML) is adopted to train control scene modeling analysis, through model transformation method to convert the UML sequence diagram to timed automata model, using UPPAAL validation tool for train control scenario simulation analysis, through dynamic data to meet security constraint conditions shows that the dynamic data security.

Measuring Security in Requirements Engineering

The aim of this paper is to measure the security and related verification method in requirements engineering (RE). There are a few existing approaches to measure RE performance like IEEE Software Requirements Specification (SRS) and Security Quality Requirements Engineering (SQUARE). However, these existing approaches have some limitations such as lack of flexibility and require long implementation period. In order to address these issues, this paper intends to propose a new set of tools. First is the Effective Security Check List (ESCL), which is a check list with security questions that should be considered for measuring security. Secondly, the Traceability Matrix(TM), which is a two dimensional matrix to measure security during RE. Thirdly, Requirement Engineering Assessment Document (READ), which is a tool containing all statistical information about security performance during RE. The combination of presented approaches had been implemented in a case study. The outcome results are encouraging and illustrated integrated outcomes within existing RE model. The security level had also been properly measured. DOI: http://dx.doi.org/10.11591/ij-ict.v1i2.695

Fast Information Security Verification Method and its Application in Electric Energy Management Terminal

Fast Information Security Verification Method and its Application in Electric Energy Management Terminal

An Efficient Security Verification Method for Programs with Stack Inspection

An Efficient Security Verification Method for Programs with Stack Inspection

Transformed phase mask and photoanisotropic material in optical correlators applied for security verification

A security verification method using a transform phase mask as an optical mark bonded to a document or some other object is pro- posed. This mask consists of separated and shifted fragments of a ref- erence phase mask. Both masks are entered into an optical correlator as input and reference images. We consider the model of autocorrelation peaks produced and of feature vectors formed in a classical joint trans- form correlator. We propose to use a reversible photoanisotropic mate- rial in the frequency domain of a joint transform correlator. We show that such a material can be used in optical security devices. The joint trans- form correlator experimental setup containing the photoanisotropic ma- terial is designed and the optimum exposures of material to produce autocorrelation peaks are found. © 1999 Society of Photo-Optical Instrumentation Engineers. (S0091-3286(99)01101-0)