A master thesis from Aalborg University
Formally Verifying the Correctness and Safety of OpenTitan Boot Code using CBMC
[Formel Verifikation af Korrektheden og Sikkerheden af OpenTitan Boot Code ved brug af CBMC]
Author(s)
Term
4. term
Education
Publication year
2021
Submitted on
2021-06-16
Pages
124 pages
Abstract
The correctness and safety of heavily relied upon software is crucial. OpenTitan is an open-source silicon root-of-trust project. Based on an extensive analysis of the OpenTitan project, we, together with SV106f21, developed C code that corresponds to the initial boot stage of OpenTitan. CBMC is a bounded model checker for ANSI-C verification. We verify numerous safety properties for the developed boot code using CBMC. In addition, we propose an overview of the CBMC architecture and theory as well as a structured approach to verify C code using CBMC. We use CBMC nondeterminism to create a C model of the boot code's hardware environment. In total, we verified that the developed boot code adheres to all 11 security properties, with most of them being derived from security goals from our previous work. We also further investigate the safety of the boot code by modeling various hardware attacks and verify for their implication. We discover that the current implementation is vulnerable to attacks on flash, ROM, and the OpenTitan Big Number Accelerator, with the consequence of either executing malicious code or crashing.
Documents
Colophon: This page is part of the AAU Student Projects portal, which is run by Aalborg University. Here, you can find and download publicly available bachelor's theses and master's projects from across the university dating from 2008 onwards. Student projects from before 2008 are available in printed form at Aalborg University Library.
If you have any questions about AAU Student Projects or the research registration, dissemination and analysis at Aalborg University, please feel free to contact the VBN team. You can also find more information in the AAU Student Projects FAQs.