Verified Hardware/Software Co-Assurance: Enhancing Safety and Security for Critical Systems
Experienced developers of safety-critical and security-critical systems have long emphasized the importance of applying the highest degree of scrutiny to a system's I/O boundaries. From a safety perspective, input validation is a traditional "best practice." For security-critical arch...
Saved in:
| Published in | Annual IEEE Systems Conference pp. 1 - 6 |
|---|---|
| Main Author | |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
24.08.2020
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Experienced developers of safety-critical and security-critical systems have long emphasized the importance of applying the highest degree of scrutiny to a system's I/O boundaries. From a safety perspective, input validation is a traditional "best practice." For security-critical architecture and design, identification of the attack surface has emerged as a primary analysis technique. One of our current research focus areas concerns the identification of and mitigation against attacks along that surface, using mathematically-based tools. We are motivated in these efforts by emerging application areas, such as assured autonomy, that feature a high degree of network connectivity, require sophisticated algorithms and data structures, are subject to stringent accreditation/certification, and encourage hardware/software co-design approaches. We have conducted several experiments employing a state-of-the-art toolchain, due to Russinoff and O'Leary, and originally designed for use in floating-point hardware verification, to determine its suitability for the creation of safety-critical/security-critical input filters. We focus first on software implementation, but extending to hardware as well as hardware/software co-designs. We have implemented a high-assurance filter for JSON-formatted data used in an Unmanned Aerial Vehicle (UAV) application. Our JSON filter is built using a table-driven lexer/parser, supported by mathematically-proven lexer and parser table generation technology, as well as verified data structures. Filter behavior is expressed in a subset of Algorithmic C, which defines a set of C++ header files providing support for hardware design, including the peculiar bit widths utilized in that discipline, and enables compilation to both hardware and software platforms. The Russinoff-O'Leary Restricted Algorithmic C (RAC) toolchain translates Algorithmic C source to the Common Lisp subset supported by the ACL2 theorem prover; once in ACL2, filter behavior can be mathematically verified. We describe how we utilize RAC to translate our JSON filter to ACL2, present proofs of correctness for its associated data types, and describe validation and performance results obtained through the use of concrete test vectors. |
|---|---|
| AbstractList | Experienced developers of safety-critical and security-critical systems have long emphasized the importance of applying the highest degree of scrutiny to a system's I/O boundaries. From a safety perspective, input validation is a traditional "best practice." For security-critical architecture and design, identification of the attack surface has emerged as a primary analysis technique. One of our current research focus areas concerns the identification of and mitigation against attacks along that surface, using mathematically-based tools. We are motivated in these efforts by emerging application areas, such as assured autonomy, that feature a high degree of network connectivity, require sophisticated algorithms and data structures, are subject to stringent accreditation/certification, and encourage hardware/software co-design approaches. We have conducted several experiments employing a state-of-the-art toolchain, due to Russinoff and O'Leary, and originally designed for use in floating-point hardware verification, to determine its suitability for the creation of safety-critical/security-critical input filters. We focus first on software implementation, but extending to hardware as well as hardware/software co-designs. We have implemented a high-assurance filter for JSON-formatted data used in an Unmanned Aerial Vehicle (UAV) application. Our JSON filter is built using a table-driven lexer/parser, supported by mathematically-proven lexer and parser table generation technology, as well as verified data structures. Filter behavior is expressed in a subset of Algorithmic C, which defines a set of C++ header files providing support for hardware design, including the peculiar bit widths utilized in that discipline, and enables compilation to both hardware and software platforms. The Russinoff-O'Leary Restricted Algorithmic C (RAC) toolchain translates Algorithmic C source to the Common Lisp subset supported by the ACL2 theorem prover; once in ACL2, filter behavior can be mathematically verified. We describe how we utilize RAC to translate our JSON filter to ACL2, present proofs of correctness for its associated data types, and describe validation and performance results obtained through the use of concrete test vectors. |
| Author | Hardin, David S. |
| Author_xml | – sequence: 1 givenname: David S. surname: Hardin fullname: Hardin, David S. email: david.hardin@collins.com organization: Collins Aerospace,Trusted Systems Group |
| BookMark | eNotkMFOwzAQRA0CCSj9Ai7-gbRrO7FjblVUKFIlDgEuHKqtswaj1kF2KtS_J4ie5s3laTQ37CL2kRjjAmZCgJ23x9z0sTTa2JkECTOralErccam1tTCyFpUSldwzq5laWRhdWmu2DTnLwAQWmhlxTV7f6MUfKCOrzB1P5ho3vZ--APe9MUi50PC6OieL-PnCCF-8BY9DUeOseMtuUMKY_F94s1IweGOj9MG2udbdulxl2l6ygl7fVi-NKti_fz41CzWRZCghqKr0KqqrgFcCa5zlUdjLXZGGK9rASWRqEwnSzRb5xCqLYL1mqj0xgn0asLu_r2BiDbfKewxHTenO9Qv7tJYkg |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/SysCon47679.2020.9381831 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE/IET Electronic Library url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISBN | 9781728153650 1728153654 |
| EISSN | 2472-9647 |
| EndPage | 6 |
| ExternalDocumentID | 9381831 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: Advanced Research Projects Agency funderid: 10.13039/100009224 |
| GroupedDBID | 6IE 6IF 6IK 6IL 6IN AAJGR AAWTH ABLEC ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI OCL RIE RIL RNS |
| ID | FETCH-LOGICAL-i203t-d5a9358800c40cdc5fa799ad717f68104ee157d24a7bcca05ba09f6ee4f7c1af3 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 02:45:38 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i203t-d5a9358800c40cdc5fa799ad717f68104ee157d24a7bcca05ba09f6ee4f7c1af3 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_9381831 |
| PublicationCentury | 2000 |
| PublicationDate | 2020-Aug.-24 |
| PublicationDateYYYYMMDD | 2020-08-24 |
| PublicationDate_xml | – month: 08 year: 2020 text: 2020-Aug.-24 day: 24 |
| PublicationDecade | 2020 |
| PublicationTitle | Annual IEEE Systems Conference |
| PublicationTitleAbbrev | SysCon |
| PublicationYear | 2020 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0001616391 |
| Score | 1.781727 |
| Snippet | Experienced developers of safety-critical and security-critical systems have long emphasized the importance of applying the highest degree of scrutiny to a... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Data structures Filtering algorithms Hardware Safety Software Software algorithms Unmanned aerial vehicles |
| Title | Verified Hardware/Software Co-Assurance: Enhancing Safety and Security for Critical Systems |
| URI | https://ieeexplore.ieee.org/document/9381831 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3NS8MwFA9zJ734sYnf5ODRbmmTtovXsTGEiVAnAw8jaV5UhFZmi8y_3peu21Q8eHsEAuE9yPv8_R4hlwxCDQrTEsENJijoZD0VSUxWekxby5Xk4ADO49toNBE303DaIFdrLAwAVMNn0HFi1cs3eVq6UllXOvfiQNNbmLgtsVqbekqEkYX0V8M6THaTxXs_z0QcxQ6QErBOff3HHpXKjQx3yXj1gOX0yGunLHQn_fzFzfjfF-6R9gawR-_WrmifNCA7IDvfuAZb5PEBBYsBJ3XN-g81h26CX7ATaD_30Eyl27EB13SQPTsSjuyJJspCsaAqMzSp99xRDHLpaj8CrfnO22QyHNz3R169WcF7CRgvPBMq1__EYDEVLDVpaFUspTKY21lHUCYA_DA2gVCxRhOzUCsmbQQgbJz6yvJD0szyDI5Q25FQOvW55RpQ10L7PA1MGGpjA9lj5pi0nJpmb0vyjFmtoZO_j0_JtjOVK9oG4ow0i3kJ5-j1C31RmfsLYUWuUg |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LTwIxEG4IHtSLDzC-7cGjC93ddpd6JRBUICaAIfFA2u1UjclicInBX-8UFlDjwdukh6aZSTrP7xtCLhkIDQrTEh4aTFDQyXoqkpis1Ji2NlQyBAdw7nSj1oDfDsWwQK5WWBgAmA-fQcWJ816-GSdTVyqrSudeHGh6A_2-8BdorXVFJcLYQvrLcR0mq73Ze32c8jiKHSQlYJX8gh-bVOaOpLlDOssnLOZHXivTTFeSz1_sjP994y4pryF79H7ljPZIAdJ9sv2NbbBEHh9QsBhyUteu_1ATqPbwE3YCrY89NNTUbdmAa9pInx0NR_pEe8pCNqMqNbSXb7qjGObS5YYEmjOel8mg2ejXW16-W8F7CViYeUYo1wHFcDHhLDGJsCqWUhnM7qyjKOMAvohNwFWs0chMaMWkjQC4jRNf2fCAFNNxCoeo7YgrnfihDTWgrrn2wyQwQmhjA1lj5oiUnJpGbwv6jFGuoeO_jy_IZqvfaY_aN927E7LlzOZKuAE_JcVsMoUzjAEyfT43_RemabGb |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Annual+IEEE+Systems+Conference&rft.atitle=Verified+Hardware%2FSoftware+Co-Assurance%3A+Enhancing+Safety+and+Security+for+Critical+Systems&rft.au=Hardin%2C+David+S.&rft.date=2020-08-24&rft.pub=IEEE&rft.eissn=2472-9647&rft.spage=1&rft.epage=6&rft_id=info:doi/10.1109%2FSysCon47679.2020.9381831&rft.externalDocID=9381831 |