Hardware-Software Leakage Contract Synthesis Toolchain

Background

Leakage contracts have been presented in Hardware-Software Contracts for Secure Speculation and allow to capture microarchitectural leakages through side channels at the ISA-level. While ideally a processor is designed with a specific contract in mind, correct leakage contracts rarely exist for existing microarchitectures.

This toolchain allows to generate a leakage contract candidate based on a set of testcases. These test cases are automatically generated and try to surface common leakages.

Every testcase is composed of two programs which are evaluated in parallel. The simulation shows whether the two programs are distinguishable by an adversary and using the simulation trace and the RISC-V Formal Interface, possible additions to the contract, i.e. a set of contract atoms, can be extracted.

Eventually, these results are used to synthesize a contract using Google OR-Tools.

Files overview

• riscv-contract-synthesis.zip: The main archive that contains all the necessary sources.
• results.zip: The complete results referenced in the paper.
• contractgen_docker_image.tar.gz: The docker image built from the Dockerfile provided in the sources. Use this image to avoid issues caused by changes to the dependencies.
• ibex-95b85ddd1c995ace9f89ee42530f9e24820c1051.zip: Sources of the Ibex core, downloaded from GitHub. Credits go to the original authors, please also refer to the included LICENSE file.
• cva6-853fb4bee5ca6e36e39dc3c272a97f49d95c3c1d.zip: Sources of the CVA6 core, downloaded from GitHub. Credits go to the original authors, please also refer to the included LICENSE file.
• cva6_submodules.zip: Sources of thesubmodules used for the cva6 core, downloaded from GitHub as linked in the .gitmodules file. Credits go to the original authors, please also refer to the included LICENSE file for each submodule.

Getting started

To get started, have a look at the main method of the ContractGen class in riscv-contract-synthesis.zip.

To start contract generation, use the provided docker-compose.yml in the resources directory or use the provided docker image.

Adding support for new microarchitectures

Support for a new microarchitecture requires only a few steps:

• Embed two instances of the core in a testbench and ensure that the insturctions can be loaded into memory. Take a look at the Ibex core integration for an up-to-date example.
• Implement the adversary model and provide its observations as signals to the adversary module.
• Provide a way to extract the architectural state e.g. the RISC-V Formal Interface.
• Implement the microarchitecture as a new class in Java and provide the required functionality to compile the testbench, simulate a testcase and extract possible observations from a trace.

Paper

This project was used in the paper "Synthesizing Hardware-Software Leakage Contracts for RISC-V Open-Source Processors"
by Gideon Mohr, Marco Guarnieri and Jan Reineke presented at DATE 2024.

A video presenting this paper is available on YouTube: https://youtu.be/12GmWUNCiIs

GitHub

The sources can also be found on GitHub