Litcius/Paper detail

A Verification Methodology for the Arm® Confidential Computing Architecture: From a Secure Specification to Safe Implementations

Anthony Fox, Gareth Stockwell, Shale Xiong, Hanno Becker, Dominic P. Mulligan, Gustavo Petri, Nathan Chong

2023Proceedings of the ACM on Programming Languages17 citationsDOIOpen Access PDF

Abstract

We present Arm's efforts in verifying the specification and prototype reference implementation of the Realm Management Monitor (RMM), an essential firmware component of Arm Confidential Computing Architecture (Arm CCA), the recently-announced Confidential Computing technologies incorporated in the Armv9-A architecture. Arm CCA introduced the Realm Management Extension (RME), an architectural extension for Armv9-A, and a technology that will eventually be deployed in hundreds of millions of devices. Given the security-critical nature of the RMM, and its taxing threat model, we use a combination of interactive theorem proving, model checking, and concurrency-aware testing to validate and verify security and safety properties of both the specification and a prototype implementation of the RMM. Crucially, our verification efforts were, and are still being, developed and refined contemporaneously with active development of both specification and implementation, and have been adopted by Arm's product teams. We describe our major achievements, realized through the application of formal techniques, as well as challenges that remain for future work. We believe that the work reported in this paper is the most thorough application of formal techniques to the design and implementation of any current commercially-viable Confidential Computing implementation, setting a new high-water mark for work in this area.

Topics & Concepts

Computer scienceConfidentialityImplementationArchitectureConcurrencySoftware engineeringFirmwareComputer securityEmbedded systemDistributed computingOperating systemVisual artsArtSecurity and Verification in ComputingAdvanced Malware Detection TechniquesDistributed systems and fault tolerance