muCFI: Formal Verification of Microarchitectural Control-flow Integrity

What is it about?

Microarchitectural Control-flow Integrity is a new security property that enforces the integrity of the microarchitectural control flow which we define as cycle-granular valuations of the Program Counter (PC). Formal verification of muCFI proves that instructions do not leak data via hardware timing side channels and do not manipulate the architectural control flow via vulnerabilities in the microarchitectural implementation. Our verification methodology combines information flow tracking with formal verification to prove whether operand data can affect the Program Counter (PC) value or update time. Microarchitectural control-flow integrity is the first formal information flow tracking based work that got CVEs (e.g., CVE-2024-44927, CVE-2023-51973, CVE-2023-51974 and CVE-2024-28365) for its newly discovered vulnerabilities in open-source CPUs.

Featured Image

Photo by Brian Kostiuk on Unsplash

Photo by Brian Kostiuk on Unsplash

Why is it important?

Software security measures often assume that the hardware functions as specified and is secure. However, hardware vulnerabilities may undermine software security principles, such as constant time (CT) or control-flow integrity (CFI). Data-dependent execution time of instructions can leak secret operand values. An information flow from the operand data to the program counter indicates such a leakage. Furthermore, if such a flow exists and attacker-controlled data is passed to an instruction, an attacker can hijack the software control flow. Many instructions could be formally proven to satisfy microarchitectural control-flow integrity. We also discovered several severe vulnerabilities. Most notably, a CT violation and register data leakage (CVE-2024-28365) on the Ibex CPU (affecting all configurations), which is used in the OpenTitan root-of-trust. This bug has been fixed after our report with PR2166.

Perspectives