Microarchitectural vulnerabilities originate from disparities between software assumptions regarding hardware behavior and the actual functioning of the underlying hardware. Transient execution vulnerabilities are prominent reflections of this gap that stem from the extensive speculation implemented in modern high-performance microprocessors. Identifying all possible vulnerabilities in complex designs is very challenging. One of the challenges stems from the lack of visibility into the transient micro-architectural state of the processor. Prior work has used covert channels to identify data leakage from transient state, which limits the systematic discovery of all potential leakage sources.

In this thesis, we present three pre-silicon security verification frameworks that use register transfer level (RTL) simulations to provide unprecedented visibility into the micro-architectural state of the processor, while running software of interest for verification.

IntroSpectre is a framework for early discovery of transient execution vulnerabilities. IntroSpectre addresses the lack of visibility into the microarchitectural processor state by integrating into the register transfer level (RTL) design flow, gaining full access to the internal state of the processor. Full visibility into the processor state enables IntroSpectre to perform a systematic leakage analysis that includes all micro-architectural structures, allowing it to identify potential leakage that may not be reachable with known side channels. We implement IntroSpectre on an RTL simulator and use it to perform transient leakage analysis on the RISC-V BOOM processor. We identify multiple transient leakage scenarios, most of which had not been highlighted on this processor design before.

While microarchitectural vulnerabilities are typically more challenging to exploit than purely software-based bugs, their increasing prevalence in recent security publications is a significant concern, particularly in multi-tenant environments. With the widespread adoption of cloud systems in recent years, there is a growing concern regarding the security and privacy of users who share the same hardware platform. To address this, hardware manufacturers and cloud providers have come together to introduce trusted execution environments (TEE) which are hardware extensions that provide security guarantees for applications running on untrusted operating systems. The security of TEEs is threatened by a variety of microarchitectural vulnerabilities, which have led to a large number of demonstrated attacks. While various solutions for verifying the correctness and security of TEE designs have been proposed, they generally do not extend to jointly verifying the security of the underlying microarchitecture. Our second framework, TEESec, is aimed at discovering microarchitectural vulnerabilities in the context of trusted execution environments. TEESec is designed to jointly and systematically test the TEE and underlying microarchitecture against data and metadata leakage across isolation boundaries. We implement TEESec in the Chipyard framework and evaluate it on two open-source RISC-V out-of-order processors running the Keystone TEE. Using TEESec we uncover 10 distinct vulnerabilities in these processors that violate TEE security principles and could lead to leakage of enclave secrets.

Microarchitectural vulnerabilities can be exploited in various ways, with timing side-channels being a common attack vector. Constant-time programming is a principal line of defense against timing side-channel attacks. It involves hardening software in such a manner that execution time is uncorrelated to sensitive data values, and is now broadly employed in most cryptography and other security critical kernels. However, constant-time programming relies on necessary assumptions about the underlying microarchitectural implementation, which are frequently incorrect or incomplete, leading to exploits. Consequently, devising methodologies for joint leakage detection in high assurance applications, compiler optimizations and microarchitectural implementations is an increasingly important problem. The third framework, MicroSampler, is a dynamic leakage detection framework to identify secret-dependent microarchitectural behavior that can lead to side-channel leakage in security critical software. MicroSampler runs the constant-time code to be verified on a cycle accurate register-transfer level (RTL) simulation of the target system and builds a comprehensive and detailed representation of microarchitectural state captured at cycle granularity. MicroSampler then uses statistical analysis to measure any existing association between microarchitectural state and data values that are identified as sensitive (e.g. encryption keys). We show MicroSampler is able to reveal vulnerabilities in diverse cases where the vulnerabilities originate in the algorithm design, compiler optimizations or microarchitectural implementation.