Formally Modeling A Security Monitor For Virtual Machine-Based Confidential Computing Systems (IBM)


A technical paper titled “Towards a Formally Verified Security Monitor for VM-based Confidential Computing” was published by researchers at IBM Research and IBM T.J. Watson Research Center.


“Confidential computing is a key technology for isolating high-assurance applications from the large amounts of untrusted code typical in modern systems. Existing confidential computing systems cannot be certified for use in critical applications, like systems controlling critical infrastructure, hardware security modules, or aircraft, as they lack formal verification.

This paper presents an approach to formally modeling and proving a security monitor. It introduces a canonical architecture for virtual machine (VM)-based confidential computing systems. It abstracts processor-specific components and identifies a minimal set of hardware primitives required by a trusted security monitor to enforce security guarantees. We demonstrate our methodology and proposed approach with an example from our Rust implementation of the security monitor for RISC-V.”

Find the technical paper here. Published August 2023 (preprint).

Ozga, Wojciech, Guerney DH Hunt, Michael V. Le, Elaine R. Palmer, and Avraham Shinnar. “Towards a Formally Verified Security Monitor for VM-based Confidential Computing.” arXiv preprint arXiv:2308.10249 (2023).

Related Reading
New Concepts Required For Security Verification
Why it’s so difficult to ensure that hardware works correctly and is capable of detecting vulnerabilities that may show up in the field.
RISC-V Driving New Verification Concepts
Doing what has been done in the past only gets you so far, but RISC-V is causing some aspects of verification to be fundamentally rethought.


Leave a Reply

(Note: This name will be displayed publicly)