Verifying Components of Arm® Confidential Computing Architecture with ESBMC

Tong Wu, Shale Xiong, Edoardo Manino, Gareth StockwelL, Lucas Cordeiro

Research output: Chapter in Book/Conference proceedingConference contributionpeer-review

Abstract

Realm Management Monitor (RMM) is an essential firmware component within the recent Arm Confidential Computing Architecture (Arm CCA). Previous work applies formal techniques to verify the specification and prototype reference implementation of RMM. However, relying solely on a single verification tool may lead to the oversight of certain bugs or vulnerabilities. This paper discusses the application of ESBMC, a state-of-the-art Satisfiability Modulo Theories (SMT)-based software model checker to further enhance RRM verification. We demonstrate ESBMC’s ability to precisely parse the source code and identify specification failures within a reasonable time frame. Moreover, we propose potential improvements for ESBMC to enhance its efficiency for industry engineers. This work contributes to exploring the capabilities of formal verification techniques in real-world scenarios and suggests avenues for further improvements to better meet industrial verification needs.
Original languageEnglish
Title of host publicationStatic Analysis
Subtitle of host publication31st International Symposium, SAS 2024, Pasadena, CA, USA, October 20–22, 2024, Proceedings
EditorsRoberto Giacobazzi , Alessandra Gorla
PublisherSpringer Cham
Pages451–462
ISBN (Print)9783031747755
DOIs
Publication statusPublished - 21 Jan 2025

Publication series

NameLecture Notes in Computer Science ((LNCS,volume 14995))
NameInternational Static Analysis Symposium

Keywords

  • Formal verification
  • Software model checking
  • Software testing
  • Firmware
  • Security

Fingerprint

Dive into the research topics of 'Verifying Components of Arm® Confidential Computing Architecture with ESBMC'. Together they form a unique fingerprint.

Cite this