Verifying Components of Arm® Confidential Computing Architecture with ESBMC

Tong Wu; Shale  Xiong; Edoardo Manino; Gareth  StockwelL; Lucas Cordeiro

doi:10.1007/978-3-031-74776-2_18

Verifying Components of Arm® Confidential Computing Architecture with ESBMC

Tong Wu, Shale Xiong, Edoardo Manino, Gareth StockwelL, Lucas Cordeiro

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

Abstract

Realm Management Monitor (RMM) is an essential firmware component within the recent Arm Confidential Computing Architecture (Arm CCA). Previous work applies formal techniques to verify the specification and prototype reference implementation of RMM. However, relying solely on a single verification tool may lead to the oversight of certain bugs or vulnerabilities. This paper discusses the application of ESBMC, a state-of-the-art Satisfiability Modulo Theories (SMT)-based software model checker to further enhance RRM verification. We demonstrate ESBMC’s ability to precisely parse the source code and identify specification failures within a reasonable time frame. Moreover, we propose potential improvements for ESBMC to enhance its efficiency for industry engineers. This work contributes to exploring the capabilities of formal verification techniques in real-world scenarios and suggests avenues for further improvements to better meet industrial verification needs.

Original language	English
Title of host publication	Static Analysis
Subtitle of host publication	31st International Symposium, SAS 2024, Pasadena, CA, USA, October 20–22, 2024, Proceedings
Editors	Roberto Giacobazzi , Alessandra Gorla
Publisher	Springer Cham
Pages	451–462
ISBN (Print)	9783031747755
DOIs	https://doi.org/10.1007/978-3-031-74776-2_18
Publication status	Published - 21 Jan 2025

Publication series

Name	Lecture Notes in Computer Science ((LNCS,volume 14995))

Name	International Static Analysis Symposium

Keywords

Formal verification
Software model checking
Software testing
Firmware
Security

Access to Document

10.1007/978-3-031-74776-2_18

Verifying_components_of_Arm__Confidential_Computing_Architecture_with_ESBMCAccepted author manuscript, 758 KBLicence: CC BY

1 Finished
1 Active

EnnCore: End-to-End Conceptual Guarding of Neural Architectures
Cordeiro, L. (PI), Brown, G. (CoI), Freitas, A. (CoI), Luján, M. (CoI) & Mustafa, M. (CoI)
1/02/21 → 31/12/25
Project: Research
SCorCH: Secure Code for Capability Hardware
Reger, G. (PI), Cordeiro, L. (CoI), Korovin, K. (CoI), Mustafa, M. (CoI) & Olivier, P. (CoI)
1/07/20 → 31/12/23
Project: Research

Cite this

Wu, T., Xiong, S., Manino, E., StockwelL, G., & Cordeiro, L. (2025). Verifying Components of Arm® Confidential Computing Architecture with ESBMC. In R. G., & A. G. (Eds.), Static Analysis: 31st International Symposium, SAS 2024, Pasadena, CA, USA, October 20–22, 2024, Proceedings (pp. 451–462). (Lecture Notes in Computer Science ((LNCS,volume 14995))), (International Static Analysis Symposium). Springer Cham. https://doi.org/10.1007/978-3-031-74776-2_18

Wu, Tong ; Xiong, Shale ; Manino, Edoardo et al. / Verifying Components of Arm® Confidential Computing Architecture with ESBMC. Static Analysis: 31st International Symposium, SAS 2024, Pasadena, CA, USA, October 20–22, 2024, Proceedings. editor / Roberto Giacobazzi ; Alessandra Gorla. Springer Cham, 2025. pp. 451–462 (Lecture Notes in Computer Science ((LNCS,volume 14995))). (International Static Analysis Symposium).

@inproceedings{fc5d6c3b77c04a549585eba55a84f0d8,

title = "Verifying Components of Arm{\textregistered} Confidential Computing Architecture with ESBMC",

abstract = "Realm Management Monitor (RMM) is an essential firmware component within the recent Arm Confidential Computing Architecture (Arm CCA). Previous work applies formal techniques to verify the specification and prototype reference implementation of RMM. However, relying solely on a single verification tool may lead to the oversight of certain bugs or vulnerabilities. This paper discusses the application of ESBMC, a state-of-the-art Satisfiability Modulo Theories (SMT)-based software model checker to further enhance RRM verification. We demonstrate ESBMC{\textquoteright}s ability to precisely parse the source code and identify specification failures within a reasonable time frame. Moreover, we propose potential improvements for ESBMC to enhance its efficiency for industry engineers. This work contributes to exploring the capabilities of formal verification techniques in real-world scenarios and suggests avenues for further improvements to better meet industrial verification needs.",

keywords = "Formal verification, Software model checking, Software testing, Firmware, Security",

author = "Tong Wu and Shale Xiong and Edoardo Manino and Gareth StockwelL and Lucas Cordeiro",

year = "2025",

month = jan,

day = "21",

doi = "10.1007/978-3-031-74776-2_18",

language = "English",

isbn = "9783031747755",

series = "Lecture Notes in Computer Science ((LNCS,volume 14995))",

publisher = "Springer Cham",

pages = "451–462",

editor = "{Roberto Giacobazzi} and {Alessandra Gorla}",

booktitle = "Static Analysis",

address = "Switzerland",

}

Wu, T, Xiong, S, Manino, E, StockwelL, G & Cordeiro, L 2025, Verifying Components of Arm® Confidential Computing Architecture with ESBMC. in RG & AG (eds), Static Analysis: 31st International Symposium, SAS 2024, Pasadena, CA, USA, October 20–22, 2024, Proceedings. Lecture Notes in Computer Science ((LNCS,volume 14995)), International Static Analysis Symposium, Springer Cham, pp. 451–462. https://doi.org/10.1007/978-3-031-74776-2_18

Verifying Components of Arm® Confidential Computing Architecture with ESBMC. / Wu, Tong; Xiong, Shale ; Manino, Edoardo et al.
Static Analysis: 31st International Symposium, SAS 2024, Pasadena, CA, USA, October 20–22, 2024, Proceedings. ed. / Roberto Giacobazzi; Alessandra Gorla. Springer Cham, 2025. p. 451–462 (Lecture Notes in Computer Science ((LNCS,volume 14995))), (International Static Analysis Symposium).

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Verifying Components of Arm® Confidential Computing Architecture with ESBMC

AU - Wu, Tong

AU - Xiong, Shale

AU - Manino, Edoardo

AU - StockwelL, Gareth

AU - Cordeiro, Lucas

PY - 2025/1/21

Y1 - 2025/1/21

N2 - Realm Management Monitor (RMM) is an essential firmware component within the recent Arm Confidential Computing Architecture (Arm CCA). Previous work applies formal techniques to verify the specification and prototype reference implementation of RMM. However, relying solely on a single verification tool may lead to the oversight of certain bugs or vulnerabilities. This paper discusses the application of ESBMC, a state-of-the-art Satisfiability Modulo Theories (SMT)-based software model checker to further enhance RRM verification. We demonstrate ESBMC’s ability to precisely parse the source code and identify specification failures within a reasonable time frame. Moreover, we propose potential improvements for ESBMC to enhance its efficiency for industry engineers. This work contributes to exploring the capabilities of formal verification techniques in real-world scenarios and suggests avenues for further improvements to better meet industrial verification needs.

AB - Realm Management Monitor (RMM) is an essential firmware component within the recent Arm Confidential Computing Architecture (Arm CCA). Previous work applies formal techniques to verify the specification and prototype reference implementation of RMM. However, relying solely on a single verification tool may lead to the oversight of certain bugs or vulnerabilities. This paper discusses the application of ESBMC, a state-of-the-art Satisfiability Modulo Theories (SMT)-based software model checker to further enhance RRM verification. We demonstrate ESBMC’s ability to precisely parse the source code and identify specification failures within a reasonable time frame. Moreover, we propose potential improvements for ESBMC to enhance its efficiency for industry engineers. This work contributes to exploring the capabilities of formal verification techniques in real-world scenarios and suggests avenues for further improvements to better meet industrial verification needs.

KW - Formal verification

KW - Software model checking

KW - Software testing

KW - Firmware

KW - Security

U2 - 10.1007/978-3-031-74776-2_18

DO - 10.1007/978-3-031-74776-2_18

M3 - Conference contribution

SN - 9783031747755

T3 - Lecture Notes in Computer Science ((LNCS,volume 14995))

SP - 451

EP - 462

BT - Static Analysis

A2 - , Roberto Giacobazzi

A2 - , Alessandra Gorla

PB - Springer Cham

ER -

Wu T, Xiong S, Manino E, StockwelL G, Cordeiro L. Verifying Components of Arm® Confidential Computing Architecture with ESBMC. In RG, AG, editors, Static Analysis: 31st International Symposium, SAS 2024, Pasadena, CA, USA, October 20–22, 2024, Proceedings. Springer Cham. 2025. p. 451–462. (Lecture Notes in Computer Science ((LNCS,volume 14995))). (International Static Analysis Symposium). doi: 10.1007/978-3-031-74776-2_18

Verifying Components of Arm® Confidential Computing Architecture with ESBMC

Abstract

Publication series

Keywords

Access to Document

Fingerprint

Projects

EnnCore: End-to-End Conceptual Guarding of Neural Architectures

SCorCH: Secure Code for Capability Hardware

Cite this