A formal model for proving hardware timing properties and identifying timing channels

Timing channels are becoming a critical threat to hardware security. When exploited, secret information can be revealed by analyzing the execution time statistically. There are a variety of methods for detecting timing channels such as statistical analysis, testing and formal verification. However, existing methods cannot guarantee that the timing channels can be identified due to limited test coverage or high performance overhead. In this work, we introduce a novel model for evaluating timing variations of the hardware design. Furthermore, we propose a systematical solution that integrates time label enhanced tracking logic and formally verifies the timing invariant property of hardware designs in order to identify hardware timing channels. We demonstrate our solution on several hardware implementations, including arithmetic units, cryptographic cores and cache. The proof results show that our solution can detect hardware timing channels effectively.