Modern SoC hardware semantics are typically specified in informal English documentation, impeding precise definition and formal verification of security properties and thus hindering system-level security assurance. Method: We propose HDLang, a domain-specific language enabling automatic extraction of hardware semantics, software assumptions, and security properties from SoC reference manuals, and generating machine-readable, formally verifiable specifications. Contribution/Results: Using HDLang, we construct unified security models for eight mainstream SoCs and perform the first full-chip formal verification of memory confidentiality and integrity via theorem proving and static analysis. Our approach uncovers multiple ambiguities and contradictions in vendor documentation and identifies an undisclosed privilege-escalation vulnerability in a commercial server SoC. This work establishes a systematic methodology for transforming unstructured hardware documentation into rigorously verifiable security models.

Systems programmers have to consolidate the ever growing hardware mess present on modern System-on-Chips (SoCs). Correctly programming a multitude of components, providing functionality but also security, is a difficult problem: semantics of individual units are described in English prose, descriptions are often underspecified, and prone to inaccuracies. Rigorous statements about platform security are often impossible. We introduce a domain-specific language to describe hardware semantics, assumptions about software behavior, and desired security properties. We then create machine-readable specifications for a diverse set of eight SoCs from their reference manuals, and formally prove their (in-)security. In addition to security proofs about memory confidentiality and integrity, we discover a handful of documentation errors. Finally, our analysis also revealed a vulnerability on a real-world server chip. Our tooling offers system integrators a way of formally describing security properties for entire SoCs, and means to prove them or find counterexamples to them.