Verifiable Security Templates For Hardware

High-level synthesis (HLS) research generally focuses on transferring "software engineering virtues" (e.g., modularity, abstraction, extensibility, etc.) to hardware development with the ultimate goal of making hardware development as agile as software development. And recent HLS research has focused on transferring ideas and techniques from high assurance software formal methods to hardware development. Just as it has introduced software engineering virtues, we believe HLS can also become a vector for adapting software formal methods to the challenge of high assurance security in hardware. This paper introduces the Device Calculus and its mechanization in the Agda proof checking system. The Device Calculus is a starting point for exploring the formal methods and security of high-level synthesis flows. We illustrate the Device Calculus with a number of examples of formally verifiable security templates-i.e., functions in the Device Calculus that express common security structures at a high-level of abstraction.