About the Speaker

Katharina Ceesay-Seitz is a hardware security researcher who focuses on formal verification of microarchitectural security. She has 5+ years of industry experience as embedded software developer and in formal verification related to functional safety (at CERN and in the automotive field). She holds a Master’s in embedded systems from TU Wien. She is currently pursuing her PhD in hardware security at ETH Zurich and will complete it in 2026. She is also a recipient of the Qualcomm Innovation Fellowship Europe.

VerIFI: Formal Verification of Microarchitectural Information-Flow Integrity

Overview

Our verification method, VerIFI, enables the systematic detection of both microarchitectural vulnerabilities and functional bugs that compromise confidentiality or integrity. We formalize Information-Flow Integrity (IFI), which defines expected information flows between (micro-)architectural hardware elements. VerIFI formally proves that information flows are contained within the originating architectural elements, and confined to the correct architecturally-visible state elements across space and time. VerIFI introduces a precise spatio-temporal taint path gating technique for introducing and declassifying information flows, accommodating microarchitectural optimizations and known exceptions. Applying VerIFI to two verified RISC-V CPUs, Kronos and Ibex, we confirm known vulnerabilities and discover two new ones.

Key Points

• Formal Verification
• Microarchitectural Security
• Information Leakage