127 research outputs found
SAGE: Software-based Attestation for GPU Execution
With the application of machine learning to security-critical and sensitive
domains, there is a growing need for integrity and privacy in computation using
accelerators, such as GPUs. Unfortunately, the support for trusted execution on
GPUs is currently very limited - trusted execution on accelerators is
particularly challenging since the attestation mechanism should not reduce
performance. Although hardware support for trusted execution on GPUs is
emerging, we study purely software-based approaches for trusted GPU execution.
A software-only approach offers distinct advantages: (1) complement
hardware-based approaches, enhancing security especially when vulnerabilities
in the hardware implementation degrade security, (2) operate on GPUs without
hardware support for trusted execution, and (3) achieve security without
reliance on secrets embedded in the hardware, which can be extracted as history
has shown. In this work, we present SAGE, a software-based attestation
mechanism for GPU execution. SAGE enables secure code execution on NVIDIA GPUs
of the Ampere architecture (A100), providing properties of code integrity and
secrecy, computation integrity, as well as data integrity and secrecy - all in
the presence of malicious code running on the GPU and CPU. Our evaluation
demonstrates that SAGE is already practical today for executing code in a
trustworthy way on GPUs without specific hardware support.Comment: 14 pages, 2 reference pages, 6 figure
Real-Time Operating Systems and Programming Languages for Embedded Systems
In this chapter, we present the different alternatives that are available today for the development of real-time embedded systems. In particular, we will focus on the programming languages use like C++, Java and Ada and the operating systems like Linux-RT, FreeRTOS, TinyOS, etc. In particular we will analyze the actual state of the art for developing embedded systems under the WORA paradigm with standard Java [1], its Real-Time Specification and with the use of Real-Time Core Extensions and pico Java based CPUs [5]. We expect the reader to have a clear view of the opportunities present at the moment of starting a design with its pros and cons so it can choose the best one to fit its case.Fil: Orozco, Javier Dario. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - BahĂa Blanca. Instituto de Investigaciones en IngenierĂa ElĂ©ctrica "Alfredo Desages". Universidad Nacional del Sur. Departamento de IngenierĂa ElĂ©ctrica y de Computadoras. Instituto de Investigaciones en IngenierĂa ElĂ©ctrica "Alfredo Desages"; Argentina. Universidad Nacional del Sur. Departamento de IngenierĂa ElĂ©ctrica y de Computadoras. Laboratorio de Sistemas Digitales; ArgentinaFil: Santos, Rodrigo Martin. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - BahĂa Blanca. Instituto de Investigaciones en IngenierĂa ElĂ©ctrica "Alfredo Desages". Universidad Nacional del Sur. Departamento de IngenierĂa ElĂ©ctrica y de Computadoras. Instituto de Investigaciones en IngenierĂa ElĂ©ctrica "Alfredo Desages"; Argentina. Universidad Nacional del Sur. Departamento de IngenierĂa ElĂ©ctrica y de Computadoras. Laboratorio de Sistemas Digitales; Argentin
Formal verification of a real-time operating system
Errors caused by the interaction of computer systems with the physical world are hard to mitigate but errors related to the underlying software can be prevented by a more rigorous development of software code. In the context of critical systems, a failure caused by software errors could lead to consequences that are determined to be unacceptable. At the heart of a critical system, a real-time operating system is commonly found. Since the reliability of the entire system depends upon having a reliable operating system, verifying that the operating systems functions as desired is of prime interest. One solution to verify the correctness of significant properties of an existing real-time operating system microkernel (FreeRTOS) applies assisted proof checking to its formalized specification description. The experiment consists of describing real-time operating system characteristics, such as memory safety and scheduler determinism, in Separation Logic — a formal language that allows reasoning about the behaviour of the system in terms of preconditions and postconditions. Once the desired properties are defined in a formal language, a theorem can be constructed to describe the validity of such formula for the given FreeRTOS implementation. Then, by using the Coq proof assistant, a machine-checked proof that such properties hold for FreeRTOS can be carried out. By expressing safety and deterministic properties of an existing real-time operating systems and proving them correct we demonstrate that the current state-of-the-art in theorem-based formal verification, including appropriate logics and proof assistants, make it possible to provide a machine-checked proof of the specification of significant properties for FreeRTOS
SwitchWare: Accelerating Network Evolution (White Paper)
We propose the development of a set of software technologies ( SwitchWare ) which will enable rapid development and deployment of new network services. The key insight is that by making the basic network service selectable on a per user (or even per packet) basis, the need for formal standardization is eliminated. Additionally, by making the basic network service programmable, the deployment times, today constrained by capital funding limitations, are tremendously reduced (to the order of software distribution times). Finally, by constructing an advanced, robust programming environment, even the service development time can be reduced.
A SwitchWare switch consists of input and output ports controlled by a software-programmable element; programs are contained in sequences of messages sent to the SwitchWare switch\u27s input ports, which interpret the messages as programs. We call these Switchlets . This accelerates the pace of network evolution, as evolving user needs can be immediately reflected in the network infrastructure. Immediate reconfigurability enhances the adaptability of the network infrastructure in the face of unexpected situations. We call a network built from SwitchWare switches an active network
A Language-Independent Proof System for Mutual Program Equivalence
International audienceTwo programs are mutually equivalent if they both diverge or they end up in similar states. Mutual equivalence is an adequate notion of equivalence for programs written in deterministic languages. It is useful in many contexts, such as capturing the correctness of, program transformations within the same language, or capturing the correctness of compilers between two different languages. In this paper we introduce a language-independent proof system for mutual equivalence, which is parametric in the operational semantics of two languages and in a state-similarity relation. The proof system is sound: if it terminates then it establishes the mutual equivalence of the programs given to it as input. We illustrate it on two programs in two different languages (an imperative one and a functional one), that both compute the Collatz sequence.Deux programmes sont en équivalence mutuelle s'ils divergent tous les deux ou s'ils terminent dans des états similaires. L'équivalence mutuelle est une notion adéquate d'équivalence pour les programmes déterministes. Elle est utile dans divers contextes, parmi lesquels on peut citer la preuve de transformations de programmes dans un langage donné, et la preuve de compilateurs entre deux langages. Dans cet article nous introduisons un système déductif pour l'équivalence mutuelle, qui a comme paramètres les sémantiques opérationnelles de deux langages ainsi qu'une relation de similitude entre états des programmes. Le système déductif est correct: lorsqu'il termine, il démontre l'équivalence des programmes qui lui sont donnés en entrée. Nous l'illustrons sur deux programmes, appartenant à des langages différents : l'un impératif, l'autre fonctionnel, qui calculent la séquence de Collatz de deux manières différentes
- …