Modular Verification of Interrupt-Driven Software

Interrupts have been widely used in safety-critical computer systems to handle outside stimuli and interact with the hardware, but reasoning about interrupt-driven software remains a difficult task. Although a number of static verification techniques have been proposed for interrupt-driven software, they often rely on constructing a monolithic verification model. Furthermore, they do not precisely capture the complete execution semantics of interrupts such as nested invocations of interrupt handlers. To overcome these limitations, we propose an abstract interpretation framework for static verification of interrupt-driven software that first analyzes each interrupt handler in isolation as if it were a sequential program, and then propagates the result to other interrupt handlers. This iterative process continues until results from all interrupt handlers reach a fixed point. Since our method never constructs the global model, it avoids the up-front blowup in model construction that hampers existing, non-modular, verification techniques. We have evaluated our method on 35 interrupt-driven applications with a total of 22,541 lines of code. Our results show the method is able to quickly and more accurately analyze the behavior of interrupts.Comment: preprint of the ASE 2017 pape

Methoden und Beschreibungssprachen zur Modellierung und Verifikation vonSchaltungen und Systemen: MBMV 2015 - Tagungsband, Chemnitz, 03. - 04. März 2015

Der Workshop Methoden und Beschreibungssprachen zur Modellierung und Verifikation von Schaltungen und Systemen (MBMV 2015) findet nun schon zum 18. mal statt. Ausrichter sind in diesem Jahr die Professur Schaltkreis- und Systementwurf der Technischen Universität Chemnitz und das Steinbeis-Forschungszentrum Systementwurf und Test. Der Workshop hat es sich zum Ziel gesetzt, neueste Trends, Ergebnisse und aktuelle Probleme auf dem Gebiet der Methoden zur Modellierung und Verifikation sowie der Beschreibungssprachen digitaler, analoger und Mixed-Signal-Schaltungen zu diskutieren. Er soll somit ein Forum zum Ideenaustausch sein. Weiterhin bietet der Workshop eine Plattform für den Austausch zwischen Forschung und Industrie sowie zur Pflege bestehender und zur Knüpfung neuer Kontakte. Jungen Wissenschaftlern erlaubt er, ihre Ideen und Ansätze einem breiten Publikum aus Wissenschaft und Wirtschaft zu präsentieren und im Rahmen der Veranstaltung auch fundiert zu diskutieren. Sein langjähriges Bestehen hat ihn zu einer festen Größe in vielen Veranstaltungskalendern gemacht. Traditionell sind auch die Treffen der ITGFachgruppen an den Workshop angegliedert. In diesem Jahr nutzen zwei im Rahmen der InnoProfile-Transfer-Initiative durch das Bundesministerium für Bildung und Forschung geförderte Projekte den Workshop, um in zwei eigenen Tracks ihre Forschungsergebnisse einem breiten Publikum zu präsentieren. Vertreter der Projekte Generische Plattform für Systemzuverlässigkeit und Verifikation (GPZV) und GINKO - Generische Infrastruktur zur nahtlosen energetischen Kopplung von Elektrofahrzeugen stellen Teile ihrer gegenwärtigen Arbeiten vor. Dies bereichert denWorkshop durch zusätzliche Themenschwerpunkte und bietet eine wertvolle Ergänzung zu den Beiträgen der Autoren. [... aus dem Vorwort

Effective Verification for Low-Level Software with Competing Interrupts

Interrupt-driven software is difficult to test and debug, especially when interrupts can be nested and subject to priorities. Interrupts can arrive at arbitrary times, leading to an exponential blow-up in the number of cases to consider. We present a new formal approach to verifying interrupt-driven software based on symbolic execution. The approach leverages recent advances in the encoding of the execution traces of interacting, concurrent threads. We assess the performance of our method on benchmarks drawn from embedded systems code and device drivers, and experimentally compare it to conventional approaches that use source-to-source transformations. Our results show that our method significantly outperforms these techniques. To the best of our knowledge, our work is the first to demonstrate effective verification of low-level embedded software with nested interrupt

Symbolic Programming of Distributed Cyber-Physical Systems

Cyber-Physical Systems (CPSs) tightly integrate physical world phenomena and cyber aspects of computational units. The composition of physical, computational and communication systems demands different levels and types of abstraction as well as novel programming methodologies allowing for homogeneous programming, knowledge representation and exchange on heterogeneous devices. Current modeling approaches, frameworks and architectures result fairly inadequate to the task, especially when resource-constrained devices are involved. This work proposes symbolic computation as an effective solution to program resource constrained CPS devices with code maintaining strict ties to high-level specifications expressed in natural language while supporting interoperability among heterogeneous devices. Design, architectural, programming, and deployment aspects of CPSs are addressed through a single formalism unifying the specification of both cyber and physical parts of CPSs. In particular, programming patterns are modeled as sequences of words adhering to natural language syntax and semantics. Given a software under test (SUT), i.e. an input program expressed as a natural language sentence, formal specifications are used to generate oracles for sentence verification and to generate input test cases. The choice of natural language inspired programming supplies a mechanism for the development of the same software on different hardware platforms, ensuring interoperability among heterogeneous devices. Formal specifications also permit to generate stress tests in order to verify that program components behave as expected in repeated execution. In order to make high-level symbolic programs run on real hardware devices with no loss of expressivity during the translation of high-level specifications into an executable implementation, this work proposes a novel software architecture, Distributed Computing for Constrained Devices (DC4CD), as a supporting platform. The proposed architecture enables symbolic processing and distributed computing on devices with very limited energy, communication and processing capabilities that can be integrated into CPSs. In particular, DC4CD has been extensively used to test the symbolic distributed programming methodology on Wireless Sensor Networks (WSNs) that include nodes with actuation abilities. The platform offers networking abstractions for the exchange of symbolic code among peer devices and allows designers to change at runtime, even wirelessly on deployed nodes, not only the application code but also system code.Cyber-Physical Systems (CPSs) tightly integrate physical world phenomena and cyber aspects of computational units. The composition of physical, computational and communication systems demands different levels and types of abstraction as well as novel programming methodologies allowing for homogeneous programming, knowledge representation and exchange on heterogeneous devices. Current modeling approaches, frameworks and architectures result fairly inadequate to the task, especially when resource-constrained devices are involved. This work proposes symbolic computation as an effective solution to program resource constrained CPS devices with code maintaining strict ties to high-level specifications expressed in natural language while supporting interoperability among heterogeneous devices. Design, architectural, programming, and deployment aspects of CPSs are addressed through a single formalism unifying the specification of both cyber and physical parts of CPSs. In particular, programming patterns are modeled as sequences of words adhering to natural language syntax and semantics. Given a software under test (SUT), i.e. an input program expressed as a natural language sentence, formal specifications are used to generate oracles for sentence verification and to generate input test cases. The choice of natural language inspired programming supplies a mechanism for the development of the same software on different hardware platforms, ensuring interoperability among heterogeneous devices. Formal specifications also permit to generate stress tests in order to verify that program components behave as expected in repeated execution. In order to make high-level symbolic programs run on real hardware devices with no loss of expressivity during the translation of high-level specifications into an executable implementation, this work proposes a novel software architecture, Distributed Computing for Constrained Devices (DC4CD), as a supporting platform. The proposed architecture enables symbolic processing and distributed computing on devices with very limited energy, communication and processing capabilities that can be integrated into CPSs. In particular, DC4CD has been extensively used to test the symbolic distributed programming methodology on Wireless Sensor Networks (WSNs) that include nodes with actuation abilities. The platform offers networking abstractions for the exchange of symbolic code among peer devices and allows designers to change at runtime, even wirelessly on deployed nodes, not only the application code but also system code

Classification and Management of Computational Resources of Robotic Swarms and the Overcoming of their Constraints

Swarm robotics is a relatively new and multidisciplinary research field with many potential applications (e.g., collective exploration or precision agriculture). Nevertheless, it has not been able to transition from the academic environment to the real world. While there are many potential reasons, one reason is that many robots are designed to be relatively simple, which often results in reduced communication and computation capabilities. However, the investigation of such limitations has largely been overlooked. This thesis looks into one such constraint, the computational constraint of swarm robots (i.e., swarm robotics platform). To achieve this, this work first proposes a computational index that quantifies computational resources. Based on the computational index, a quantitative study of 5273 devices shows that swarm robots provide fewer resources than many other robots or devices. In the next step, an operating system with a novel dual-execution model is proposed, and it has been shown that it outperforms the two other robotic system software. Moreover, results show that the choice of system software determines the computational overhead and, therefore, how many resources are available to robotic software. As communication can be a key aspect of a robot's behaviour, this work demonstrates the modelling, implementing, and studying of an optical communication system with a novel dynamic detector. Its detector improves the quality of service by orders of magnitude (i.e., makes the communication more reliable). In addition, this work investigates general communication properties, such as scalability or the effects of mobility, and provides recommendations for the use of such optical communication systems for swarm robotics. Finally, an approach is shown by which computational constraints of individual robots can be overcome by distributing data and processing across multiple robots

Security and trust in cloud computing and IoT through applying obfuscation, diversification, and trusted computing technologies

Cloud computing and Internet of Things (IoT) are very widely spread and commonly used technologies nowadays. The advanced services offered by cloud computing have made it a highly demanded technology. Enterprises and businesses are more and more relying on the cloud to deliver services to their customers. The prevalent use of cloud means that more data is stored outside the organization’s premises, which raises concerns about the security and privacy of the stored and processed data. This highlights the significance of effective security practices to secure the cloud infrastructure. The number of IoT devices is growing rapidly and the technology is being employed in a wide range of sectors including smart healthcare, industry automation, and smart environments. These devices collect and exchange a great deal of information, some of which may contain critical and personal data of the users of the device. Hence, it is highly significant to protect the collected and shared data over the network; notwithstanding, the studies signify that attacks on these devices are increasing, while a high percentage of IoT devices lack proper security measures to protect the devices, the data, and the privacy of the users. In this dissertation, we study the security of cloud computing and IoT and propose software-based security approaches supported by the hardware-based technologies to provide robust measures for enhancing the security of these environments. To achieve this goal, we use obfuscation and diversification as the potential software security techniques. Code obfuscation protects the software from malicious reverse engineering and diversification mitigates the risk of large-scale exploits. We study trusted computing and Trusted Execution Environments (TEE) as the hardware-based security solutions. Trusted Platform Module (TPM) provides security and trust through a hardware root of trust, and assures the integrity of a platform. We also study Intel SGX which is a TEE solution that guarantees the integrity and confidentiality of the code and data loaded onto its protected container, enclave. More precisely, through obfuscation and diversification of the operating systems and APIs of the IoT devices, we secure them at the application level, and by obfuscation and diversification of the communication protocols, we protect the communication of data between them at the network level. For securing the cloud computing, we employ obfuscation and diversification techniques for securing the cloud computing software at the client-side. For an enhanced level of security, we employ hardware-based security solutions, TPM and SGX. These solutions, in addition to security, ensure layered trust in various layers from hardware to the application. As the result of this PhD research, this dissertation addresses a number of security risks targeting IoT and cloud computing through the delivered publications and presents a brief outlook on the future research directions.Pilvilaskenta ja esineiden internet ovat nykyään hyvin tavallisia ja laajasti sovellettuja tekniikkoja. Pilvilaskennan pitkälle kehittyneet palvelut ovat tehneet siitä hyvin kysytyn teknologian. Yritykset enenevässä määrin nojaavat pilviteknologiaan toteuttaessaan palveluita asiakkailleen. Vallitsevassa pilviteknologian soveltamistilanteessa yritykset ulkoistavat tietojensa käsittelyä yrityksen ulkopuolelle, minkä voidaan nähdä nostavan esiin huolia taltioitavan ja käsiteltävän tiedon turvallisuudesta ja yksityisyydestä. Tämä korostaa tehokkaiden turvallisuusratkaisujen merkitystä osana pilvi-infrastruktuurin turvaamista. Esineiden internet -laitteiden lukumäärä on nopeasti kasvanut. Teknologiana sitä sovelletaan laajasti monilla sektoreilla, kuten älykkäässä terveydenhuollossa, teollisuusautomaatiossa ja älytiloissa. Sellaiset laitteet keräävät ja välittävät suuria määriä informaatiota, joka voi sisältää laitteiden käyttäjien kannalta kriittistä ja yksityistä tietoa. Tästä syystä johtuen on erittäin merkityksellistä suojata verkon yli kerättävää ja jaettavaa tietoa. Monet tutkimukset osoittavat esineiden internet -laitteisiin kohdistuvien tietoturvahyökkäysten määrän olevan nousussa, ja samaan aikaan suuri osuus näistä laitteista ei omaa kunnollisia teknisiä ominaisuuksia itse laitteiden tai niiden käyttäjien yksityisen tiedon suojaamiseksi. Tässä väitöskirjassa tutkitaan pilvilaskennan sekä esineiden internetin tietoturvaa ja esitetään ohjelmistopohjaisia tietoturvalähestymistapoja turvautumalla osittain laitteistopohjaisiin teknologioihin. Esitetyt lähestymistavat tarjoavat vankkoja keinoja tietoturvallisuuden kohentamiseksi näissä konteksteissa. Tämän saavuttamiseksi työssä sovelletaan obfuskaatiota ja diversifiointia potentiaalisiana ohjelmistopohjaisina tietoturvatekniikkoina. Suoritettavan koodin obfuskointi suojaa pahantahtoiselta ohjelmiston takaisinmallinnukselta ja diversifiointi torjuu tietoturva-aukkojen laaja-alaisen hyödyntämisen riskiä. Väitöskirjatyössä tutkitaan luotettua laskentaa ja luotettavan laskennan suoritusalustoja laitteistopohjaisina tietoturvaratkaisuina. TPM (Trusted Platform Module) tarjoaa turvallisuutta ja luottamuksellisuutta rakentuen laitteistopohjaiseen luottamukseen. Pyrkimyksenä on taata suoritusalustan eheys. Työssä tutkitaan myös Intel SGX:ää yhtenä luotettavan suorituksen suoritusalustana, joka takaa suoritettavan koodin ja datan eheyden sekä luottamuksellisuuden pohjautuen suojatun säiliön, saarekkeen, tekniseen toteutukseen. Tarkemmin ilmaistuna työssä turvataan käyttöjärjestelmä- ja sovellusrajapintatasojen obfuskaation ja diversifioinnin kautta esineiden internet -laitteiden ohjelmistokerrosta. Soveltamalla samoja tekniikoita protokollakerrokseen, työssä suojataan laitteiden välistä tiedonvaihtoa verkkotasolla. Pilvilaskennan turvaamiseksi työssä sovelletaan obfuskaatio ja diversifiointitekniikoita asiakaspuolen ohjelmistoratkaisuihin. Vankemman tietoturvallisuuden saavuttamiseksi työssä hyödynnetään laitteistopohjaisia TPM- ja SGX-ratkaisuja. Tietoturvallisuuden lisäksi nämä ratkaisut tarjoavat monikerroksisen luottamuksen rakentuen laitteistotasolta ohjelmistokerrokseen asti. Tämän väitöskirjatutkimustyön tuloksena, osajulkaisuiden kautta, vastataan moniin esineiden internet -laitteisiin ja pilvilaskentaan kohdistuviin tietoturvauhkiin. Työssä esitetään myös näkemyksiä jatkotutkimusaiheista

Systematic and automatic verification of sensor networks

Ph.DDOCTOR OF PHILOSOPH

A generic software architecture for portable applications in heterogeneous wireless sensor networks

In the last years, wireless sensor networks (WSNs) are acquiring more importance as a promising technology based on tiny devices called sensor nodes or motes able to monitor a wide range of physical phenomenon through sensors. Numerous branches of science are being benefited. The intrinsic ubiquity of sensor nodes and the absence of network infrastructure make possible their deployment in hostile or, up to now, unknown environments which have been typically unaccessible for humans such as volcanos or glaciers, providing precise and up-to-date data. As potential applications continue arising, both new technical and conceptual challenges appear. The severe hardware restrictions of sensor nodes in relation to computation, communication and specifically, energy, have posed new and exciting requirements. In particular, research is moving towards heterogeneous networks that will contain different devices running custom WSN operating systems. Operating systems specifically designed for sensor nodes are intended to efficiently manage the hardware resources and facilitate the programming. Nevertheless, they often lack the generality and the high-level abstractions expected at this abstraction layer. Consequently, they do not completely hide either the underlying platform or its execution model, making the applications programming close to operating system and thus reducing the portability. This thesis focuses on the portability of applications in heterogeneous wireless sensor networks. To contribute to this important challenge the thesis proposes a generic software architecture based on sensor node, which supports the process of applications development by homogenizing and facilitating the access to different WSN operating systems. Specifically, the next main objectives have been established. * Designing and implementing a generic sensor node-centric architecture distinguishing clearly the different abstraction levels in a sensor node. The architecture should be flexible enough in order to incorporate high-level abstractions which facilitate the the programming. * As part of the architecture, constructing an intermediate layer between applications and sensor node operating system. This layer is intended to abstract away the operating system by demultiplexing a set of homogeneous services and mapping them into operating system-specific requests. To achieve this, programming language extensions have to be also specified on top of the architecture, in order to write portable applications. In this way, platform-specific code can be generated from these high-level applications for di erent sensor node platforms. In this way, architecture deals with the problem of heterogeneity and portability. * Evaluating the feasibility of incorporating the abstractions above mentioned within the development process in terms of portability, efficiency and productivity. In this environment the footprint is a specially critical issue, due to the hardware limitations. In fact, an excessive overhead of applications size could make prohibitive the proposed solution. The thesis presents a generic software architecture for portable applications in heterogeneous wireless sensor networks. The proposed solution and its evaluation is described in this document. Theoretical and practical contributions of this thesis and the main future research directions are also presented.-------------------------------------------------------------------------------------------------------------------------En los últimos años, las redes de sensores inalámbricas han adquirido cada vez mayor protagonismo y se han erigido como una prometedora tecnología basada en dispositivos pequeños denominados nodos sensores o motes, que son capaces de monitorizar fenómenos físicos a través de diferentes sensores. Un gran número de diferentes ramas de las ciencias podrían verse beneficiadas. La naturaleza ubicua de los nodos además de la ausencia de una infraestructura de red, hacen posible la instalación de estas redes en terrenos inhóspitos y típicamente inaccesibles para los seres humanos, como por ejemplo glaciares o volcanes, para proporcionar un conocimiento preciso y actualizado. A medida que continúan apareciendo diferentes aplicaciones potenciales, surgen nuevos retos tanto técnicos como conceptuales. Las restricciones severas de los recursos en términos de cómputo, comunicación y, sobre todo, energía, plantean nuevos requerimientos. En particular, la investigación tiende a crear redes heterogéneas que incluyen diferentes dispositivos de hardware e integran sistemas operativos desarrollados ad-hoc. Los sistemas operativos específicamente diseñados para nodos sensores han sido concebidos para gestionar eficientemente sus recursos de hardware y facilitar la programación. Sin embargo, a menudo carecen de la generalidad y de las abstracciones de alto nivel esperadas en esta capa de abstracción. Por tanto, los sistemas operativos no enmascaran completamente su modelo de ejecución ni la plataforma subyacente, convirtiendo la programación de aplicaciones en fuertemente acoplada al sistema operativo y, consecuentemente, reduciendo la portabilidad. Esta tesis se centra en la portabilidad de aplicaciones en redes de sensores inalámbricas heterogéneas. Con el objeto de contribuir a este relevante ámbito de estudio, la tesis propone una arquitectura de software genérica basada en nodo sensor, la cual soporta el proceso de desarrollo de aplicaciones homogeneizando y facilitando el acceso a diferentes sistemas operativos de nodos sensores. Específicamente, se han establecido los siguientes objetivos principales: * Diseñar e implementar una arquitectura genérica de nodo sensor distinguiendo con claridad los diferentes niveles de abstracción del nodo sensor. La arquitectura propuesta debería ser flexible para poder incorporar nuevas abstracciones de alto nivel que faciliten la programación de las aplicaciones. * Como parte de la arquitectura, deberá construirse una capa de abstracción localizada entre las aplicaciones y el sistema operativo. Su objetivo es abstraer el sistema operativo subyacente mediante un conjunto de servicios homogéneos que puedan ser mapeados en servicios específicos del sistema operativo. Para ello se deberá especificar en la capa superior de la arquitectura el conjunto de extensiones del lenguaje de programación que permitan escribir aplicaciones portables. Consecuentemente, el código específico de la plataforma puede ser generado a partir de las aplicaciones de alto nivel para diferentes plataformas de nodos sensores. De esta manera, la arquitectura trata los problemas de portabilidad y heterogeneidad en la construcción de aplicaciones. * Evaluar la factibilidad de incorporar las abstracciones previamente mencionadas para ser usadas dentro del proceso de desarrollo de aplicaciones, en términos de portabilidad, eficiencia y productividad. En el entorno de las redes de sensores, el consumo eficiente de los recursos de hardware es un aspecto crítico debido al presupuesto limitado del hardware. De hecho, una sobrecarga excesiva haría prohibitiva e inviable la propuesta. Esta tesis describe una arquitectura de software genérica para aplicaciones portables en redes de sensores inalámbricas heterogéneas. La solución propuesta y su evaluación se presentan en este documento. Las contribuciones teóricas y prácticas de esta tesis serán analizadas, así como las líneas futuras de investigación que derivan de este trabajo