482 research outputs found
Mechanizing a Process Algebra for Network Protocols
This paper presents the mechanization of a process algebra for Mobile Ad hoc
Networks and Wireless Mesh Networks, and the development of a compositional
framework for proving invariant properties. Mechanizing the core process
algebra in Isabelle/HOL is relatively standard, but its layered structure
necessitates special treatment. The control states of reactive processes, such
as nodes in a network, are modelled by terms of the process algebra. We propose
a technique based on these terms to streamline proofs of inductive invariance.
This is not sufficient, however, to state and prove invariants that relate
states across multiple processes (entire networks). To this end, we propose a
novel compositional technique for lifting global invariants stated at the level
of individual nodes to networks of nodes.Comment: This paper is an extended version of arXiv:1407.3519. The
Isabelle/HOL source files, and a full proof document, are available in the
Archive of Formal Proofs, at http://afp.sourceforge.net/entries/AWN.shtm
Proving the Absence of Microarchitectural Timing Channels
Microarchitectural timing channels are a major threat to computer security. A
set of OS mechanisms called time protection was recently proposed as a
principled way of preventing information leakage through such channels and
prototyped in the seL4 microkernel. We formalise time protection and the
underlying hardware mechanisms in a way that allows linking them to the
information-flow proofs that showed the absence of storage channels in seL4.Comment: Scott Buckley and Robert Sison were joint lead author
From LCF to Isabelle/HOL
Interactive theorem provers have developed dramatically over the past four
decades, from primitive beginnings to today's powerful systems. Here, we focus
on Isabelle/HOL and its distinctive strengths. They include automatic proof
search, borrowing techniques from the world of first order theorem proving, but
also the automatic search for counterexamples. They include a highly readable
structured language of proofs and a unique interactive development environment
for editing live proof documents. Everything rests on the foundation conceived
by Robin Milner for Edinburgh LCF: a proof kernel, using abstract types to
ensure soundness and eliminate the need to store proofs. Compared with the
research prototypes of the 1970s, Isabelle is a practical and versatile tool.
It is used by system designers, mathematicians and many others
Analyzing FreeRTOS Scheduling Behaviors with the Spin Model Checker
FreeRTOS is a real-time operating system with configurable scheduling
policies. Its portability and configurability make FreeRTOS one of the most
popular real-time operating systems for embedded devices. We formally analyze
the FreeRTOS scheduler on ARM Cortex-M4 processor in this work. Specifically,
we build a formal model for the FreeRTOS ARM Cortex-M4 port and apply model
checking to find errors in our models for FreeRTOS example applications.
Intriguingly, several errors are found in our application models under
different scheduling policies. In order to confirm our findings, we modify
application programs distributed by FreeRTOS and reproduce assertion failures
on the STM32F429I-DISC1 board
A Resolution Based Automated Theorem Proving System Using Concurrent Processing Approach
Semenjak pembangunan sistem pembuktian teorem automatik berdasarkan
resolusi yang pertama di pertengahan 1960an, terdapat penyelidikan yang berterusan di
dalam bidang ini untuk mempertingkatkan proses penyelesaian masalah di dalam sistemsistem
pembuktian teorem. Penyelidikan pada masa kini di dalam bidang ini adalah
tertumpu kepada penggunaan kaedah-kaedah pengideksan pangkalan data dan
pemprosesan selari untuk mempertingkatkan kecekapan sistem-sistem tersebut. Apa yang
dimaksudkan tentang kecekapan sistem adalah tertumpu kepada kelajuan pedaksanaan
sistem di dalam pembuktian teorem oleh suatu sistem pembuktian teorem automatik.
Ever since the first resolution based automated theorem proving system was
developed on a computer in the mid 1960s, there has been constant research in this area
on enhancing the problem solving process of the theorem provers. The recent trend in
this area is towards exploiting database indexing and parallel processing in increasing the
efficiency of these systems, in particular the execution speed of the theorem prover in
proving a theorem
PA-Boot: A Formally Verified Authentication Protocol for Multiprocessor Secure Boot
Hardware supply-chain attacks are raising significant security threats to the
boot process of multiprocessor systems. This paper identifies a new, prevalent
hardware supply-chain attack surface that can bypass multiprocessor secure boot
due to the absence of processor-authentication mechanisms. To defend against
such attacks, we present PA-Boot, the first formally verified
processor-authentication protocol for secure boot in multiprocessor systems.
PA-Boot is proved functionally correct and is guaranteed to detect multiple
adversarial behaviors, e.g., processor replacements, man-in-the-middle attacks,
and tampering with certificates. The fine-grained formalization of PA-Boot and
its fully mechanized security proofs are carried out in the Isabelle/HOL
theorem prover with 306 lemmas/theorems and ~7,100 LoC. Experiments on a
proof-of-concept implementation indicate that PA-Boot can effectively identify
boot-process attacks with a considerably minor overhead and thereby improve the
security of multiprocessor systems.Comment: Manuscript submitted to IEEE Trans. Dependable Secure Compu
Development and analysis of the Software Implemented Fault-Tolerance (SIFT) computer
SIFT (Software Implemented Fault Tolerance) is an experimental, fault-tolerant computer system designed to meet the extreme reliability requirements for safety-critical functions in advanced aircraft. Errors are masked by performing a majority voting operation over the results of identical computations, and faulty processors are removed from service by reassigning computations to the nonfaulty processors. This scheme has been implemented in a special architecture using a set of standard Bendix BDX930 processors, augmented by a special asynchronous-broadcast communication interface that provides direct, processor to processor communication among all processors. Fault isolation is accomplished in hardware; all other fault-tolerance functions, together with scheduling and synchronization are implemented exclusively by executive system software. The system reliability is predicted by a Markov model. Mathematical consistency of the system software with respect to the reliability model has been partially verified, using recently developed tools for machine-aided proof of program correctness
- …