6,770 research outputs found
Verifying non-functional real-time properties by static analysis
International audienceStatic analyzers based on abstract interpretation are tools aiming at the automatic detection of run-time properties by analyzing the source, assembly or binary code of a program. From Airbus' point of view, the first interesting properties covered by static analyzers available on the market, or as prototypes coming from research, are absence of run-time errors, maximum stack usage and Worst-Case Execution Time (WCET). This paper will focus on the two latter
Performance Evaluation of Automated Static Analysis Tools
Automated static analysis tools can perform efficient thorough checking of important properties of, and extract and summarize critical information about, a source program. This paper evaluates three open-source static analysis tools; Flawfinder, Cppcheck and Yasca. Each tool is analyzed with regards to usability, IDE integration, performance, and accuracy. Special emphasis is placed on the integration of these tools into the development environment to enable analysis during all phases of development as well as to enable extension of rules and other improvements within the tools. It is shown that Flawfinder be the easiest to modify and extend, Cppcheck be inviting to novices, and Yasca be the most accurate and versatile
Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties
In this paper, we formally verify security properties of the ARMv7 Instruction Set Architecture (ISA) for user mode executions.
To obtain guarantees that arbitrary (and unknown) user processes are able to run isolated from privileged software and other user processes, instruction level noninterference and integrity properties are provided, along with proofs that transitions to privileged modes can only occur in a controlled manner.
This work establishes a main requirement for operating system and hypervisor verification, as demonstrated for the PROSPER separation kernel. The proof is performed in the HOL4 theorem prover, taking the Cambridge model of ARM as basis.
To this end, a proof tool has been developed, which assists the verification of relational state predicates semi-automatically
Developing a distributed electronic health-record store for India
The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India
A Verified Information-Flow Architecture
SAFE is a clean-slate design for a highly secure computer system, with
pervasive mechanisms for tracking and limiting information flows. At the lowest
level, the SAFE hardware supports fine-grained programmable tags, with
efficient and flexible propagation and combination of tags as instructions are
executed. The operating system virtualizes these generic facilities to present
an information-flow abstract machine that allows user programs to label
sensitive data with rich confidentiality policies. We present a formal,
machine-checked model of the key hardware and software mechanisms used to
dynamically control information flow in SAFE and an end-to-end proof of
noninterference for this model.
We use a refinement proof methodology to propagate the noninterference
property of the abstract machine down to the concrete machine level. We use an
intermediate layer in the refinement chain that factors out the details of the
information-flow control policy and devise a code generator for compiling such
information-flow policies into low-level monitor code. Finally, we verify the
correctness of this generator using a dedicated Hoare logic that abstracts from
low-level machine instructions into a reusable set of verified structured code
generators
- …