2 research outputs found
ΠΡΡ ΠΈΡΠ΅ΠΊΡΡΡΠ° ΡΠΎΡΠΌΠ°Π»ΡΠ½ΠΎ-Π²Π΅ΡΠΈΡΠΈΡΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠΉ ΡΠΈΡΡΠ΅ΠΌΡ ΡΠ°ΡΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ΅Π΅ΡΡΡΠ° InnoChain
In this paper we consider the software architecture of InnoChain, a distributed ledger system (DLS) with 5 levels of formal verification, including a formally-verified underlying operating system (OS). The objective of this architecture is to achieve a higher level of DLS dependability compared to more traditional software architectures and quality assurance (QA) methods. The architecture of InnoChain includes (1) a programming language for smart contracts which is a domain-specific language with formal semantics embedded into CakeML, which is a functional language ofthe ML family; this allows us to carry out formal verification of smart contracts' correctness properties using higher-order logic systems, such as HOL4; (2) trusted compilation of smart contracts into the machine code using the verified compiler available for CakeML, rather than relying on a virtual machine for execution of smart contracts; (3) using CakeML for implementation of InnoChain node functionality which allows for formal verification of code correctness and trusted compilation into the machine code; (4) formal verification of the consensus protocol used InnoChain, namely HotStuff BFT; (5) using seL4, a formally-verified microkernel, as the underlying OS for InnoChain instead of more traditional general-purpose OSes such as Linux. The proposed verified architecture will allow InnoChain to be used in mission-critical applications, such as the decentralized Aircraft Fuelling Control System which is currently under development for JSC Aeroflot, the Russian national air carrier.Π Π½Π°ΡΡΠΎΡΡΠ΅ΠΉ ΡΠ°Π±ΠΎΡΠ΅ ΡΠ°ΡΡΠΌΠ°ΡΡΠΈΠ²Π°Π΅ΡΡΡ Π°ΡΡ
ΠΈΡΠ΅ΠΊΡΡΡΠ° ΡΠΈΡΡΠ΅ΠΌΡ ΡΠ°ΡΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ΅Π΅ΡΡΡΠ° (Π‘Π Π ) InnoChain. ΠΡΠ½ΠΎΠ²Π½ΠΎΠΉ ΡΠ΅Π»ΡΡ ΡΡΠΎΠΉ Π°ΡΡ
ΠΈΡΠ΅ΠΊΡΡΡΡ ΡΠ²Π»ΡΠ΅ΡΡΡ ΡΠ΅Π°Π»ΠΈΠ·ΡΠ΅ΠΌΠΎΡΡΡ 5-ΡΠΈ ΡΡΠΎΠ²Π½Π΅ΠΉ ΡΠΎΡΠΌΠ°Π»ΡΠ½ΠΎΠΉ Π²Π΅ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠ½ΠΎΠ³ΠΎ ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠ΅Π½ΠΈΡ (ΠΠ) ΡΠΈΡΡΠ΅ΠΌΡ InnoChain, Π²ΠΊΠ»ΡΡΠ°Ρ ΠΎΠΏΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΠΎΠ΅ ΠΎΠΊΡΡΠΆΠ΅Π½ΠΈΠ΅. ΠΠ΅ΡΠΎΠ΄Ρ ΡΠΎΡΠΌΠ°Π»ΡΠ½ΠΎΠΉ Π²Π΅ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ ΡΠ²Π»ΡΡΡΡΡ ΠΎΡΠ½ΠΎΠ²Π½ΡΠΌΠΈ ΠΌΠ΅ΡΠΎΠ΄Π°ΠΌΠΈ ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠ΅Π½ΠΈΡ ΠΊΠ°ΡΠ΅ΡΡΠ²Π° ΠΠ Ρ ΠΊΡΠΈΡΠΈΡΠ΅ΡΠΊΠΈΠΌΠΈ ΡΡΠ΅Π±ΠΎΠ²Π°Π½ΠΈΡΠΌΠΈ ΠΏΠΎ Π½Π°Π΄Π΅ΠΆΠ½ΠΎΡΡΠΈ, Π½ΠΎ Π΄ΠΎ ΡΠΈΡ
ΠΏΠΎΡ ΠΎΠ½ΠΈΠ½Π΅ Π½Π°Ρ
ΠΎΠ΄ΠΈΠ»ΠΈΡΠΈΡΠΎΠΊΠΎΠ³ΠΎ ΠΏΡΠΈΠΌΠ΅Π½Π΅Π½ΠΈΡ Π² Π‘Π Π . ΠΡΡ
ΠΈΡΠ΅ΠΊΡΡΡΠ° InnoChain Π²ΠΊΠ»ΡΡΠ°Π΅Ρ (1) ΠΏΡΠ΅Π΄ΠΌΠ΅ΡΠ½ΠΎ-ΠΎΡΠΈΠ΅Π½ΡΠΈΡΠΎΠ²Π°Π½Π½ΡΠΉ ΡΠ·ΡΠΊ ΡΠΌΠ°ΡΡ-ΠΊΠΎΠ½ΡΡΠ°ΠΊΡΠΎΠ² Ρ ΡΠΎΡΠΌΠ°Π»ΡΠ½ΠΎΠΉ ΡΠ΅ΠΌΠ°Π½ΡΠΈΠΊΠΎΠΉ, Π²ΡΡΡΠΎΠ΅Π½Π½ΡΠΉ Π² ΡΡΠ½ΠΊΡΠΈΠΎΠ½Π°Π»ΡΠ½ΡΠΉ ΡΠ·ΡΠΊ CakeML (Π΄ΠΈΠ°Π»Π΅ΠΊΡ ΡΠ·ΡΠΊΠ° ML), ΡΡΠΎ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ΅Ρ ΠΎΡΡΡΠ΅ΡΡΠ²Π»ΡΡΡ ΡΠΎΡΠΌΠ°Π»ΡΠ½ΡΡ Π²Π΅ΡΠΈΡΠΈΠΊΠ°ΡΠΈΡ ΡΠ²ΠΎΠΉΡΡΠ² ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΡΡΠΈ ΡΠΌΠ°ΡΡ-ΠΊΠΎΠ½ΡΡΠ°ΠΊΡΠΎΠ² Π² ΡΠΈΡΡΠ΅ΠΌΠ°Ρ
Π»ΠΎΠ³ΠΈΠΊΠΈ Π²ΡΡΡΠΈΡ
ΠΏΠΎΡΡΠ΄ΠΊΠΎΠ² (Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, HOL4); (2) Π²Π΅ΡΠΈΡΠΈΡΠΈΡΠΎΠ²Π°Π½Π½ΡΡ ΡΡΠ°Π½ΡΠ»ΡΡΠΈΡ ΡΠΌΠ°ΡΡ-ΠΊΠΎΠ½ΡΡΠ°ΠΊΡΠΎΠ² Π² ΠΌΠ°ΡΠΈΠ½Π½ΡΠΉ ΠΊΠΎΠ΄ Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ ΠΊΠΎΠΌΠΏΠΈΠ»ΡΡΠΎΡΠ° CakeML Π²ΠΌΠ΅ΡΡΠΎ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΡ
ΠΌΠ°ΡΠΈΠ½ Π΄Π»Ρ ΠΈΡΠΏΠΎΠ»Π½Π΅Π½ΠΈΡ ΡΠΌΠ°ΡΡ-ΠΊΠΎΠ½ΡΡΠ°ΠΊΡΠΎΠ²; (3) ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΡ ΡΡΠ½ΠΊΡΠΈΠΎΠ½Π°Π»Π° ΡΠ·Π»Π° Π‘Π Π ΡΠ°ΠΊΠΆΠ΅ Π½Π° CakeML Ρ ΡΠΎΡΠΌΠ°Π»ΡΠ½ΠΎΠΉ Π²Π΅ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠ΅ΠΉ ΡΠ²ΠΎΠΉΡΡΠ² ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΡΡΠΈ ΠΈ Ρ Π²Π΅ΡΠΈΡΠΈΡΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠΉ ΡΡΠ°Π½ΡΠ»ΡΡΠΈΠ΅ΠΉ ΠΈΡΡ
ΠΎΠ΄Π½ΠΎΠ³ΠΎ ΠΊΠΎΠ΄Π° ΡΠ·Π»Π° Π² ΠΌΠ°ΡΠΈΠ½Π½ΡΠΉ ΠΊΠΎΠ΄; (4) ΡΠΎΡΠΌΠ°Π»ΡΠ½ΡΡ Π²Π΅ΡΠΈΡΠΈΠΊΠ°ΡΠΈΡ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Π° ΠΊΠΎΠ½ΡΠ΅Π½ΡΡΡΠ° Π‘Π Π (HotStuff BFT); (5) ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ ΡΠΎΡΠΌΠ°Π»ΡΠ½ΠΎ-Π²Π΅ΡΠΈΡΠΈΡΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠ³ΠΎ ΠΌΠΈΠΊΡΠΎΡΠ΄ΡΠ° seL4 Π² ΠΊΠ°ΡΠ΅ΡΡΠ²Π΅ ΠΎΠΏΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΠΎΠ³ΠΎ ΠΎΠΊΡΡΠΆΠ΅Π½ΠΈΡ Π‘Π Π Π²ΠΌΠ΅ΡΡΠΎ ΠΎΠΏΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΡΡ
ΡΠΈΡΡΠ΅ΠΌ ΠΎΠ±ΡΠ΅Π³ΠΎ Π½Π°Π·Π½Π°ΡΠ΅Π½ΠΈΡ. ΠΡΠ΅Π΄Π»Π°Π³Π°Π΅ΠΌΠ°Ρ Π°ΡΡ
ΠΈΡΠ΅ΠΊΡΡΡΠ° ΠΎΡΠΊΡΡΠ²Π°Π΅Ρ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡΠΈ Π΄Π»Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ Π‘Π Π InnoChain Π² ΠΊΡΠΈΡΠΈΡΠ΅ΡΠΊΠΈΡ
ΠΏΠΎ Π½Π°Π΄Π΅ΠΆΠ½ΠΎΡΡΠΈ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡΡ
, Π² ΡΠ°ΡΡΠ½ΠΎΡΡΠΈ, Π² ΡΠΈΡΡΠ΅ΠΌΠ΅ ΡΠΏΡΠ°Π²Π»Π΅Π½ΠΈΡ Π·Π°ΠΏΡΠ°Π²ΠΊΠΎΠΉ Π²ΠΎΠ·Π΄ΡΡΠ½ΡΡ
ΡΡΠ΄ΠΎΠ² ΠΠΠ ΠΡΡΠΎΡΠ»ΠΎΡ
Architecture of the Formally-Verified Distributed Ledger System InnoChain
In this paper we consider the software architecture of InnoChain, a distributed ledger system (DLS) with 5 levels of formal verification, including a formally-verified underlying operating system (OS). The objective of this architecture is to achieve a higher level of DLS dependability compared to more traditional software architectures and quality assurance (QA) methods. The architecture of InnoChain includes (1) a programming language for smart contracts which is a domain-specific language with formal semantics embedded into CakeML, which is a functional language ofthe ML family; this allows us to carry out formal verification of smart contracts' correctness properties using higher-order logic systems, such as HOL4; (2) trusted compilation of smart contracts into the machine code using the verified compiler available for CakeML, rather than relying on a virtual machine for execution of smart contracts; (3) using CakeML for implementation of InnoChain node functionality which allows for formal verification of code correctness and trusted compilation into the machine code; (4) formal verification of the consensus protocol used InnoChain, namely HotStuff BFT; (5) using seL4, a formally-verified microkernel, as the underlying OS for InnoChain instead of more traditional general-purpose OSes such as Linux. The proposed verified architecture will allow InnoChain to be used in mission-critical applications, such as the decentralized Aircraft Fuelling Control System which is currently under development for JSC Aeroflot, the Russian national air carrier