Exploring the Environmental Benefits of In-Process Isolation for Software Resilience

Memory-related errors remain an important cause of software vulnerabilities. While mitigation techniques such as using memory-safe languages are promising solutions, these do not address software resilience and availability. In this paper, we propose a solution to build resilience against memory attacks into software, which contributes to environmental sustainability and security

Combining formal methods and testing: A case study on FreeRTOS

In this talk we will demonstrate the use of formal verification techniques for embedded systems software. Our work aims to provide a rigorous proof of correctness for this software, and also to leverage testing. Using the embedded real-time operating system FreeRTOS as a case study, we will introduce an experimental tool-chain to enable specification and proof of system properties so that the entire development process from requirements to binary code is covered. We will further present intermediate results from verifying FreeRTOS' core components and discuss how testing can benefit, in terms of automation and thoroughness, from involving formal verification tools.status: publishe

Verifying FreeRTOS: from requirements to binary code

This paper reports on ongoing work towards verifying the FreeRTOS real-time operating system kernel. We discuss tools and techniques currently employed and outline future directions of research.status: publishe

Tutorial: Building distributed enclave applications with Sancus and SGX

status: publishe

Reflections on post-Meltdown trusted computing: A case for open security processors

The recent wave of microarchitectural vulnerabilities in commodity hardware requires us to question our understanding of system security. We deplore that even for processor architectures and research prototypes with an explicit focus on security, open-source designs remain the exception. This article and call for action briefly surveys ongoing community efforts for developing a new generation of open security architectures, for which we collectively have a clear understanding of execution semantics and the resulting security implications. We advocate formal approaches to reason about the security guarantees that these architectures can provide, including the absence of microarchitectural bugs and side-channels. We consider such a principled approach essential in an age where society increasingly relies on interconnected and dependable control systems. Finally, we aim to inspire strong industrial and academic collaboration in such an engineering effort, which we believe is too monumental to be suitably addressed by a single enterprise or research community.no ISSNstatus: publishe