Encoding Featherweight Java with Assignment and Immutability using The Coq Proof Assistant

We develop a mechanized proof of Featherweight Java with Assignment and Immutability in the Coq proof assistant. This is a step towards more machine-checked proofs of a non-trivial type system. We used object immutability close to that of IGJ [8]. We describe the challenges of the mechanization and the encoding we used inside of Coq. prover. Our Coq sources are publically available 1. Example. We define a parametrized class Cell, where the mutable instantiation can get and set the interned object, whereas the immutable instantiation can only get the interned object, provided initially in the constructor. We chose to use transitive mutability in this example. 1

MirageOS: robust and secure services for the cloud

The MirageOS project develops single-purpose operating systems targeting hypervisors, also named a unikernel or library operating system. Each unikernel is specialised at compile-time by the composition of available libraries. There are multiple advantages of MirageOS, e.g. its tiny attack surface - the binary size of a MirageOS unikernel is 4% compared to a UNIX-based operating systems; less complexity - avoiding process management, scheduler, virtual memory. MirageOS was started in 2008 at University of Cambridge, and is written in the functional statically-typed programming language OCaml, which avoids common attack vectors (spatial and temporal memory safety issues such as buffer overflows and use-after-free). In addition, we are working on common best security practises: cryptographically signed supply chain, reproducible builds. MirageOS unikernels can be deployed on commodity hypervisor (Xen, KVM, FreeBSD BHyve, OpenBSD VMM), virtio, as Linux processes with strict seccomp rules, on the separation kernel muen.sk, or on the operating system framework GenodeOS that uses a microkernel. The backends, apart from Xen, use Solo5 which was initially developed with MirageOS in mind. Apart from core Internet Protocols (TCP/IP, DHCP, DNS, HTTP), security protocols (TLS, OpenPGP, OTR), and branchable distributed storage (implementing the git protocol) for persistency, we are developing several applications: Calendar and address book (CalDAV/CardDAV) storing data in a remote git repository EMail (MIME encoding/decoding, SMTP, IMAP) Firewall (currently mainly for QubesOS) OpenVPN gateway Other applications and libraries are available in various states of development - from unreleased to mature. MirageOS is a collection of OCaml libraries, currently around 150, of which nearly all MirageOS libraries and tooling is released under MIT/ISC/BSD 2 clause licenses, and freely available. Some MirageOS libraries (e.g. DNS, TCP/IP) have been deployed as part of Docker for Mac and Docker for Windows (vpnkit, etc.) which has millions of users on a daily basis. About the speaker Hannes Mehnert researches in several engineering areas: from programming languages (such as compiler optimisation visualisation, type systems) over full functional correctness proofs of object-oriented code, the topic of his PhD dissertation, development environments for dependently typed languages, to network protocols (TCP/IP) and security protocols (TLS, OTR). In his spare time, Hannes is not only a hacker, coauthor of a book on indian cuisine and functional programming in JavaScript, but also a barista and likes to travel and repair his recumbent bicycle. Since beginning of 2018, Hannes works on a non-profit to put MirageOS into production at robur. He used to be a postdoc at University of Cambridge working with the semantics, systems, and security group.</p

Verification of Snapshotable Trees using Access Permissions and Typestate

<p>We use access permissions and typestate to specify and verify a Java library that implements snapshotable search trees, as well as some client code. We formalize our approach in the Plural tool, a sound modular typestate checking tool. We describe the challenges to verifying snapshotable trees in Plural, give an abstract interface specification against which we verify the client code, provide a concrete specification for an implementation and describe proof patterns we found. We also relate this verification approach to other techniques used to verify this data structure.</p