Robert Bellarmine Krug scite author profile

Abstract. As of version 2.7, the ACL2 theorem prover has been extended to automatically verify sets of polynomial inequalities that include nonlinear relationships. In this paper we describe our mechanization of linear and nonlinear arithmetic in ACL2. The nonlinear arithmetic procedure operates in cooperation with the pre-existing ACL2 linear arithmetic decision procedure. It extends what can be automatically verified with ACL2, thereby eliminating the need for certain types of rules in ACL2's database while simultaneously increasing the performance of the ACL2 system when verifying arithmetic conjectures. The resulting system lessens the human effort required to construct a large arithmetic proof by reducing the number of intermediate lemmas that must be proven to verify a desired theorem.

show abstract

Building a Hypervisor on a Formally Verifiable Protection Layer

McCoyd

Krug

Goel

et al. 2013

View full text Add to dashboard Cite

Toward the Verification of a Simple Hypervisor

Dahlin

Johnson

Krug

et al. 2011

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Virtualization promises significant benefits in security, efficiency, dependability, and cost. Achieving these benefits depends upon the reliability of the underlying virtual machine monitors (hypervisors). This paper describes an ongoing project to develop and verify MinVisor, a simple but functional Type-I x86 hypervisor, proving protection properties at the assembly level using ACL2. Originally based on an existing research hypervisor, MinVisor provides protection of its own memory from a malicious guest. Our long-term goal is to fully verify MinVisor, providing a vehicle to investigate the modeling and verification of hypervisors at the implementation level, and also a basis for further systems research. Functional segments of the MinVisor C code base are translated into Y86 assembly, and verified with respect to the Y86 model. The inductive assertions (also known as "compositional cutpoints") methodology is used to prove the correctness of the code. The proof of the code that sets up the nested page tables is described. We compare this project to related efforts in systems code verification and outline some useful steps forward.

show abstract

Mechanized Information Flow Analysis through Inductive Assertions

Hunt

Krug

Ray

et al. 2008

View full text Add to dashboard Cite

Abstract-We present a method for verifying information flow properties of software programs using inductive assertions and theorem proving. Given a program annotated with information flow assertions at cutpoints, the method uses a theorem prover and operational semantics to generate and discharge verification conditions. This obviates the need to develop a verification condition generator (VCG) or a customized logic for information flow properties. The method is compositional: a subroutine needs to be analyzed once, rather than at each call site. The method is being mechanized in the ACL2 theorem prover, and we discuss initial results demonstrating its applicability.I. INTRODUCTION Security of many critical computing systems depends on information flow policies that prohibit access to sensitive information without proper authorization. With the increasing application of software systems to secure applications, it is vital to ensure that a software implementation properly enforces information flow policies. The goal of this paper is to develop techniques for mechanized information flow analysis.In its simplest form, modeling an information flow policy involves labeling certain program variables as classified (or high security), with the requirement that the value of an unclassified variable is not influenced by the initial values of any classified variable. Such a policy can be formalized by noninterference [1]. A deterministic program satisfies the policy if, from a pair of initial states differing only in classified variables, any pair of computations leads to final states with identical values for unclassified variables. Noninterference naturally generalizes to a lattice of security levels. This paper proposes a method for verifying information flow properties of software programs through general-purpose theorem proving. Programs are formalized through an operational semantics of the underlying language defined by an interpreter that specifies the effect of executing instructions on the system state. Our approach uses inductive assertions. Given a program annotated with assertions at cutpoints, we derive verification conditions that ensure requisite information flow control, to be discharged with a theorem prover.A key feature of our approach is that it obviates the need for implementing a custom verification condition generator (VCG) for information flow properties of the underlying language constructs. Instead, we show how to configure an off-theshelf theorem prover to mimic a VCG through symbolic simulation of the operational model. The method is inspired by, and an extension of, our previous work [2] which showed

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.