Shenghao Yuan scite author profile

Shenghao Yuan

5Publications

8Citation Statements Received

106Citation Statements Given

How they've been cited

How they cite others

116

105

Affiliations

Shanghai Jiao Tong University, French Institute for Research in Computer Science and Automation, Nanjing University of Aeronautics and Astronautics

Publications

Order By: Most citations

End-to-End Mechanized Proof of an eBPF Virtual Machine for Micro-controllers

Yuan

Besson

Talpin

et al. 2022

View full text Add to dashboard Cite

RIOT is a micro-kernel dedicated to IoT applications that adopts eBPF (extended Berkeley Packet Filters) to implement so-called femto-containers. As micro-controllers rarely feature hardware memory protection, the isolation of eBPF virtual machines (VM) is critical to ensure system integrity against potentially malicious programs. This paper shows how to directly derive, within the Coq proof assistant, the verified C implementation of an eBPF virtual machine from a Gallina specification. Leveraging the formal semantics of the CompCert C compiler, we obtain an end-to-end theorem stating that the C code of our VM inherits the safety and security properties of the Gallina specification. Our refinement methodology ensures that the isolation property of the specification holds in the verified C implementation. Preliminary experiments demonstrate satisfying performance.

show abstract

Multi-task Ada code generation from synchronous dataflow programs on multi-core: Approach and industrial study

Yang

Yuan

Bodeveix

et al. 2021

Science of Computer Programming

View full text Add to dashboard Cite

Femto-containers

Zandberg

Baccelli

Yuan

et al. 2022

View full text Add to dashboard Cite

Low-power operating system runtimes used on IoT microcontrollers typically provide rudimentary APIs, basic connectivity and, sometimes, a (secure) firmware update mechanism. In contrast, on less constrained hardware, networked software has entered the age of serverless, microservices and agility. With a view to bridge this gap, in the paper we design Femto-Containers, a new middleware runtime which can be embedded on heterogeneous low-power IoT devices. Femto-Containers enable the secure deployment, execution and isolation of small virtual software functions on low-power IoT devices, over the network. We implement Femto-Containers, and provide integration in RIOT, a popular open source IoT operating system. We then evaluate the performance of our implementation, which was formally verified for fault-isolation, guaranteeing that RIOT is shielded from logic loaded and executed in a Femto-Container. Our experiments on various popular microcontroller architectures (Arm Cortex-M, ESP32 and RISC-V) show that Femto-Containers offer an attractive trade-off in terms of memory footprint overhead, energy consumption, and security. CCS CONCEPTS• Computer systems organization → Embedded systems.

show abstract

Automated Ada Code Generation from Synchronous Dataflow Programs on Multicore: Approach and Industrial Study

Yuan

Yang

Bodeveix

et al. 2020

View full text Add to dashboard Cite

Verified functional programming of an IoT operating system's bootloader

Yuan

Talpin

2021

View full text Add to dashboard Cite

The fault of one device on a grid may incur severe economical or physical damages. Among the many critical components in such IoT devices, the operating system's bootloader comes first to initiate the trusted function of the device on the network. However, a bootloader uses hardware-dependent features that make its functional correctness proof difficult. This paper uses verified programming to automate the verification of both the C libraries and assembly boot-sequence of such a, real-world, bootloader in an operating system for ARM-based IoT devices: RIoT. We first define the ARM ISA specification, semantics and properties in F★ to model its critical assembly code boot sequence. We then use Low★, a DSL rendering a C-like memory model in F★, to implement the complete bootloader library and verify its functional correctness and memory safety. Other than fixing potential faults and vulnerabilities in the source C and ASM bootloader, our evaluation provides an optimized and formally documented code structure, a reasonable specification/implementation ratio, a high degree of proof automation and an equally efficient generated code.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Shenghao Yuan

End-to-End Mechanized Proof of an eBPF Virtual Machine for Micro-controllers

Multi-task Ada code generation from synchronous dataflow programs on multi-core: Approach and industrial study

Femto-containers

Automated Ada Code Generation from Synchronous Dataflow Programs on Multicore: Approach and Industrial Study

Verified functional programming of an IoT operating system's bootloader

Contact Info

Product

Resources

About