2009
DOI: 10.1007/s10817-009-9123-z
|View full text |Cite
|
Sign up to set email alerts
|

Balancing the Load

Abstract: We have developed a stack of semantics for a high-level C-like language and low-level assembly code, which has been carefully crafted to support the pervasive verification of system software. It can handle mixed-language implementations and concurrently operating devices, and permits the transferral of properties to the target architecture while obeying its resource restrictions. We demonstrate the applicability of our framework by proving the correct virtualization of user memory in our microkernel, which imp… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
5
0

Year Published

2009
2009
2018
2018

Publication Types

Select...
5
1

Relationship

0
6

Authors

Journals

citations
Cited by 32 publications
(5 citation statements)
references
References 28 publications
0
5
0
Order By: Relevance
“…The result of this analysis are theorems in Sect. 4.3. They demonstrate that a software satisfying a set of proof obligations (i.e., correctly implementing the countermeasure) is not vulnerable because of cache storage channels.…”
Section: Resultsmentioning
confidence: 99%
See 2 more Smart Citations
“…The result of this analysis are theorems in Sect. 4.3. They demonstrate that a software satisfying a set of proof obligations (i.e., correctly implementing the countermeasure) is not vulnerable because of cache storage channels.…”
Section: Resultsmentioning
confidence: 99%
“…Recent works on kernel and hypervisor verification [8,10,[17][18][19]21,24,25,33,34] all assume a sequential memory model and leave cache issues to be managed by model external means, while the CVM framework [4] treats caches only in the context of device management [23]. In [21], a cacheless model was used to prove security of the hypervisor used here as a case study.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…The attacker uses the algorithm presented in Figure 2, however several considerations must be taken into account to make the attack practical. The attacker repeats the filling and probing phases for each possible line index (128) and way (4) of the data-cache. In practice, since the cache eviction strategy is pseudo random, the filling phase is also repeated several times, until the L1 cache is completely filled with the probing data (i.e.…”
Section: A Extraction Of Aes Keysmentioning
confidence: 99%
“…The verification of both seL4 [29] and the Prosper kernels [18], [33] assume that caches are invisible and ignore timing channels. The CVM framework from the Verisoft project [4] treats caches only in the context of device management [24]. For the verification of user processes and the remaining part of the kernel, caches are invisible.…”
Section: Introductionmentioning
confidence: 99%