Formally Verifying Isolation and Availability in an Idealized Model of Virtualization

Barthe, Gilles; Betarte, Gustavo; Campo, Juan Diego; Luna, Carlos

doi:10.1007/978-3-642-21437-0_19

Cited by 32 publications

(28 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some target information ow properties [7,12,15,18], based on variants of noninterference [11]. Other work establishes a re nement relation between kernel code, in some representation, and an abstract speci cation.…”

Section: Related Workmentioning

confidence: 99%

“…For security, the kernel and the processor must both be correct and agree on their mode of interaction. Most formal kernel analyses in the literature [7,12,13,15,18] address the kernel software itself, in source or binary form, and leave the properties of the instruction set architecture (ISA) to be handled by at. Our contribution is to suggest a possible approach, including tool support, for performing the ISA speci c security analysis, speci cally for user mode execution.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties

Khakpour

Schwarz

Dam

2013

Certified Programs and Proofs

View full text Add to dashboard Cite

Abstract. In this paper, we formally verify security properties of the ARMv7 Instruction Set Architecture (ISA) for user mode executions. To obtain guarantees that arbitrary (and unknown) user processes are able to run isolated from privileged software and other user processes, instruction level noninterference and integrity properties are provided, along with proofs that transitions to privileged modes can only occur in a controlled manner. This work establishes a main requirement for operating system and hypervisor veri cation, as demonstrated for the PROSPER separation kernel. The proof is performed in the HOL4 theorem prover, taking the Cambridge model of ARM as basis. To this end, a proof tool has been developed, which assists the veri cation of relational state predicates semi-automatically.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties

Khakpour

Schwarz

Dam

2013

Certified Programs and Proofs

View full text Add to dashboard Cite

show abstract

“…Our work is inspired by the efforts by Gilles Barthe et al to formally verify an idealized model of virtualization [1,2,3]. In this work, the authors have developed a model of a hypervisor and have verified that the latter correctly enforces several security properties among which the guest OSes isolation.…”

Section: Related Workmentioning

confidence: 99%

SpecCert: Specifying and Verifying Hardware-Based Security Enforcement

Letan

Chifflier

Hiet

et al. 2016

FM 2016: Formal Methods

View full text Add to dashboard Cite

Abstract. Over time, hardware designs have constantly grown in complexity and modern platforms involve multiple interconnected hardware components. During the last decade, several vulnerability disclosures have proven that trust in hardware can be misplaced. In this article, we give a formal definition of Hardware-based Security Enforcement (HSE) mechanisms, a class of security enforcement mechanisms such that a software component relies on the underlying hardware platform to enforce a security policy. We then model a subset of a x86-based hardware platform specifications and we prove the soundness of a realistic HSE mechanism within this model using Coq, a proof assistant system.

show abstract

“…Past work on formal verification of kernel information flow properties [12,19,23,4] are based on variants of noninterference [11]. Typically, the goal is to allow a number of component systems, partitions, or guest systems, depending on terminology, to share a computing platform without any interaction, leaving possible communication between the partitions to be managed by mechanisms outside the model.…”

Section: Related Workmentioning

confidence: 99%

“…Copyright is held by the author/owner(s). CCS'13, November [4][5][6][7][8]2013, Berlin, Germany. ACM 978-1-4503-2477-9/13/11.…”

Section: Introductionmentioning

confidence: 99%

Formal verification of information flow security for a simple arm-based separation kernel

Dam

Guanciale

Khakpour

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

View full text Add to dashboard Cite

A separation kernel simulates a distributed environment using a single physical machine by executing partitions in isolation and appropriately controlling communication among them. We present a formal verification of information flow security for a simple separation kernel for ARMv7. Previous work on information flow kernel security leaves communication to be handled by model-external means, and cannot be used to draw conclusions when there is explicit interaction between partitions. We propose a different approach where communication between partitions is made explicit and the information flow is analyzed in the presence of such a channel. Limiting the kernel functionality as much as meaningfully possible, we accomplish a detailed analysis and verification of the system, proving its correctness at the level of the ARMv7 assembly. As a sanity check we show how the security condition is reduced to noninterference in the special case where no communication takes place. The verification is done in HOL4 taking the Cambridge model of ARM as basis, transferring verification tasks on the actual assembly code to an adaptation of the BAP binary analysis tool developed at CMU.

show abstract

Formally Verifying Isolation and Availability in an Idealized Model of Virtualization

Cited by 32 publications

References 15 publications

Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties

Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties

SpecCert: Specifying and Verifying Hardware-Based Security Enforcement

Formal verification of information flow security for a simple arm-based separation kernel

Contact Info

Product

Resources

About