Assurance through Enhanced Design Methodology Orlando, FL 5 December 2012 Nirav Davé SRI International This effort is sponsored by the Defense Advanced.

Slides:

Advertisements

Similar presentations

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Advertisements

Software Engineering CSE470: Process 15 Software Engineering Phases Definition: What? Development: How? Maintenance: Managing change Umbrella Activities:

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

May 11, ACL2 Panel: What is the Future of Theorem Proving? Arvind Computer Science & Artificial Intelligence Laboratory.

The Future of Correct Software George Necula. 2 Software Correctness is Important ► Where there is software, there are bugs ► It is estimated that software.

Testing: Who 3, What 4, Why 1, When 2, How 5 Lian Yu, Peking U. Michal Young, U. Oregon.

Families of Software Systems Notkin: 3 of 3 lectures on change.

SPECIFYING COGNITIVE MODELS Using Patterns and Conflicts A. Macklem, F. Mili Oakland University S. Dungrani TARDEC June, 2004.

Virtual Memory Virtual Memory Management in Mach Labels and Event Processes in Asbestos Ingar Arntzen.

The Architecture Design Process

Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

Department of Computer Science University of Maryland, College Park

Karlstad University Computer Science Design Contracts and Error Management Design Contracts and Errors A Software Development Strategy (anpassad för PUMA)

12/1/2005Comp 120 Fall December Three Classes to Go! Questions? Multiprocessors and Parallel Computers –Slides stolen from Leonard McMillan.

1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.

End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI

Department of Computer Science & Engineering College of Engineering Dr. Betty H.C. Cheng, Laura A. Campbell, Sascha Konrad The demand for distributed real-time.

Automated Tests in NICOS Nightly Control System Alexander Undrus Brookhaven National Laboratory, Upton, NY Software testing is a difficult, time-consuming.

1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Smten: Automatic Translation of High-level Symbolic Computations into SMT Queries Richard Uhler (MIT-CSAIL) and Nirav Dave (SRI International) CAV 2013.

CLEANROOM SOFTWARE ENGINEERING.

Towards Scalable Modular Checking of User-defined Properties Thomas Ball, MSR Brian Hackett, Mozilla Shuvendu Lahiri, MSR Shaz Qadeer, MSR Julien Vanegue,

GENERAL CONCEPTS OF OOPS INTRODUCTION With rapidly changing world and highly competitive and versatile nature of industry, the operations are becoming.

December 10, 2009 L29-1 The Semantics of Bluespec Arvind Computer Science & Artificial Intelligence Lab Massachusetts Institute.

© 2012 IBM Corporation Rational Insight | Back to Basis Series Chao Zhang Unit Testing.

C++ Code Analysis: an Open Architecture for the Verification of Coding Rules Paolo Tonella ITC-irst, Centro per la Ricerca Scientifica e Tecnologica

Design Verification An Overview. Powerful HDL Verification Solutions for the Industry’s Highest Density Devices  What is driving the FPGA Verification.

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

Extreme/Agile Programming Prabhaker Mateti. ACK These slides are collected from many authors along with a few of mine. Many thanks to all these authors.

Programming Models & Runtime Systems Breakout Report MICS PI Meeting, June 27, 2002.

Intent Specification Intent Specification is used in SpecTRM

Headquarters U. S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e © 2008 The MITRE Corporation. All rights reserved From Throw Away.

© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.

1 Introduction to Software Engineering Lecture 1.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

Fundamentals of Information Systems, Second Edition 1 Systems Development.

March, 2007Intro-1http://csg.csail.mit.edu/arvind Design methods to facilitate rapid growth of SoCs Arvind Computer Science & Artificial Intelligence Lab.

Group 3: Architectural Design for Enhancing Programmability Dean Tullsen, Josep Torrellas, Luis Ceze, Mark Hill, Onur Mutlu, Sampath Kannan, Sarita Adve,

The basics of the programming process The development of programming languages to improve software development Programming languages that the average user.

The Software Development Process

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor.

Software Maintenance Speaker: Jerry Gao Ph.D. San Jose State University URL: Sept., 2001.

CASE (Computer-Aided Software Engineering) Tools Software that is used to support software process activities. Provides software process support by:- –

MK++ A High Assurance Operating System Kernel Shai Guday David Black.

© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.

Assoc. Prof. Dr. Ahmet Turan ÖZCERİT.  System and Software  System Engineering  Software Engineering  Software Engineering Standards  Software Development.

Requirements Engineering Requirements Engineering in Agile Methods Lecture-28.

CrossCheckSimulation Results Conclusions References Model Instrumentation Modeling with CUTS Property Specification SPRUCE Challenge Problem Checking Model.

CSC 480 Software Engineering High Level Design. Topics Architectural Design Overview of Distributed Architectures User Interface Design Guidelines.

COMP381 by M. Hamdi 1 Clusters: Networks of WS/PC.

What’s Ahead for Embedded Software? (Wed) Gilsoo Kim

Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University

General requirements for BES III offline & EF selection software Weidong Li.

February 19, February 19, 2016February 19, 2016February 19, 2016 Azusa, CA Sheldon X. Liang Ph. D. Software Engineering in CS at APU Azusa Pacific.

Software Development Process CS 360 Lecture 3. Software Process The software process is a structured set of activities required to develop a software.

Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University

Problem: design complexity advances in a pace that far exceeds the pace in which verification technology advances. More accurately: (verification complexity)

 System Requirement Specification and System Planning.

The Structuring of Systems Using Upcalls By David D. Clark Presented by Samuel Moffatt.

The Systems Engineering Context

Software Testing.

Software Quality Engineering

Maintaining software solutions

Tools of Software Development

Chapter 19: Building Systems with Assurance

Mark McKelvin EE249 Embedded System Design December 03, 2002

Chapter 2. Problem Solving and Software Engineering

Presentation transcript:

Assurance through Enhanced Design Methodology Orlando, FL 5 December 2012 Nirav Davé SRI International This effort is sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contract FA C This material is approved for public release, distribution unlimited. The views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense or the U.S. Government.

The Problem We want designers to build systems: That work That are fast That are cheap That are fast to develop Designers do not want more responsibility Adding a strong correctness / verification is a “want” but not a “need” and so we have a high resistance to adoption

Convincing Designers to do extra work We could simply force designers to use the “right” methodology / tool / etc., but engineers are very good at technically meeting requirements The only way to get high assurance is to convince designers that its worth it for their bottom line

Examples Static Type Checking Eradicates a huge slew of usage errors Garbage Collection Coverage-based test generation Automatic generation of tests

BSV: State and Rules organized into modules All state (e.g., Registers, FIFOs, RAMs,...) is explicit. Behavior is expressed in terms of atomic actions on the state: Rule: guard  action Semantics: Repeatedly any rule with valid guard & execute it interface module

Better Design Abstraction: Bluespec SystemVerilog Corresponds to cycle-level parallel operations designers reason about (not FSMs) Directly exposes error prone micro-scheduling task of hardware and provides high performance schedule. Greatly enhances ability to modular refine designs A decade of work showing: No Compromise Hardware Substantially smaller (2-10x) code Increased readability and modifiability

Automatic extraction of architectural behavior Can leverage the fact that operations are directly represented to easily fuse micro-operations split for performance back to a ISA-level operation: Can easily abstract away pipelining, caching, speculation, etc. Dramatically simpler verification of ISA properties Exposes interesting execution paths: focuses debugging efforts

Compartimentalizing Application stack 15

Software compartmentalisation Software compartmentalisation decomposes applications into many isolated components. Each running with only the rights required to perform its function. This implements the principle of least privilege. When a compartmentalised application is compromised, only rights held by the exploited component leak to the attacker. Most vulnerabilities will no longer yield significant rights, and attackers must exploit many vulnerabilities to meet their goals. When a compartmentalised application is compromised, only rights held by the exploited component leak to the attacker. Most vulnerabilities will no longer yield significant rights, and attackers must exploit many vulnerabilities to meet their goals. When a conventional application is compromised, its ambient rights are leaked to the attacker, e.g., full network and file system access. Software implementation quickly becomes prohibitively expensive

CHERI: HW Capabilities Hardware-based capabilities to make compartment boundary changes cheap enough to scale to large numbers Capabilities provide type safety and object-capability invocation within user processes & avoid multi-process compartmentalization Pro: higher assurance Con: additional user requirement to get benefits. High-level Language solutions possible.

Conclusion We’ve known what we need to get higher assurance for years Low adoption as long as it’s not a base requirement for any design, unless techniques which improve assurance also simplify the designers task