Extensible Code Verification Kun Gao (Senior EECS) with Professor George Necula, Evan Chang, Robert Schneck, Adam Chlipala An individual receives code.

Slides:



Advertisements
Similar presentations
Inference without the Engine!. What is EZ-Xpert 3.0? EZ-Xpert is a Rapid Application Development (RAD) environment for creating fast and accurate rule-based.
Advertisements

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.
Compositional Verifiers for Mobile Code Safety Bor-Yuh Evan Chang Adam Chlipala George C. Necula May 12, 2005 OSQ Retreat Santa Cruz, California.
Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.
Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Nicholas Moore Bianca Curutan Pooya Samizadeh McMaster University March 30, 2012.
Introductory Lecture. What is Discrete Mathematics? Discrete mathematics is the part of mathematics devoted to the study of discrete (as opposed to continuous)
An Introduction to Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker)
The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI
Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute.
Coolaid: Debugging Compilers with Untrusted Code Verification Bor-Yuh Evan Chang with George Necula, Robert Schneck, and Kun Gao May 14, 2003 OSQ Retreat.
Extensible Verification of Untrusted Code Bor-Yuh Evan Chang, Adam Chlipala, Kun Gao, George Necula, and Robert Schneck May 14, 2004 OSQ Retreat Santa.
1 Introduction to Computability Theory Lecture15: Reductions Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
Strength Through Typing: A more powerful dependently-typed assembly language Matt Harren George Necula OSQ 2004.
Automated Analysis and Code Generation for Domain-Specific Models George Edwards Center for Systems and Software Engineering University of Southern California.
Building Reliable Software Requirements and Methods.
Chapter 1: An Introduction to Computer Science Invitation to Computer Science, C++ Version, Third Edition.
Under the Hood of the Open Verifier Bor-Yuh Evan Chang, Adam Chlipala, Kun Gao, George Necula, and Robert Schneck October 21, 2003 OSQ Group Meeting.
CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)
VIDE Integrated Environment for Development and Verification of Programs.
Proof-system search ( ` ) Interpretation search ( ² ) Main search strategy DPLL Backtracking Incremental SAT Natural deduction Sequents Resolution Main.
©The McGraw-Hill Companies, Inc. Permission required for reproduction or display. slide 1 CS 125 Introduction to Computers and Object- Oriented Programming.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
Programming Languages Structure
A Type System for Expressive Security Policies David Walker Cornell University.
©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. COMPSCI 125 Introduction to Computer Science I.
EE694v-Verification-Lect5-1- Lecture 5 - Verification Tools Automation improves the efficiency and reliability of the verification process Some tools,
Extensible Untrusted Code Verification Robert Schneck with George Necula and Bor-Yuh Evan Chang May 14, 2003 OSQ Retreat.
1 The Problem o Fluid software cannot be trusted to behave as advertised unknown origin (must be assumed to be malicious) known origin (can be erroneous.
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.
DOP - A CPU CORE FOR TEACHING BASICS OF COMPUTER ARCHITECTURE Miloš Bečvář, Alois Pluháček and Jiří Daněček Department of Computer Science and Engineering.
Java Virtual Machine Java Virtual Machine A Java Virtual Machine (JVM) is a set of computer software programs and data structures that use.
C# Overview and Features. Content I.History of C# II.Architecture III.How to install IV.Features V.Code Sample VI.Microsoft.NET Platform VII.Why use C#
1 A Simple but Realistic Assembly Language for a Course in Computer Organization Eric Larson Moon Ok Kim Seattle University October 25, 2008.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
Introduction Algorithms and Conventions The design and analysis of algorithms is the core subject matter of Computer Science. Given a problem, we want.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
Proof-Carrying Code & Proof-Carrying Authentication Stuart Pickard CSCI 297 June 2, 2005.
Dichotomies: Software Research vs Practice Peter Lee Carnegie Mellon University HCMDSS Workshop, June 2005 Peter Lee Carnegie Mellon University HCMDSS.
© Andrew IrelandDependable Systems Group On the Scalability of Proof Carrying Code for Software Certification Andrew Ireland School of Mathematical & Computer.
10/03/05 Johan Muskens ( TU/e Computer Science, System Architecture and Networking.
Comparing Java and.Net Security: Lessons Learned and Missed - Nathanael Paul, David Evans Presented by Dan Frohlich.
1. 2 Preface In the time since the 1986 edition of this book, the world of compiler design has changed significantly 3.
3.2 Semantics. 2 Semantics Attribute Grammars The Meanings of Programs: Semantics Sebesta Chapter 3.
Secure Compiler Seminar 4/11 Visions toward a Secure Compiler Toshihiro YOSHINO (D1, Yonezawa Lab.)
Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.
How to Program? -- Part 1 Part 1: Problem Solving –Analyze a problem –Decide what steps need to be taken to solve it. –Take into consideration any special.
Concurrency Properties. Correctness In sequential programs, rerunning a program with the same input will always give the same result, so it makes sense.
SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.
Introduction CSE 1310 – Introduction to Computers and Programming Vassilis Athitsos University of Texas at Arlington 1.
R-Verify: Deep Checking of Embedded Code James Ezick † Donald Nguyen † Richard Lethin † Rick Pancoast* (†) Reservoir Labs (*) Lockheed Martin The Eleventh.
Getting ready. Why C? Design Features – Efficiency (C programs tend to be compact and to run quickly.) – Portability (C programs written on one system.
CSE 60641: Operating Systems George C. Necula and Peter Lee, Safe Kernel Extensions Without Run-Time Checking, OSDI ‘96 –SIGOPS Hall of fame citation:
1 Asstt. Prof Navjot Kaur Computer Dept PRESENTED BY.
Introduction to Programming 1 1 2Introduction to Java.
Introductory Lecture. What is Discrete Mathematics? Discrete mathematics is the part of mathematics devoted to the study of discrete (as opposed to continuous)
INTRO. To I.T Razan N. AlShihabi
Types for Programs and Proofs
Matching Logic An Alternative to Hoare/Floyd Logic
System Programming and administration
State your reasons or how to keep proofs while optimizing code
Foundations of Computer Science
Automated Analysis and Code Generation for Domain-Specific Models
Lecture 19: Proof-Carrying Code Background just got here last week
Presentation transcript:

Extensible Code Verification Kun Gao (Senior EECS) with Professor George Necula, Evan Chang, Robert Schneck, Adam Chlipala An individual receives code from an untrusted source Before executing the code, he wants to verify certain properties about the code, such as memory safety The individual does not want to restrict the producer of the code to: Particular programming language Particular coding convention code ? untrustedtrusted Then how do we verify the code without restriction? Overview When we download programs from the Internet, how do we know the program is safe to run? This is a fundamental question asked in the area of Program Verification. Program Verification has rich backgrounds in theoretical work as well as practical application. Every year, papers are published on new discoveries and tools to verify more kinds of programs. code When given code, how do we know it is safe to run? The safest thing we can do is say “no” to every program, but that wouldn’t be very useful! Traditional approaches such as Proof Carrying Code (PCC) has either been fixed towards a particular compiler for scalability, while Foundational PCC (FPCC) has sacrifices ease of generating proofs for flexibility. The goal is to say “Yes” to every safe program and “No” to every unsafe program. Decoder instruction at state s safe if P holds proceed to next states D Director Extension code trusted untrusted state s a proof of P proceed to next states E and a proof that E covers D next states E SPIM COOL Compiler SPIM Compiler Test Case Compiled Program Test Cases Stressed CS164 Student COOL Compiler Coolaid COOL Verifier Compiler Test Case Relaxed CS164 Student The code producer supplies the verifier along with the code flexibility: code producer can provide a verifier with specialized reasoning about the code scalability: specialized reasoning for the enforcement mechanism encoded in executable form amount of trusted code: verifier extension with specialized reasoning is not trusted, does not add to code that must be correct Too hard to prove correctness of the verifier Embed the untrusted verifier as an extension in a trusted infrastructure (the Open Verifier) untrustedtrusted verifier extension OpenVer code verifier extension More FlexibleLess Flexible OVPCC More ScalableLess Scalable OVFPCC Less Trusted CodeMore Trusted Code OVPCC code safe? untrustedtrusted verifier Too hard to prove correctness of the verifier MotivationSolution code Question: Goal: Say ‘Yes’ to every safe program, and ‘No’ to every unsafe program Obviously, the person who wrote the code knows a lot more about the safety properties of the code. We can have the person writing the code send a verifier also. But this means we need to check that the verifier is correct. This would be too difficult. ArchitectureApplicationSummary The Open Verifier Architecture consists of the Decoder and Director, which are trusted, and the Extension, which is untrusted. The Open Verifier is a trusted architecture for verifying code. By embedding an untrusted verifier into the Open Verifier, the Open Verifier can now reason effectively about the code. This untrusted verifier is called the Extension. At each step in the verification, we first check with the verifier extension. To make sure it is giving us the right answer, the trusted parts ask the extension questions phrased in logic. We implemented this system using OCaml. Currently, the architecture supports parsing of MIPS, x86, with extensions for Coolaid and TAL. Keeping the trusted open verifier small means we can more easily check it is correct. Currently, the trusted components are the architecture, is only around 3000 lines of code. A graphical tool in the style of debugger allows users to step through code and setup breakpoints. To test the architecture, the COOL programming language was selected. COOL is significant because it implements many modern object oriented features and has well documented language specifications. COOL Open Verifier used to debug COOL compilers Extensible Code Verification allows code producers to write untrusted verifier extensions. These extensions when used with the open verifier architecture, allows the code producer flexibility in use various safety enforcement mechanisms to simplify proof generation by incorporating specialized reasoning. The result is a system that is smaller and more flexible than traditional PCC, and more scalable than Foundational PCC. Open Verifier is more flexible than traditional PCC and more scalable than FPCC If you are interested in the Extensible Code Verification, and would like to contribute, please Prof. Necula: COOL stands for Classroom Object Oriented Language, a simplified compiler used in introductory compiler courses. There are more COOL compilers than COOL programs! Debugging compilers is tedious and difficult. The Cool Open Verifier was used to test our ideas for an open verification architecture for proof-carrying code. It provides students with a helpful compiler debugging tool Interesting ideas can be tested on the Open Verifier architecture, such as new COOL language features including exceptions. Future work includes incorporating radically different language features and implementations to test the robustness and flexibility of the architecture.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.