White-box Software Isolation with Fully Automated Black- box Proofs Jiaqi Tan Rajeev Gandhi, Priya Narasimhan PARALLEL DATA LABORATORY Carnegie Mellon.

Slides:



Advertisements
Similar presentations
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Advertisements

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.
Vulnerabilities in Embedded Harvard Architecture Processors Presented By: Michael J. Hohnka Cyber Vulnerabilities Lead Cyber Innovation Division Communications,
Slides created by: Professor Ian G. Harris Efficient C Code  Your C program is not exactly what is executed  Machine code is specific to each ucontroller.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
LIFE CYCLE MODELS FORMAL TRANSFORMATION
VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
Starting Out with C++, 3 rd Edition 1 Chapter 1. Introduction to Computers and Programming.
Cleanroom Engineering and the B-Method: A Comparison Drew Connelly.
OmniVM Efficient and Language- Independent Mobile Programs Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco and Robert Wahbe from Carnegie Mellon University.
1 A Dependently Typed Assembly Language Hongwei Xi University of Cincinnati and Robert Harper Carnegie Mellon University.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
Systems with small trusted computing bases (TCBs) open possibility for automated security verification of systems Example: SecVisor - a 3kLOC security.
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.
A Type System for Expressive Security Policies David Walker Cornell University.
JML TOOLS REVIEW & EVALUATION Chris Grosshans Mark Lewis-Prazen.
CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
1 The Problem o Fluid software cannot be trusted to behave as advertised unknown origin (must be assumed to be malicious) known origin (can be erroneous.
Chapter 11: Testing The dynamic verification of the behavior of a program on a finite set of test cases, suitable selected from the usually infinite execution.
Trusted Computing Technologies for Embedded Systems and Sensor Networks Adrian Perrig Carnegie Mellon University.
Dr. Pedro Mejia Alvarez Software Testing Slide 1 Software Testing: Building Test Cases.
Computer Programming and Basic Software Engineering 4. Basic Software Engineering 1 Writing a Good Program 4. Basic Software Engineering.
CSCE 548 Secure Software Development Risk-Based Security Testing.
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
An Introduction Chapter Chapter 1 Introduction2 Computer Systems  Programmable machines  Hardware + Software (program) HardwareProgram.
1 Testing Course notes for CEN Outline  Introduction:  terminology and philosophy  Factors that influence testing  Testing techniques.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
Intent Specification Intent Specification is used in SpecTRM
Dichotomies: Software Research vs Practice Peter Lee Carnegie Mellon University HCMDSS Workshop, June 2005 Peter Lee Carnegie Mellon University HCMDSS.
An Effective Method to Control Interrupt Handler for Data Race Detection Makoto Higashi †, Tetsuo Yamamoto ‡, Yasuhiro Hayase †, Takashi Ishio † and Katsuro.
University of Virginia Department of Computer Science1 Applications of Software Dynamic Translation Jack Davidson University of Virginia February 27, 2002.
© Andrew IrelandDependable Systems Group On the Scalability of Proof Carrying Code for Software Certification Andrew Ireland School of Mathematical & Computer.
Lyra – A service-oriented and component-based method for the development of communicating systems (by Sari Leppänen, Nokia/NRC) Traditionally, the design,
Dtsi/Sol CEA System Software Activities 125/02/2005VD R&D topics Designing tools and system software for:  The management of parallelism Mono-processor.
N from what language did C++ originate? n what’s input, output device? n what’s main memory, memory location, memory address? n what’s a program, data?
TEST-1 6. Testing & Refactoring. TEST-2 How we create classes? We think about what a class must do We focus on its implementation We write fields We write.
Artificial Intelligence and its Social/Ethical Implications Senior Project II Group 5.
© Andrew IrelandDependable Systems Group Static Analysis and Program Proof Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt University.
Quality Assurance.
1 Introduction to Software Testing. Reading Assignment P. Ammann and J. Offutt “Introduction to Software Testing” ◦ Chapter 1 2.
Software Debugging, Testing, and Verification Presented by Chris Hundersmarck November 10, 2004 Dr. Bi’s SE516.
Operating Systems Security
CPSC 873 John D. McGregor Session 9 Testing Vocabulary.
CSCI1600: Embedded and Real Time Software Lecture 28: Verification I Steven Reiss, Fall 2015.
SASI Enforcement of Security Policies : A Retrospective* PSLab 오민경.
(1) Introduction to Continuous Integration Philip Johnson Collaborative Software Development Laboratory Information and Computer Sciences University of.
(1) Introduction to Continuous Integration Philip Johnson Collaborative Software Development Laboratory Information and Computer Sciences University of.
Introduction to Software Analysis CS Why Take This Course? Learn methods to improve software quality – reliability, security, performance, etc.
© Andrew IrelandGrand Challenges for Computing Research 2004 The Verifying Compiler Andrew Ireland Dependable Systems Group School of Mathematical & Computer.
The Execution System1. 2 Introduction Managed code and managed data qualify code or data that executes in cooperation with the execution engine The execution.
CS 5150 Software Engineering Lecture 22 Reliability 3.
Agenda  Quick Review  Finish Introduction  Java Threads.
Software engineering - 2 Section 8. QUIZ Show how it is possible to determine the height of a tall building with the aid of a barometer.
CS 5150 Software Engineering Lecture 21 Reliability 2.
CSCE 548 Secure Software Development Risk-Based Security Testing
Computer Terms Review from what language did C++ originate?
Types for Programs and Proofs
Chapter 1. Introduction to Computers and Programming
Software engineering – 1
Computer Organization & Compilation Process
Language-based Security
The Design & Implementation of Hyperupcalls
Automation of Control System Configuration TAC 18
Computer Terms Review from what language did C++ originate?
CSE 1020:Software Development
Computer Organization & Compilation Process
Presentation transcript:

White-box Software Isolation with Fully Automated Black- box Proofs Jiaqi Tan Rajeev Gandhi, Priya Narasimhan PARALLEL DATA LABORATORY Carnegie Mellon University FMCAD 2015 Student Forum

Motivation Software Isolation Safety property of software: External user input cannot subvert and control software execution Ensures software is safe from potentially malicious input Where is it important? Safety-critical systems e.g., medical devices, avionics, cars Lack of isolation  Security vulnerabilities  Potentially catastrophic accidents Why White-box Isolation? Safety-critical systems: Need high-assurance Programmers need to see what safety-checks are doing Why Black-box Proofs? Many connected, potentially safety-critical Internet-of-Things devices  Many programmers writing code for such devices Need fully-automated, black-box (no expert input) proofs Jiaqi Tan © September 15http://

Black-Box Software Isolation Proofs Jiaqi Tan © September 15http:// Machine -code Source- code (e.g., C) Compilation void arraycopy(int *src, int *dst, int n) { unsigned int i; for (int i = 0; i < n; i++) { dst[i] = src[i]; } Computed memory write target: Dangerous Source-code Machine-code Key Insight 1: Potential isolation violations evident in machine-code  We can automate isolation proofs in machine-code

White-Box Software Isolation: Locations Jiaqi Tan © September 15http:// Machine -code Source- code (e.g., C) Compilation void arraycopy(int *src, int *dst, int n) { unsigned int i; for (int i = 0; i < n; i++) { dst[i] = src[i]; } Computed memory write target: Dangerous Debug information helps us resolve this (for unoptimized code) Source-code Machine-code Key Insight 2: We can identify source-code locations from machine-code addresses for potential isolation violations

White-Box Software Isolation: Hints for Remedies Jiaqi Tan © September 15http:// Source-code Machine-code void arraycopy (int *src, int *dst, int n) { unsigned int i; for (i = 0; i < n; ++i) { dst[i] = src[i]; } #define SAFE(array,idx) = …… if (SAFE(dst,i)) { }.... (safety check code) e1a02102 lsl r2, r2, #2 e51b1010 ldr r1, [fp, #-16] e add r2, r1, r2 e ldr r2, [r2] e50b3008 str r2 [r3] e51b3008 ldr r3, [fp, #-8] e add r3, r3, #1 e50b3008 str r3, [fp, #-8] e51b2018 ldr r2, [fp, #-24] Provides logic preconditions needed: Proves dangerous instruction is safe to run Compilation Machine- code Source-code (e.g., C) Compilation Key Insight 3: We can write code, SAFE(dst,i), which gives us the necessary logic pre-conditions for provable isolation

Visualization of Approach Jiaqi Tan © September 15http:// Machine- code Source-code (e.g., C) Software Isolation Proof Generation (AUSPICE) [1] Software Isolation Remedy Hint Generation Software isolation violations manifest in machine- code behavior  Prove isolation in machine- code Programmers can only observe this level of abstraction  Isolation enforcement mechanisms must be in source-code Compilation Safety Proof of Isolation Proof Success Proof Failure Hints for source- code remedies for safety violations Machine-code Addresses Responsible for Proof- Failure Programmer applies hints HOL4 and Cambridge ARM Logic [2] LLVM-Clang Tooling

References [1] Jiaqi Tan, Hui Jun Tay, Rajeev Gandhi, Priya Narasimhan. AUSPICE: Automatic Safety Property Verification for Unmodified Executables. In Working Conference on Verified Software: Tools, Theories and Experiments (VSTTE), July [2] Magnus Myreen, Anthony Fox, Michael Gordon. Hoare Logic for ARM Machine Code. In Fundamentals of Software Engineering (FSEN), Jiaqi Tan © September 15http://

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.