Presentation is loading. Please wait.

Presentation is loading. Please wait.

Verification with Small and Short Worlds Rohit Sinha, Cynthia Sturton, Petros Maniatis, Sanjit A. Seshia, David Wagner Introduction Verification of large.

Published byΛυδία Αλαφούζος Modified over 5 years ago

Similar presentations

Presentation on theme: "Verification with Small and Short Worlds Rohit Sinha, Cynthia Sturton, Petros Maniatis, Sanjit A. Seshia, David Wagner Introduction Verification of large."— Presentation transcript:

1 Verification with Small and Short Worlds Rohit Sinha, Cynthia Sturton, Petros Maniatis, Sanjit A. Seshia, David Wagner Introduction Verification of large data structures is beyond the current state of the art for finite state model checking. We present a new technique, S2W, for the verification of safety properties on large or unbounded data structures. S2W Our contribution: a semi-decision procedure for verifying property 𝚽 is an invariant of system 𝑺: 𝑺 ⊨𝔾𝚽. S2W is a three-step procedure: Standard Mathematical Induction If 𝚽 is an invariant, return True. Else, continue to step 2. Small World Create 𝑺 , a scaled down model with most data structure members abstracted away. Abstraction makes state space manageable. Short World Compute a bound 𝒌 on the reachability diameter of 𝑺 . Use bounded model checking to prove the invariant on the abstracted system: 𝑺 ⊨𝔾𝚽. Using 𝒌 as the bound for BMC makes the verification sound. Heuristics In general, computing a bound 𝒌 on the reachability diameter is undecidable for our class of systems. We develop two heuristics for computing 𝒌. Evaluation We use case studies to evaluate the practicality of using S2W for real-world applications. We successfully verify safety properties for six systems: Bochs’ TLB: Address translation optimization is correct Content Addressable Memory-based Cache: Cache optimization is correct Shadow Page Tables: Guest/host isolation SecVisor: Only approved code executes in kernel mode sHype: Chinese Wall policy is enforced ShadowVisor: Guest/host isolation Motivation Hypervisors and CPU emulators are used in a variety of security-critical applications: Cloud computing Malware analysis Hosting dangerous applications Verifying the isolation properties provided by virtualization often involves reasoning about large data structures: Page tables Translation lookaside buffers (TLB) Caches A B 232 Virtual Address v-pg Page Directory Page Table p-pg 4 KB Page TLB Look Up Figure 2. In a system with two large arrays, we might model a single entry in each array precisely and abstract away all others; the abstracted entries receive arbitrary values at each step of execution. Case Study 𝒌 Computing 𝒌 BMC Bochs’ TLB 8 steps 12 hours 23 hours CAM-based Cache 2 steps 1 second Shadow Page Tables 4 steps 1 minute 5 seconds SecVisor Verification completed with induction proof sHype ShadowVisor p-pg v-pg Page Table Walk Figure 1. A virtual address is translated to a physical address via the page tables. The TLB caches previously translated addresses. We verify that for any virtual address, the value p-pg returned by the TLB is equal to the value p-pg returned by the page tables.

Download ppt "Verification with Small and Short Worlds Rohit Sinha, Cynthia Sturton, Petros Maniatis, Sanjit A. Seshia, David Wagner Introduction Verification of large."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Virtualization Technology

Virtualization Technology
CS533 Concepts of Operating Systems Class 14 Virtualization and Exokernels.

CS533 Concepts of Operating Systems Class 14 Virtualization and Exokernels.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Appendix B. Memory Hierarchy CSCI/ EENG – 641 - W01 Computer Architecture 1 Dr. Babak Beheshti Slides based on the PowerPoint Presentations created by.

Appendix B. Memory Hierarchy CSCI/ EENG – W01 Computer Architecture 1 Dr. Babak Beheshti Slides based on the PowerPoint Presentations created by.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
1 Memory Systems Virtual Memory Lecture 25 Digital Design and Computer Architecture Harris & Harris Morgan Kaufmann / Elsevier, 2007.

1 Memory Systems Virtual Memory Lecture 25 Digital Design and Computer Architecture Harris & Harris Morgan Kaufmann / Elsevier, 2007.
Systems with small trusted computing bases (TCBs) open possibility for automated security verification of systems Example: SecVisor - a 3kLOC security.

Systems with small trusted computing bases (TCBs) open possibility for automated security verification of systems Example: SecVisor - a 3kLOC security.
Chapter 3 Memory Management

Chapter 3 Memory Management
1 Lecture 14: Virtual Memory Today: DRAM and Virtual memory basics (Sections 5.3-5.4)

1 Lecture 14: Virtual Memory Today: DRAM and Virtual memory basics (Sections )
Memory Management April 28, 2000 Instructor: Gary Kimura.

Memory Management April 28, 2000 Instructor: Gary Kimura.
Virtualization and the Cloud

Virtualization and the Cloud
Vir. Mem II CSE 471 Aut 011 Synonyms v.p. x, process A v.p. y, process B v.p # index Map to same physical page Map to synonyms in the cache To avoid synonyms,

Vir. Mem II CSE 471 Aut 011 Synonyms v.p. x, process A v.p. y, process B v.p # index Map to same physical page Map to synonyms in the cache To avoid synonyms,
Towards High-Assurance Hypervisors Jason Franklin Joint with Anupam Datta, Sagar Chaki, Ning Qu, Arvind Seshadri.

Towards High-Assurance Hypervisors Jason Franklin Joint with Anupam Datta, Sagar Chaki, Ning Qu, Arvind Seshadri.
EECS 370 Discussion 1 SMBC. EECS 370 Discussion Exam 2 Solutions posted online Will be returned in next discussion (12/9) – Grades hopefully up on CTools.

EECS 370 Discussion 1 SMBC. EECS 370 Discussion Exam 2 Solutions posted online Will be returned in next discussion (12/9) – Grades hopefully up on CTools.
Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.

Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.
Cosc 3P92 Week 9 & 10 Lecture slides

Cosc 3P92 Week 9 & 10 Lecture slides
Some VM Complications Extra memory accesses Page tables are huge

Some VM Complications Extra memory accesses Page tables are huge

Similar presentations

Ads by Google