formal verification of low level execution platforms
play

Formal verification of low-level execution platforms Apps OS - PowerPoint PPT Presentation

Roberto Guanciale Estonian Winter School Day 02 Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations Apps Crypto Service OS Hypervisor/ Separation Kernel Hardware Host 1 Motivations Separation


  1. Roberto Guanciale Estonian Winter School Day 02 Formal verification of low-level execution platforms

  2. Apps OS Hardware Host 1 Motivations

  3. Apps Crypto Service OS Hypervisor/ Separation Kernel Hardware Host 1 Motivations

  4. Separation Kernel / Hypervisor Hosting untrusted SW (hypervisors host operating systems)  Hosting trusted critical SW  Supporting  CPU sharing  Spatial isolation  Context switch  Communications 

  5. 5 minute course on computer architecture (ARMv7) Registers (Program Counter) ● Flags ● Fetches instruction from memory ● Executes arithmetical instructions ● Loads/Stores data from/to memory ● Has several mode of operations (PL0/PL1) ● Multiplexed ●

  6. 5 minute course on computer architecture Contains instructions ● Contains data (heap/stack/etc) ● Is a big table from physical addresses ● to bytes Partitioned ●

  7. 5 minute course on computer architecture Load/Store Load/Store PA VA MMU Exceptions Page Tables Translates virtual addresses to ● physical addresses Configured via page tables (stored in ● memory) and coprocessors for every va • corresponding pa (if mapped) • access rights (rd/wt) • required mode • Enforce access policies ●

  8. 5 minute course on computer architecture Load/Store Load/Store PA VA MMU Exceptions Page Tables From PL1 to PL0 ● Special instruction • Jump to an arbitrary address • From PL0 to PL1 ● Exceptions / Instruction to raise a SW interrupt • jump to a fixed address (exception handler) •

  9. ISA model ● ● ●

  10. ISA model ● ● ● ● ● ●

  11. Cooperative scheduling Static memory allocation Crypto OS Message passing Service Paravirtualization Hypervisor No preemption Hardware

  12. Cooperative scheduling Static memory allocation Crypto OS Message passing Service Paravirtualization Hypervisor No preemption Hardware executed in PL1 ● invoked via SW interrupt ● supervises page tables ●

  13. A trace of the system

  14. A trace of the system Context switch: page tables are updated blue-registers are stored red-registers are loaded

  15. Security property Non-interference ●

  16. Security property Non-interference ●

  17. Security property Non-interference ●

  18. Security property Non-interference ●

  19. Security property Non-interference ●

  20. Security property Non-interference ● Does not work: the two partitions communicate!

  21. Crypto Software Service Hardware Hardware Top Level Host 1 Host 2 Specification

  22. Top level specification (ideal world) Two physically separated machine ● Only one machine active ● No PL1 computation ●

  23. Top level specification (ideal world) Two physically separated machine ● Only one machine active ● No PL1 computation ● ?

  24. Top level specification (ideal world) Two physically separated machine ● Only one machine active ● No PL1 computation ● Ideal Functionality

  25. Top level specification (ideal world) Two physically separated machine ● Only one machine active ● No PL1 computation (replaced by atomic functionalities) ● Ideal Functionality

  26. Top level specification (ideal world) Two physically machines (one active) ● and hypervisor data

  27. Top level specification (ideal world) Two physically machines (one active) ● and hypervisor data Standard computations ● have standard effects

  28. Top level specification (ideal world) Two physically machines (one active) ● and hypervisor data Standard computations ● have standard effects Exceptions activate the ● ideal functionalities

  29. Verification Strategy Trace equivalence ● Unwinding condition based on bisimulation ●

  30. Verification Strategy Bisimulation ●

  31. Verification Strategy Bisimulation ● Weak transitions

  32. OS2 OS1 OS1 OS2 Bisimulation Hypervisor Reg Reg Reg h

  33. OS2 OS1 OS1 OS2 Bisimulation Hypervisor Reg Reg Reg h

  34. OS2 OS1 OS1 OS2 Bisimulation Hypervisor Reg Reg Reg h

  35. OS2 OS1 OS1 OS2 Bisimulation Hypervisor Reg Reg Reg h

  36. OS2 OS1 OS1 OS2 Bisimulation Hypervisor Reg Reg Reg h

  37. OS2 OS1 OS1 OS2 Bisimulation Hypervisor Reg Reg Reg h

  38. Exercise Assuming non-interference property of H: H only depends ● on the active machine • on the content of the memory of other machine at address • OUT2 (OUT1) Assuming non-interference property for guest 2: region of memory ● in MEM2 that includes OUT2 does not depend on the content of region K2

  39. Proof Decomposition: PL0 transitions Non-interference for ARMv7 ● Non dependent by the kernel code ● Non dependent by the partition code ●

  40. Proof Decomposition: PL1 transitions Functional correctness ● The handlers code respects the specification ●

  41. PL0 proof Non dependent by the kernel code / guest code ● have to be done for every possible instruction • Strategy ● prove SW independent theorems assuming properties of the • system verify that our SW meets this assumptions •

  42. PL0 proof: ISA integrity

  43. PL0 proof: ISA integrity

  44. PL0 proof: ISA integrity

  45. PL0 proof: ISA integrity

  46. Exercise When is an equivalence relation? ● Reflexive ● Symmetric ● Transitive ●

  47. PL0 proof: ISA confidentiality

  48. PL0 proof: ISA confidentiality

  49. PL0 proof: ISA confidentiality

  50. PL0 proof: ISA confidentiality

  51. PL0 proof: ISA confidentiality

  52. PL0 proof: ISA confidentiality

  53. PL0 proof: ISA confidentiality

  54. Proof obligation (O1): page tables

  55. PL0 Proof: memory equality If machine 1 is active then machine 2 is unchanged ● from O1 and T1 we know that in the real machine the memory ● MEM2 is unchanged thus the equivalence between the real machine and machine 2 for ● MEM2 is preserved

  56. PL0 Proof: memory equality from O1 and T2 we know that the behavior of both the real machine ● and machine 1 depends only on memory in MEM1 thus the equivalence between the real machine and machine 1 for ● MEM1 is preserved

  57. Proof obligation (O2): page tables

  58. PL0 Proof: invariants and hypervisor data-structures from definition of TLS we know that the hypervisor data can not be ● changed from O2 and T1 we know that in the real machine the memory that ● holds these structure can not be changed from O2 and T1 we know that the invariants are preserved ●

  59. Exercise Extend the model and proofs to handle a Memory Mapped device ● (UART) Address DevOut can be used to write something • Address DevIn can be used to read something • Device fetches and writes into these addresses • Partition 2 should be in control of the device • Device transitions are interleaved with CPU transitions (assume • the device does not perform any action while the CPU is in PL1)

  60. Exercise How should DMA devices be handled? ● Address DevOut can be used to write a pointer • Address DevIn can be used to write a pointer • Device fetches these pointers and writes/reads into the pointed • memory Partition 2 should be in control of the device •

  61. Exercise Extend the toy CPU with a new instruction ●

  62. Summary ISA model ● Verification Goal (via TLS) ● Proof decomposition ● Sketch of proof for PL0 ● Upcoming ● Verification for PL1 •

  63. THANKS! Any questions? You can find me at robertog@kth.se http://prosper.sics.se/ References

Recommend


More recommend