solution approaches towards verifjed kernel
play

Solution approaches towards verifjed -Kernel Danny Ziesche August - PowerPoint PPT Presentation

Feb 05, 2023 •20 likes •560 views

Solution approaches towards verifjed -Kernel Danny Ziesche August 25, 2017 RheinMain University of Applied Sciences Outline Motivation Methods Defjnitions Results Conclusions Open Questions 1 Motivation Motivation kernels should

  1. Solution approaches towards verifjed µ-Kernel Danny Ziesche August 25, 2017 RheinMain University of Applied Sciences

  2. Outline Motivation Methods Defjnitions Results Conclusions Open Questions 1

  3. Motivation

  4. Motivation • kernels should have a high reliability • in comparison to monolithic kernels small enough to make verifjcation process worthwhile • trusted codebase • security concerns 2

  5. Methods

  6. • research which parts are verifjed and why • how does the verifjcation process work • compare verifjcations Dig into the past • search for (partly) verifjed µ-Kernel 3

  7. • how does the verifjcation process work • compare verifjcations Dig into the past • search for (partly) verifjed µ-Kernel • research which parts are verifjed and why 3

  8. • compare verifjcations Dig into the past • search for (partly) verifjed µ-Kernel • research which parts are verifjed and why • how does the verifjcation process work 3

  9. Dig into the past • search for (partly) verifjed µ-Kernel • research which parts are verifjed and why • how does the verifjcation process work • compare verifjcations 3

  10. • used methods by the µ-kernel? • do we benefjt from it? Learn about formal methods • fjrm understanding about the fundamentals 4

  11. • do we benefjt from it? Learn about formal methods • fjrm understanding about the fundamentals • used methods by the µ-kernel? 4

  12. Learn about formal methods • fjrm understanding about the fundamentals • used methods by the µ-kernel? • do we benefjt from it? 4

  13. Defjnitions

  14. • no automated process • human guidance and skill needed • example theorem prover is isabelle with resolution based on higher-order unifjcation Theorem Prover • assist in formalising proofs 5

  15. • human guidance and skill needed • example theorem prover is isabelle with resolution based on higher-order unifjcation Theorem Prover • assist in formalising proofs • no automated process 5

  16. • example theorem prover is isabelle with resolution based on higher-order unifjcation Theorem Prover • assist in formalising proofs • no automated process • human guidance and skill needed 5

  17. Theorem Prover • assist in formalising proofs • no automated process • human guidance and skill needed • example theorem prover is isabelle with resolution based on higher-order unifjcation 5

  18. • Always • Next • Eventually • derived from FOPL with new temporal operators: Linear Temporal Logic • temporal reasoning 6

  19. • Always • Next • Eventually Linear Temporal Logic • temporal reasoning • derived from FOPL with new temporal operators: 6

  20. • Next • Eventually Linear Temporal Logic • temporal reasoning • derived from FOPL with new temporal operators: • � Always 6

  21. • Eventually Linear Temporal Logic • temporal reasoning • derived from FOPL with new temporal operators: • � Always • � Next 6

  22. Linear Temporal Logic • temporal reasoning • derived from FOPL with new temporal operators: • � Always • � Next • ♦ Eventually 6

  23. • let f be a formula of temporal logic • fjnd all states s of M such that s f Model Checkers • let M be a state-transition graph 7

  24. • fjnd all states s of M such that s f Model Checkers • let M be a state-transition graph • let f be a formula of temporal logic 7

  25. Model Checkers • let M be a state-transition graph • let f be a formula of temporal logic • fjnd all states s of M such that s | = f 7

  26. Results

  27. RUBIS • verifjed only the IPC 8

  28. RUBIS IPC Processor 1 Processor 2 Synchronous Task 2 Task 1 Synchronous Asynchronous Asynchronous Task 4 Task 3 Figure 1: RUBIS Mixed Synchronous and Asynchronous Communication 9

  29. LTL Property Example � ( P ( 0 ) → Q ( 0 ) ∧ ( P ( 1 ) → Q ( 1 )) ∧ . . . ∧ ( P ( m ) → Q ( m ))) • ports need sound state before reusing • property expressed as LTL • P ( p ) = ( Port_State [ p ] = CREATED ) • Q ( p ) = ( empty ( Port [ p ] .messages )) • also expressed as promela defjnition 10

  30. RUBIS Results • lots of errors related to return codes • memory management errors 11

  31. • IPC is important and highly concurrent with a complex implementation • makes it worthy target for formal methods Fluke • verifjed only the IPC 12

  32. • makes it worthy target for formal methods Fluke • verifjed only the IPC • IPC is important and highly concurrent with a complex implementation 12

  33. Fluke • verifjed only the IPC • IPC is important and highly concurrent with a complex implementation • makes it worthy target for formal methods 12

  34. Fluke Formal Methods • uses spin • uses subset of C 13

  35. • found race condition • scaling problems • maintenance problems Fluke Results • found mutex bugs 14

  36. • scaling problems • maintenance problems Fluke Results • found mutex bugs • found race condition 14

  37. • maintenance problems Fluke Results • found mutex bugs • found race condition • scaling problems 14

  38. Fluke Results • found mutex bugs • found race condition • scaling problems • maintenance problems 14

  39. seL4 • interactive machine-assisted and machine-checked proof • proven over 150 invariants • discovered about 140 bugs • revealed 150 problems within the specifjcation • uses theorem prover isabelle/hol • tries to offmoad problematic code to userspace (memory management) • executable specifjcation in haskell subset • implementation in a C subset 15

  40. Refjnement Layers Figure 2: Refjnement layers in the verifjcation of seL4 16

  41. seL4 Results • claims to have no nullpointer access (the kernel itself) • functional correctness for the c kernel implementation • proof maintenance 17

  42. Conclusions

  43. • IPC is a high candidate for verifjcation • agreement on a subset of standard language • existing code proven with model checker • model checker have a short learning curve • non-existing code proven with theorem prover • in my estimation seL4 did the most and best job so far • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel 18

  44. • agreement on a subset of standard language • existing code proven with model checker • model checker have a short learning curve • non-existing code proven with theorem prover • in my estimation seL4 did the most and best job so far • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel • IPC is a high candidate for verifjcation 18

  45. • existing code proven with model checker • model checker have a short learning curve • non-existing code proven with theorem prover • in my estimation seL4 did the most and best job so far • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel • IPC is a high candidate for verifjcation • agreement on a subset of standard language 18

  46. • model checker have a short learning curve • non-existing code proven with theorem prover • in my estimation seL4 did the most and best job so far • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel • IPC is a high candidate for verifjcation • agreement on a subset of standard language • existing code proven with model checker 18

  47. • non-existing code proven with theorem prover • in my estimation seL4 did the most and best job so far • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel • IPC is a high candidate for verifjcation • agreement on a subset of standard language • existing code proven with model checker • model checker have a short learning curve 18

  48. • in my estimation seL4 did the most and best job so far • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel • IPC is a high candidate for verifjcation • agreement on a subset of standard language • existing code proven with model checker • model checker have a short learning curve • non-existing code proven with theorem prover 18

  49. • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel • IPC is a high candidate for verifjcation • agreement on a subset of standard language • existing code proven with model checker • model checker have a short learning curve • non-existing code proven with theorem prover • in my estimation seL4 did the most and best job so far 18

Recommend

Solution approaches for Solution approaches for address-selection problems address-selection

Solution approaches for Solution approaches for address-selection problems address-selection

Solution approaches for Solution approaches for address-selection problems address-selection problems draft-arifumi-6man-addr-select-sol-00.txt NTT PF Lab. Arifumi Matsumoto Tomohiro Fujisaki Intec NetCore, Inc. Ruri Hiromi Kenichi Kanayama

501 views • 13 slides
. . : =L distance functions Possible Euclidean . Manhattan - other .

. . : =L distance functions Possible Euclidean . Manhattan - other .

Midterm the Since Topics based Instance and classification ] learning NN . regression Kernel . mgohssien ... ] ' , margin than Peru " learning , . .dyu, online approaches trick kernel kernel based ^ ,

345 views • 11 slides
Company overview May 2015 1 Disclaimer This presentation has been prepared by been verifjed by

Company overview May 2015 1 Disclaimer This presentation has been prepared by been verifjed by

Company overview May 2015 1 Disclaimer This presentation has been prepared by been verifjed by any independent sources such restrictions. The securities of the This presentation may include forward- MERLIN Properties SOCIMI, S.A. (the and

479 views • 47 slides
Company overview June 2015 1 Disclaimer This presentation has been prepared by been verifjed

Company overview June 2015 1 Disclaimer This presentation has been prepared by been verifjed

Company overview June 2015 1 Disclaimer This presentation has been prepared by been verifjed by any independent sources such restrictions. The securities of the This presentation may include forward- MERLIN Properties SOCIMI, S.A. (the and

674 views • 48 slides
Company overview March 2015 1 Disclaimer This presentation has been prepared by been verifjed

Company overview March 2015 1 Disclaimer This presentation has been prepared by been verifjed

Company overview March 2015 1 Disclaimer This presentation has been prepared by been verifjed by any independent sources such restrictions. The securities of the This presentation may include forward- MERLIN Properties SOCIMI, S.A. (the and

492 views • 32 slides
Robust Solution Approaches for Optimization under Uncertainty: Applications to Air Traffic

Robust Solution Approaches for Optimization under Uncertainty: Applications to Air Traffic

Robust Solution Approaches for Optimization under Uncertainty: Applications to Air Traffic Management Problems Frauke Liers - FAU Erlangen-Nrnberg Konstanz, 15.11.2016 Relevance of Uncertainties in Optimization + x 2 max 0 , 7 x 1 + 1 x 2

895 views • 70 slides
In Kernel Switcher: A solution to support ARM's new big.LITTLE technology Presenter: Mathieu

In Kernel Switcher: A solution to support ARM's new big.LITTLE technology Presenter: Mathieu

In Kernel Switcher: A solution to support ARM's new big.LITTLE technology Presenter: Mathieu Poirier web: www.linaro.org email: mathieu.poirier@linaro.org What is big.LITTLE? A system that contains two sets of architecturally identical

628 views • 29 slides
PhD course in Machine Learning Kernel Engineering Alessandro Moschitti Department of information

PhD course in Machine Learning Kernel Engineering Alessandro Moschitti Department of information

PhD course in Machine Learning Kernel Engineering Alessandro Moschitti Department of information and communication technology University of Trento Email: moschitti@dit.unitn.it Kernel Engineering approaches Basic Combinations Canonical

1.06k views • 78 slides
Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel Fernndez V, David P. Woodruff, Taisuke Yasuda Kernel Method Many machine learning tasks can be expressed as a function of the inner product

389 views • 22 slides
Review of Ghost-Fishing; Scientific Approaches to Evaluation and Solution Tatsuro Matsuoka,

Review of Ghost-Fishing; Scientific Approaches to Evaluation and Solution Tatsuro Matsuoka,

Review of Ghost-Fishing; Scientific Approaches to Evaluation and Solution Tatsuro Matsuoka, Toshiko Nakashima and Naoki Nagsawa (Faculty of Fisheries, Kagoshima University, Shimoatarata 4-50-20, Kagoshima, 890-0057 Japan,

700 views • 14 slides
1 Kernel methods & optimization One example of a kernel that is frequently used in practice

1 Kernel methods & optimization One example of a kernel that is frequently used in practice

Machine Learning Class Notes 9-25-12 Prof. David Sontag 1 Kernel methods & optimization One example of a kernel that is frequently used in practice and which allows for highly non-linear discriminant functions is the Gaussian kernel,

241 views • 5 slides
DL Approaches to Tim ime Series Data Miro Enev, DL Solution Architect Jeff Weiss, Director West

DL Approaches to Tim ime Series Data Miro Enev, DL Solution Architect Jeff Weiss, Director West

DL Approaches to Tim ime Series Data Miro Enev, DL Solution Architect Jeff Weiss, Director West SAs Agenda Define Time Series [ Examples & Brief Summary of Considerations ] Semi-supervised Anomaly Detection [ with Deep Autoencoders

486 views • 30 slides
New Approaches to the Direct Solution of Large-Scale Banded Linear Systems Samuel Rodrguez

New Approaches to the Direct Solution of Large-Scale Banded Linear Systems Samuel Rodrguez

www.bsc.es New Approaches to the Direct Solution of Large-Scale Banded Linear Systems Samuel Rodrguez Bernabeu samuel.rodriguez@bsc.es San Jos, California 2 Solving the linear system after reordering 10 Million degrees of freedom, double

409 views • 23 slides
Chance-Constrained AC Optimal Power Flow: Modelling and Solution Approaches Line A. Roald UW

Chance-Constrained AC Optimal Power Flow: Modelling and Solution Approaches Line A. Roald UW

Chance-Constrained AC Optimal Power Flow: Modelling and Solution Approaches Line A. Roald UW Madison ICERM, June 27, 2019 Power Line! Power Line. Joint work with Sidhant Misra (LANL), Tillmann Mhlpfordt (KIT) and Gran Andersson (ETH)

744 views • 51 slides
Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel Fernndez V, David P. Woodruff, Taisuke Yasuda Overview Preliminaries Kernel ridge regression Kernel -means clustering

476 views • 25 slides
Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

3/1/20 COMP 790: OS Implementation COMP 790: OS Implementation Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

647 views • 8 slides
D-Bus in the Kernel LinuxCon 2014, Tokyo, Japan May 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel LinuxCon 2014, Tokyo, Japan May 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel LinuxCon 2014, Tokyo, Japan May 2014 D-Bus in the Kernel Who? Greg Kroah-Hartman, David Herrmann, Daniel Mack, Lennart Poettering, Kay Sievers with help from Tejun Heo D-Bus in the Kernel Most newer OS designs started

1.35k views • 111 slides
Topics Thoughts on R development and the Extensibility of the kernel/core to facilitate

Topics Thoughts on R development and the Extensibility of the kernel/core to facilitate

Topics Thoughts on R development and the Extensibility of the kernel/core to facilitate experiments Compiler tools in R to allow different compilation future approaches & experiments. High-level DSLs for big data analysis. Duncan Temple

172 views • 5 slides
Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda mulix@mulix.org IBM Haifa Research Lab Kernel Debugging, Haifux 2003 p.1/19 Kernel Debugging - Why? Why would we want to debug the kernel? after

308 views • 19 slides
1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research Thats unavoidable, but the linux kernel developers dont do very much to make the situation any better. -- Basically, the

625 views • 36 slides
Kernel PCA for SNe Kernel PCA for SNe photometric classification photometric classification

Kernel PCA for SNe Kernel PCA for SNe photometric classification photometric classification

Kernel PCA for SNe Kernel PCA for SNe photometric classification photometric classification Emille E. O. Ishida IAG University of Sao Paulo, Brazil In collaboration with Rafael S. De Souza (KASI) astro-ph/1201.6676 IAU General Assembly,

155 views • 14 slides
The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel

The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel

The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel Asynchrony Processes Protection Kernel The software component that controls the hardware directly and implements the core privileged OS

934 views • 62 slides
D-Bus in the Kernel FOSDEM 2014, Brussels, Belgium January 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel FOSDEM 2014, Brussels, Belgium January 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel FOSDEM 2014, Brussels, Belgium January 2014 D-Bus in the Kernel Who? Greg Kroah-Hartman, Daniel Mack, Lennart Poettering, Kay Sievers with help from Tejun Heo D-Bus in the Kernel Most newer OS designs started around

1.27k views • 111 slides

More recommend