applications of formal verification for secure cloud
play

Applications of formal verification for secure Cloud environments at - PowerPoint PPT Presentation

Apr 08, 2024 •208 likes •597 views

Applications of formal verification for secure Cloud environments at CEA LIST Nikolai Kosmatov joint work with A.Blanchard, F.Bobot, M.Lemerre,. . . SEC2, Lille, June 30 th , 2015 N. Kosmatov (CEA LIST) Formal Verification for secure Cloud

  1. Applications of formal verification for secure Cloud environments at CEA LIST Nikolai Kosmatov joint work with A.Blanchard, F.Bobot, M.Lemerre,. . . SEC2, Lille, June 30 th , 2015 N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 1 / 28

  2. Outline Frama-C, a platform for analysis of C code Verification of a Cloud hypervisor Anaxagoros hypervisor and Virtual Memory Formal Verification Results and discussion Verification of a sandbox The ZeroVM sandbox solution Formal verification Results Conclusion N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 2 / 28

  3. Frama-C, a platform for analysis of C code Outline Frama-C, a platform for analysis of C code Verification of a Cloud hypervisor Anaxagoros hypervisor and Virtual Memory Formal Verification Results and discussion Verification of a sandbox The ZeroVM sandbox solution Formal verification Results Conclusion N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 3 / 28

  4. Frama-C, a platform for analysis of C code Frama-C, a brief history ◮ 90’s: CAVEAT, Hoare logic-based tool for C code at CEA ◮ 2000’s: CAVEAT used by Airbus during certification process of the A380 (DO-178 level A qualification) ◮ 2008: First public release of Frama-C (Hydrogen) ◮ 2012: New Hoare-logic based plugin WP developed at CEA LIST ◮ Today: Frama-C Sodium (v.11) ◮ Multiple projects around the platform ◮ A growing community of users. . . ◮ and of plugin developers N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 4 / 28

  5. Frama-C, a platform for analysis of C code Frama-C at a glance ◮ A Framework for Modular Analysis of C code ◮ Developed at CEA LIST and INRIA Saclay ◮ Released under LGPL license ◮ Kernel based on CIL [Necula et al. (Berkeley), CC 2002] ◮ ACSL annotation language ◮ Extensible plugin oriented platform ◮ Collaboration of analyses over same code ◮ Inter plugin communication through ACSL formulas ◮ Adding specialized plugins is easy ◮ http://frama-c.com/ [Cuoq et al. SEFM 2012, FAC 2015] N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 5 / 28

  6. Frama-C, a platform for analysis of C code ACSL: ANSI/ISO C Specification Language ◮ Based on the notion of contract, like in Eiffel, JML ◮ Allows users to specify functional properties of programs ◮ Allows communication between various plugins ◮ Independent from a particular analysis ◮ Manual at http://frama-c.com/acsl Basic Components ◮ First-order logic ◮ Pure C expressions ◮ C types + Z (integer) and R (real) ◮ Built-in predicates and logic functions N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 6 / 28

  7. Frama-C, a platform for analysis of C code Example: a C program annotated in ACSL / ∗ @ r e q u i r e s n > =0 && \ v a l i d ( t +(0.. n − 1)); a s s i g n s \ nothing ; \ r e s u l t != 0 < == ensures > ( \ f o r a l l i n t e g e r j ; 0 < = j < n == > t [ j ] == 0 ) ; ∗ / i n t a l l z e r o s ( i n t t [ ] , i n t n ) { i n t k ; / ∗ @ loop i n v a r i a n t 0 < = k < = n ; loop i n v a r i a n t \ f o r a l l i n t e g e r j ; 0 < =j < k == > t [ j ]==0; k ; loop a s s i g n s loop v a r i a n t n − k ; ∗ / f o r ( k = 0 ; k < n ; k++) ( t [ k ] != 0) i f return 0; 1; Can be proven return } in Frama-C/WP N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 7 / 28

  8. Frama-C, a platform for analysis of C code Main Frama-C plugins VALUE Jessie WP Aora¨ ı Agen Specification Generation Mthread Abstract Interpretation Deductive Verification Concurrency Formal Methods E-ACSL PathCrawler Frama-C Plugins Code Transformation Dynamic Analysis STADY Spare code LTEST Semantic constant folding SANTE Browsing of unfamiliar code Slicing Scope & Data-flow browsing Metrics computation Variable occurrences Impact Analysis N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 8 / 28

  9. Frama-C, a platform for analysis of C code Plugin WP for deductive verification ◮ Based on Weakest Precondition calculus [Dijkstra, 1976] ◮ Proves that a given program respects its specification ◮ Relies on ◮ automatic provers (Alt-Ergo, CVC4, Z3, . . . ) ◮ when necessary, interactive proof assistants (Coq) N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 9 / 28

  10. Verification of a Cloud hypervisor Outline Frama-C, a platform for analysis of C code Verification of a Cloud hypervisor Anaxagoros hypervisor and Virtual Memory Formal Verification Results and discussion Verification of a sandbox The ZeroVM sandbox solution Formal verification Results Conclusion N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 10 / 28

  11. Verification of a Cloud hypervisor Anaxagoros hypervisor and Virtual Memory Anaxagoros Microkernel ◮ Clouds mutualize physical resources between users ◮ Safety and security are crucial N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 11 / 28

  12. Verification of a Cloud hypervisor Anaxagoros hypervisor and Virtual Memory Anaxagoros Microkernel ◮ Clouds mutualize physical resources between users ◮ Safety and security are crucial N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 11 / 28

  13. Verification of a Cloud hypervisor Anaxagoros hypervisor and Virtual Memory Anaxagoros Microkernel ◮ Clouds mutualize physical resources between users ◮ Safety and security are crucial ◮ Anaxagoros ◮ Secure microkernel hypervisor ◮ Developped at CEA LIST by Matthieu Lemerre ◮ Designed for resource isolation and protection ◮ Virtual memory system is a key module to ensure isolation N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 11 / 28

  14. Verification of a Cloud hypervisor Anaxagoros hypervisor and Virtual Memory Virtual Memory Subsystem ◮ Organizes program address spaces ◮ Creates a hierarchy of pages ◮ Allows sharing when needed ◮ Controls accesses and modifications to the pages ◮ Only owners can access their pages ◮ Types of the pages limit possible actions ◮ Counts mappings, references, to each page N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 12 / 28

  15. Verification of a Cloud hypervisor Formal Verification Memory invariant for sequential version ◮ Maintain the counters of mappings to pages: ◮ The counter mappings [ e ] must be equal to the real number of mappings to the page e ◮ Let Occ e be the number of mappings, i.e. occurrences of e in all pagetables ◮ We want ot prove: ∀ e , validpage ( e ) ⇒ Occ e = mappings [ e ] ≤ MAX N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 13 / 28

  16. Verification of a Cloud hypervisor Formal Verification Memory invariant for concurrent version Concurrency issues ◮ Pages might be modified by different processes simultaneously ◮ That creates a gap between the actual number of mappings and the counter New invariant : ∀ e , validpage ( e ) ⇒ Occ e ≤ mappings [ e ] ≤ MAX and more precisely, ∀ e , validpage ( e ) ⇒ ∃ k . k ≥ 0 ∧ Occ e + k = mappings [ e ] ≤ MAX Here k is the number of threads that have introduced a difference in the counter, difference of at most 1. N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 14 / 28

  17. Verification of a Cloud hypervisor Formal Verification Simulation of the concurrency ◮ To model the execution context, we introduce for each thread : ◮ global arrays representing the value of each local variable ◮ a global array representing its position in the execution ◮ We simulate every atomic step with a function that performs this step for one thread ◮ We create an infinite loop that randomly chooses a thread and makes it perform a step of execution according to its current position N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 15 / 28

  18. Verification of a Cloud hypervisor Results and discussion Verification results ◮ Partial verification of a critical module of Anaxagoros hypervisor ◮ For low-level functions, we conducted a “classic” verification ◮ Specification with ACSL ◮ Automatic proof with Frama-C/WP and SMT Solvers (CVC4, Z3) ◮ For the concurrent function used to change pagetables : ◮ First specification and proof for sequential version ◮ Weakening of the invariant for concurrency ◮ Specification and proof of the simulated version ◮ Only a few properties could not be proved automatically ◮ their proof is done in Coq by extracting them from WP N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 16 / 28

  19. Verification of a Cloud hypervisor Results and discussion Lessons Learned, Limitations and Benefits ◮ Ability to treat concurrent programs ◮ With a tool that originally does not handle parallelism ◮ Proof done mostly automatically ◮ Verification of properties in isolation ◮ Scalability ◮ By-hand simulation is tedious and error prone ◮ Could perfectly be automized ◮ Need for specification mean for concurrent behaviors N. Kosmatov (CEA LIST) Formal Verification for secure Cloud environments 2015-06-30 17 / 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
Formal Verification of an Open-Source Secure Enclave Pranav Gaddamadugu pranavsaig@berkeley.edu

Formal Verification of an Open-Source Secure Enclave Pranav Gaddamadugu pranavsaig@berkeley.edu

Formal Verification of an Open-Source Secure Enclave Pranav Gaddamadugu pranavsaig@berkeley.edu Problem Definition Verifying hyperproperties about the Keystone Security monitor Secure Remote Execution (SRE) : a 2-safety hyperproperty

446 views • 10 slides
SAVE ORCA Formal Modeling, Safety Analysis, and Verification of Organic Computing Applications

SAVE ORCA Formal Modeling, Safety Analysis, and Verification of Organic Computing Applications

SAVE ORCA Formal Modeling, Safety Analysis, and Verification of Organic Computing Applications Hella Seebach , Florian Nafz and Wolfgang Reif Motivation and goals Software &amp; Verification Co Design for highly reliable Organic Computing

402 views • 27 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
SAVE ORCA Formal Modeling, Safety Analysis, and Verification of Organic Computing Applications

SAVE ORCA Formal Modeling, Safety Analysis, and Verification of Organic Computing Applications

SAVE ORCA Formal Modeling, Safety Analysis, and Verification of Organic Computing Applications Hella Seebach , Florian Nafz and Wolfgang Reif What has happend in the last months? Software Engineering Guideline for Resource-Flow Systems

828 views • 29 slides
Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems &amp; Applications Nancy France August 2018 Outline 1 Formal Models 2

1.01k views • 81 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
seL4: Formal Verification of an OS Kernel . Marek.Sapota@students.mimuw.edu.pl December 15, 2010

seL4: Formal Verification of an OS Kernel . Marek.Sapota@students.mimuw.edu.pl December 15, 2010

seL4: Formal Verification of an OS Kernel . seL4: Formal Verification of an OS Kernel . Marek.Sapota@students.mimuw.edu.pl December 15, 2010 . . . . . . seL4: Formal Verification of an OS Kernel About seL4 What is seL4? Secure

169 views • 16 slides
Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing mathematics

353 views • 19 slides
Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA http://www.clifford.at/papers/2018/riscv-formal/ About assertion based formal verification (formal ABV) Assertion based verification (ABV) Uses

781 views • 39 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

706 views • 56 slides
Enterprise 2.0 Secure Cloud Mail and Content Collaboration

Enterprise 2.0 Secure Cloud Mail and Content Collaboration

Use Case Sharing: Enterprise 2.0 Secure Cloud Mail and Content Collaboration Market Development Director / Andy Lin Secure Mail &amp; Collaboration Solution Provider 4 5 On-Premise Cloud OEM Cloud

657 views • 32 slides
Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA),

Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA),

Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA), CNRS, France Tuesday, September 13th, 2016 Security protocols everywhere ! Cryptographic protocols small programs designed to secure

923 views • 56 slides
Introduction to Formal Verification Ian Mitchell Department of Computer Science The University

Introduction to Formal Verification Ian Mitchell Department of Computer Science The University

CPSC 513: Integrated Systems Design Introduction to Formal Verification Ian Mitchell Department of Computer Science The University of British Columbia On behalf of Mark Greenstreet &amp; Alan Hu Integrated Systems Design Lab Fall Semester,

552 views • 7 slides
Strategies to Create and Maintain a Competitive Compensation Environment Coalition of Human

Strategies to Create and Maintain a Competitive Compensation Environment Coalition of Human

Strategies to Create and Maintain a Competitive Compensation Environment Coalition of Human Resource Management Associations Staff Compensation Strategies and Best Practices October 6, 2017 Topics When do compensation issues arise? What

521 views • 23 slides
Energy Efficiency Reimagined NASDAQ: TGEN First Quarter 2019 Earnings Review May 14, 2019

Energy Efficiency Reimagined NASDAQ: TGEN First Quarter 2019 Earnings Review May 14, 2019

Energy Efficiency Reimagined NASDAQ: TGEN First Quarter 2019 Earnings Review May 14, 2019 Participants Benjamin Locke Chief Executive Officer President &amp; Chief Operating Robert Panora Officer Bonnie Brown Chief Accounting Officer 2

451 views • 16 slides
Update on WHO work Irena Prat World Health Organization Kyoto, 15 17 September 2015 What's

Update on WHO work Irena Prat World Health Organization Kyoto, 15 17 September 2015 What's

Update on WHO work Irena Prat World Health Organization Kyoto, 15 17 September 2015 What's new since March 2015 Prequalification of IVDs: Dossier, inspections, changes, PMS Ebola-related work Regulatory strengthening 2

575 views • 15 slides
Formal sound verification of Linuxs USB BP keyboard driver Willem Penninckx Jan Tobias

Formal sound verification of Linuxs USB BP keyboard driver Willem Penninckx Jan Tobias

Formal sound verification of Linuxs USB BP keyboard driver Willem Penninckx Jan Tobias Mhlberg Jan Smans Bart Jacobs Frank Piessens Table Of Contents What did we do? How did we do it? What did we learn? Table Of Contents

681 views • 10 slides
Hans Vangheluwe Software? Model Everything! Compl. Causes Dealing with Compl. MPM Software?

Hans Vangheluwe Software? Model Everything! Compl. Causes Dealing with Compl. MPM Software?

Software? Model Everything! Compl. Causes Dealing with Compl. MPM Software Intensive Systems: Dealing with Complexity Hans Vangheluwe Software? Model Everything! Compl. Causes Dealing with Compl. MPM Software? Model Everything! Compl.

1.17k views • 95 slides
Hans Vangheluwe Software? Model Everything! Compl. Causes Dealing with Compl. MPM Software?

Hans Vangheluwe Software? Model Everything! Compl. Causes Dealing with Compl. MPM Software?

Software? Model Everything! Compl. Causes Dealing with Compl. MPM Software Intensive Systems: Dealing with Complexity Hans Vangheluwe Software? Model Everything! Compl. Causes Dealing with Compl. MPM Software? Model Everything! Compl.

1.06k views • 84 slides
Ele lect ron ronic ic V Vis isit it Verif rific icat at ion ion April 16, 16, 2019

Ele lect ron ronic ic V Vis isit it Verif rific icat at ion ion April 16, 16, 2019

Ele lect ron ronic ic V Vis isit it Verif rific icat at ion ion April 16, 16, 2019 2019 W EL ELCOME E Restroom location HCPF Introductions 2 Agenda 1. Introductions 2. Brief Overview of EVV 3. Review State EVV Technology

544 views • 38 slides

More recommend