formal methods and tools
play

Formal Methods and Tools for Distributed Systems Thomas Ball - PowerPoint PPT Presentation

Sep 18, 2023 •162 likes •888 views

Formal Methods and Tools for Distributed Systems Thomas Ball Microsoft http://research.microsoft.com/~tball Outline 20 Years at Microsoft (1999-present) The great work of others at Microsoft 20 Years at Microsoft From EULA to SLA

  1. Formal Methods and Tools for Distributed Systems Thomas Ball Microsoft http://research.microsoft.com/~tball

  2. Outline • 20 Years at Microsoft (1999-present) • The great work of others at Microsoft

  3. 20 Years at Microsoft From EULA to SLA From Bugs and Bounties to Cyberweapons From Spec to Spec+Check From Closed to Open

  4. From EULA (1) to SLA Compute, Storage, Networking, Compute, Storage, Networking, Backups, Hdw/Sft updates, … Backups, Hdw/Sft updates, … System administration System administration EULA Software Compute, Storage, Networking, Compute, Storage, Networking, Backups, Hdw/Sft updates, … Backups, Hdw/Sft updates, … System administration System administration Compute, Storage, Networking, Backups, Hdw/Sft updates, … System administration

  5. End-User License Agreements 2002

  6. From EULA (1) to SLA Compute, Storage, Networking, Compute, Storage, Networking, Backups, Hdw/Sft updates, … Backups, Hdw/Sft updates, … System administration System administration EULA Software Compute, Storage, Networking, Compute, Storage, Networking, Backups, Hdw/Sft updates, … Backups, Hdw/Sft updates, … System administration System administration Compute, Storage, Networking, Backups, Hdw/Sft updates, … System administration

  7. From EULA to SLA (2) Programs, Data, Users Programs, Data, Users SLA Programs, Data, Users Azure Programs, Data, Users Programs, Data, Users Compute, Storage, Networking, Backups, Hdw/Sft updates, … System administration Programs, Data, Users Programs, Data, Users

  10. Cloud Scale..

  11. Cloud Scale….

  12. Service Level Agreement (SLA) “For all Virtual Machines that have two or more instances deployed in the same Availability Set, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.95% of the time.” MONTHLY UPTIME SERVICE CREDIT PERCENTAGE < 99.95% 10% < 99% 25% < 95% 100% https://azure.microsoft.com/support/legal/sla/virtual-machines/v1_8/

  13. Bugs… because there are so many more ways for things to go wrong than there are for them to go right.

  14. https://en.wikipedia.org/wiki/Nimda https://www.zdnet.com/article/nimd a-rampage-starts-to-slow/ https://www.cnet.com/news/microsoft- attempts-to-allay-security-fears/ https://digitalguardian.com/about/secu rity-change-agents/code-red-and- nimda-worms https://pen-testing.sans.org/resources/papers/gcih/automated-execution-arbitrary-code-forged-mime-headers-microsoft-interne

  15. Bill Gates’ Trustworthy Computing Memo Availability : Our products should always be available when our customers need them. System outages should become a thing of the past because of a software architecture that supports redundancy and automatic recovery. … Security : The data our software and services store on behalf of our customers should be protected from harm and used or modified only in appropriate ways. … Privacy : Users should be in control of how their data is used. Policies for information use should be clear to the user. Users should be in control of when and if they receive information to make best use of their time. … https://www.wired.com/2002/01/bill-gates-trustworthy-computing/

  16. https://www.microsoft.com/en-us/securityengineering/sdl/about

  18. The Impact of One Bug “The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet . ” http://heartbleed.com/

  19. https://blog.cobalt.io/the-history-of-bug-bounty-programs-50def4dcaab3

  20. “ Stuxnet is a malicious computer worm, first uncovered in 2010. Thought to have been in development since at least 2005, Stuxnet targets SCADA systems and is believed to be responsible for causing substantial damage to Iran's nuclear program .” “Stuxnet attacked Windows systems using an unprecedented four zero-day attacks (…)… The number of zero -day exploits used is unusual, as they are highly valued and malware creators do not typically make use of (and thus simultaneously make visible) four different zero-day exploits in the same worm.” https://en.wikipedia.org/wiki/Stuxnet

  21. From Spec to Spec+Check Formal Methods Specification • Mathematical/logical specification of desired (correct) behavior (Correct) Implementation • Automated/interactive checking of implementation against specification (Incorrect) Implementation

  22. Correctness Properties • Memory safety • No buffer overruns • Functional correctness • Termination • Minimize side-channel leaks • Cryptographic security • …

  23. Automatic verification of infinite-state systems System 𝑇 Property 𝜒 Rice’s Theorem Verification I can’t decide! Is there a behavior of 𝑇 that violates 𝜒 ? Unknown / Diverge Counterexample Proof Slide from Mooly Sagiv

  24. Deductive verification System 𝑇 Inductive argument 𝐽𝑜𝑤 Property 𝜒 Deductive Verification Is 𝐽𝑜𝑤 an inductive invariant for 𝑇? 1) Does Inv entail 𝜒 ? 2) Unknown / Diverge Counterexample to Induction Proof Slide from Mooly Sagiv

  25. Inductive invariants Safety System State Space Property 𝐶𝑏𝑒 𝑆𝑓𝑏𝑑ℎ 𝐽𝑜𝑗𝑢 System 𝑇 is safe if all the reachable states satisfy the property 𝜒 = ¬𝐶𝑏𝑒 Slide from Mooly Sagiv

  26. Inductive invariants Safety System State Space Property 𝑈𝑆 𝐽𝑜𝑤 𝐶𝑏𝑒 𝑆𝑓𝑏𝑑ℎ 𝑈𝑆 𝑈𝑆 𝐽𝑜𝑗𝑢 System 𝑇 is safe if all the reachable states satisfy the property 𝜒 = ¬𝐶𝑏𝑒 System 𝑇 is safe iff there exists an inductive invariant 𝐽𝑜𝑤 : 𝐽𝑜𝑗𝑢 ⊆ 𝐽𝑜𝑤 ( Initiation ) if 𝜏 ∈ 𝐽𝑜𝑤 and 𝜏 → 𝜏′ then 𝜏′ ∈ 𝐽𝑜𝑤 ( Consecution ) 𝐽𝑜𝑤 ∩ 𝐶𝑏𝑒 = ∅ ( Safety ) Slide from Mooly Sagiv

  27. Logic-based deductive verification • Represent 𝐽𝑜𝑗𝑢 , → , 𝐶𝑏𝑒 , 𝐽𝑜𝑤 by logical formulas • Formula  Set of states • Automated solvers for logical satisfiability made huge progress • Propositional logic (SAT) – industrial impact for hardware verification • First-order theorem provers • Satisfiability modulo theories (SMT) – major trend in software verification Slide from Mooly Sagiv

  28. Deductive verification by reductions to Fir irst Order Lo Logic Protocol Loop Invariant Inv(V) Safety Property  Bad(V) Init(V), Tr (V, V’) Front-End 1) SAT(Init(V)  Inv(V))? 2) SAT(Inv(V)  Tr(V, V ’ )  Inv(V ’ ))? 3)SAT(Inv(X)  Bad(V))? First Order SAT Solver Y N Counterexample to Induction (CTI) Proof ? Slide from Mooly Sagiv

  29. Automated Theorem Prover Leonardo de Moura, Nikolaj Bjorner, Open Source (MIT License) Christoph Wintersteiger, … https://github.com/z3prover/z3 https://rise4fun.com/Z3/tutorial Linear Bit Vectors Boolean Floating Arithmetic Algebra Point Z3 reasons over a combination of theories Non-linear, First-order Axiomitizations Reals Algebraic Sets/Maps/… Data Types

  30. Reduction to Logic int Puzzle(int x) { int res = x; res = res + (res << 10); res = res ^ (res >> 6); if (x > 0 && res == x + 1) throw new Exception("bug"); return res; } x = 389306474 https://rise4fun.com/Z3/n6ZB6

  31. Logic/Complexity Classes Greater Practical problems often have structure that can be exploited. Expressiveness Undecidable (FOL + LIA) Algorithmic advances Semi Decidable (FOL) Large-scale evaluation and careful engineering NEXPTIME (EPR) PSPACE Greater (QBF) NP (SAT) Automation

  32. Symbolic Analysis SLS, floats  Z: Opt+MaxSMT Tools  Z: Datalog Generalized PDR Existential Reals Model Constructing SAT CutSAT: Linear Integer Formulas SAGE Quantified Bit-Vectors Linear Quantifier Elimination Model Based Quantifier Instantiation Generalized, Efficient Array Decision Procedures HAVOC Engineering DPLL(T) + Saturation Effectively Propositional Logic Model-based Theory Combination Internals Relevancy Propagation Efficient E-matching for SMT solvers

  33. Formal Methods: Substantial Progress Better Tools Application to Real Systems • Automated + Interactive • Static Driver Verifier (Windows drivers) Theorem Provers • http://compcert.inria.fr/ (C compiler) • Model Checking • https://sel4.systems/ (OS) • Program Analysis • … From Spec to Spec+Check

  34. Open Source: Times have changed! “We will move to a Chromium -compatible web platform for Microsoft Edge on the desktop” https://blogs.windows.com/ • Microsoft actively contributes to and use open source • The tools presented in this talk are open source, or have open source equivalents

  35. 20 Years at Microsoft From EULA to SLA From Bugs and Bounties to Cyberweapons From Spec to Spec+Check From Closed to Open

  36. Formal Methods and Tools High-level Specification thinking (TLA+) Correctness of Cryptography and Protocols programming (F*, Ivy, P#) testing Bug Finding and Verification for C/C++ (SAGE, Corral) verifying Network Verification (SecGuru)

  37. Formal Methods and Tools High-level Specification thinking (TLA+) Correctness of Cryptography and Protocols programming (F*, Ivy, P#) testing Bug Finding and Verification for C/C++ (SAGE, Corral) verifying Network Verification (SecGuru)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Methods &amp;&amp; Tools Group Stefania Gnesi F F F M&amp;&amp;T M&amp;&amp;T

Formal Methods &amp;&amp; Tools Group Stefania Gnesi F F F M&amp;&amp;T M&amp;&amp;T

F F F Formal Methods &amp;&amp; Tools Group Stefania Gnesi F F F M&amp;&amp;T M&amp;&amp;T M&amp;&amp;T June 27, 03 Formal Methods &amp;&amp; Tools Group - ISTI CNR CAF - 1 F F F Outline Overview of the Formal Methods

276 views • 23 slides
Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I Practical Formal Methods: 1 Need: Growing Importance and Cost of

278 views • 12 slides
Front-end Technologies for Formal-Methods Tools Makarius Wenzel Univ. Paris-Sud, Laboratoire LRI

Front-end Technologies for Formal-Methods Tools Makarius Wenzel Univ. Paris-Sud, Laboratoire LRI

Front-end Technologies for Formal-Methods Tools Makarius Wenzel Univ. Paris-Sud, Laboratoire LRI November 2013 Abstract Looking at the past decades of interactive (and automated) theorem proving, and tools that integrate both for program

461 views • 34 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
formal methods &amp; tools. SpinS : Extending LTSmin with Promela through SpinJa Alfons Laarman

formal methods &amp; tools. SpinS : Extending LTSmin with Promela through SpinJa Alfons Laarman

UNIVERSITY OF TWENTE. formal methods &amp; tools. SpinS : Extending LTSmin with Promela through SpinJa Alfons Laarman Joint with Freark van der Berg Sept 17, 2012 Imperial College, London, UK ... ... Spin Model Checker Process Meta-Language (

1.23k views • 39 slides
Methods and tools for design time and runtime formal analysis of security protocols and web

Methods and tools for design time and runtime formal analysis of security protocols and web

Methods and tools for design time and runtime formal analysis of security protocols and web applications Marco Rocchetto REsearch Group in I nformation S ecurity Department of Computer Science University of Verona, Italy Verona, May 8, 2015

731 views • 62 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI

Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI

Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SRI ICS, SAL, and Stateflow: 1 Introduction Weve distributed the PVS Verification

978 views • 45 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Generating and Solving Symbolic Parity Games Gijs Kant Jaco van de Pol Formal Methods &amp;

Generating and Solving Symbolic Parity Games Gijs Kant Jaco van de Pol Formal Methods &amp;

Generating and Solving Symbolic Parity Games Gijs Kant Jaco van de Pol Formal Methods &amp; Tools University of Twente The Netherlands Games 2012, Napoli, Italia 1 / 26 Motivation Application: formal verification of process algebraic

531 views • 26 slides
Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

524 views • 25 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process What are Formal Methods? Advantages and Disadvantages of Formal Methods Formal Methods in the Requirement Process Mathematical Formulas

561 views • 20 slides
INF 111 / CSE 121: Software Tools and Methods Software Tools and Methods Lecture Notes for

INF 111 / CSE 121: Software Tools and Methods Software Tools and Methods Lecture Notes for

INF 111 / CSE 121: Software Tools and Methods Software Tools and Methods Lecture Notes for Summer, 2008 Michele Rousseau Lecture Note 10 Effort Estimation Announcements Assignment #3 is due on Monday Quiz #3 regrades are due today

647 views • 21 slides
the local Hamiltonian problem Thomas Vidick Caltech Joint work with Joseph Fitzsimons SUTD and

the local Hamiltonian problem Thomas Vidick Caltech Joint work with Joseph Fitzsimons SUTD and

A multiprover interactive proof system for the local Hamiltonian problem Thomas Vidick Caltech Joint work with Joseph Fitzsimons SUTD and CQT, Singapore Outline 1. Local verification of classical &amp; quantum proofs 2. Quantum multiplayer

391 views • 23 slides
The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel

The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel

The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel Merk University of Maastricht, Sept 24 Oct 15, 2014 The Relativistic Quantum World Sept 14: Lecture 1: The Principle of Relativity and the

486 views • 34 slides
Gravity and Entanglement Josh June 27, 2018 This seminar is a very quick introduction to the

Gravity and Entanglement Josh June 27, 2018 This seminar is a very quick introduction to the

Gravity and Entanglement Josh June 27, 2018 This seminar is a very quick introduction to the role played by entanglement in quantum gravity and holography. If you want to learn more, the following three sets of lecture notes are highly

1.37k views • 88 slides
Prelude to the reference frame interpretation Cold Quantum Coffee Seminar Natalia S

Prelude to the reference frame interpretation Cold Quantum Coffee Seminar Natalia S

Complementarity PBRs theorem EPRs theorem Bells theorem Kochen Speckers theorem Summary Interpretation Prelude to the reference frame interpretation Cold Quantum Coffee Seminar Natalia S anchez-Kuntz; Eduardo Nahmad-Achar

1.44k views • 87 slides
BROADBAND INDUSTRY OUTCOMES AND UNDERLYING MACROECONOMIC ENVIRONMENT Madura Wijewardena

BROADBAND INDUSTRY OUTCOMES AND UNDERLYING MACROECONOMIC ENVIRONMENT Madura Wijewardena

CAIDA WORKSHOP ON INTERNET ECONOMICS 2015 BROADBAND INDUSTRY OUTCOMES AND UNDERLYING MACROECONOMIC ENVIRONMENT Madura Wijewardena Executive Director, Global Public Policy Comcast Corporation Overview Consider industry outcomes as well as

264 views • 11 slides
Control and Complexity: Control and Complexity: Reflexive Modernization Reflexive Modernization

Control and Complexity: Control and Complexity: Reflexive Modernization Reflexive Modernization

Control and Complexity: Control and Complexity: Reflexive Modernization Reflexive Modernization IT in the context of globalization IT in the context of globalization Control/Risk Control/Risk Traditional SE/IS methods (and management

482 views • 32 slides
Quantum entanglement can be simulated without communication Nicolas J. Cerf Centre for Quantum

Quantum entanglement can be simulated without communication Nicolas J. Cerf Centre for Quantum

Quantum entanglement can be simulated without communication Nicolas J. Cerf Centre for Quantum Information and Communication Universit Libre de Bruxelles (joint work with Nicolas Gisin, Serge Massar, and Sandu Popescu) Physical Review

124 views • 11 slides
r trt s rst sss

r trt s rst sss

r trt s rst sss rt r r rst

614 views • 47 slides

More recommend