formal sound verification of linux s usb bp keyboard
play

Formal sound verification of Linuxs USB BP keyboard driver Willem - PowerPoint PPT Presentation

Sep 22, 2023 •47 likes •247 views

Formal sound verification of Linuxs USB BP keyboard driver Willem Penninckx Jan Tobias Mhlberg Jan Smans Bart Jacobs Frank Piessens Table Of Contents What did we do? How did we do it? What did we learn? Table Of Contents

  1. Formal sound verification of Linux’s USB BP keyboard driver Willem Penninckx Jan Tobias Mühlberg Jan Smans Bart Jacobs Frank Piessens

  2. Table Of Contents ● What did we do? ● How did we do it? ● What did we learn?

  3. Table Of Contents ● What did we do? ● How did we do it? ● What did we learn?

  4. Formal sound verification Linux’s USB BP keyboard driver

  5. Formal sound verification ● Real-world software toy Linux’s USB BP keyboard driver

  6. Formal sound verification ● Real-world software toy ● Unbounded number of threads ● Unbounded number of keyboards Linux’s USB BP keyboard driver

  7. Formal sound verification Check properties: ● Never crashes ● No race-condition ● API rules ● Real-world software toy ● Unbounded number of threads ● Unbounded number of keyboards Linux’s USB BP keyboard driver

  8. Formal sound verification Check properties: Bug hunting ● Never crashes ● No race-condition If “green bar”, then ● API rules verified property always holds ● Real-world software toy ● Unbounded number of threads ● Unbounded number of keyboards Linux’s USB BP keyboard driver

  9. Table Of Contents ● What did we do? ● How did we do it? ● What did we learn?

  10. usbkbd.c input.h void input_register(); void fun1() { c_code; usb.h c_code; usb_core.c c_code; } void usb_kill_urb() { void usb_kill_urb(); c_code; c_code; c_code; }

  11. usbkbd.c input.h /*@ Formal * preCond * postCond API @*/ specs void input_register(); void fun1() { c_code; usb.h c_code; /*@ usb_core.c c_code; * preCond } * postCond void @*/ usb_kill_urb() { void usb_kill_urb(); c_code; c_code; /*@ c_code; * (ghost code) } @*/

  12. usbkbd.c input.h /*@ /*@ Formal * preCond * PreCond * postCond API * PostCond @*/ specs @*/ void input_register(); void fun1() { c_code; usb.h //@ ghostcode c_code; /*@ usb_core.c c_code; * preCond } * postCond void @*/ usb_kill_urb() { void usb_kill_urb(); c_code; c_code; /*@ c_code; * (ghost code) } @*/

  13. usbkbd.c /*@ * PreCond * PostCond @*/ void fun1() { c_code; //@ ghostcode c_code; c_code; } Tool: VeriFast

  14. Table Of Contents ● What did we do? ● How did we do it? ● What did we learn?

  15. Learned / Conclusions http://people.cs.kuleuven.be/~willem.penninckx/usbkbd/

  16. Learned / Conclusions Possible to combine: ● Soundness ● Unbounded #threads ● Real driver ● API usage rules http://people.cs.kuleuven.be/~willem.penninckx/usbkbd/

  17. Learned / Conclusions Possible to combine: ● Soundness ● Unbounded #threads ● Real driver ● API usage rules File Lines C Lines annot usbkbd.c 329 822 API headers / 769 http://people.cs.kuleuven.be/~willem.penninckx/usbkbd/

  18. Learned / Conclusions Possible to combine: ● Soundness ● Unbounded #threads ● Real driver ● API usage rules File Lines C Lines annot Tool speed usbkbd.c 329 822 ~1 second API headers / 769 Bugs found http://people.cs.kuleuven.be/~willem.penninckx/usbkbd/

  19. Learned / Conclusions Possible to combine: ● Soundness ● Unbounded #threads ● Real driver ● API usage rules File Lines C Lines annot Tool speed usbkbd.c 329 822 ~1 second API headers / 769 Bugs found ● Unloading bug ● Synchronization bug http://people.cs.kuleuven.be/~willem.penninckx/usbkbd/

  20. Learned / Conclusions Possible to combine: ● Soundness ● Unbounded #threads ● Real driver ● API usage rules File Lines C Lines annot Tool speed usbkbd.c 329 822 ~1 second API headers / 769 Bugs found ● Unloading bug ● Synchronization bug Patches are in Linux 3.3 http://people.cs.kuleuven.be/~willem.penninckx/usbkbd/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal sound verification of Linuxs USB BP keyboard driver Willem Penninckx Jan Tobias

Formal sound verification of Linuxs USB BP keyboard driver Willem Penninckx Jan Tobias

Formal sound verification of Linuxs USB BP keyboard driver Willem Penninckx Jan Tobias Mhlberg Jan Smans Bart Jacobs Frank Piessens Table Of Contents What did we do? How did we do it? What did we learn? Table Of Contents

681 views • 10 slides
Project L.A.K.E. Logging of Acoustic Keyboard Emanations Using Sound as a Keylogger

Project L.A.K.E. Logging of Acoustic Keyboard Emanations Using Sound as a Keylogger

Project L.A.K.E. Logging of Acoustic Keyboard Emanations Using Sound as a Keylogger Determine what a person is typing based on the sound of their keystrokes Exploit small differences in key sounds Ultimate goal: determine

410 views • 12 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel Luke Nelson, Jacob Van Geffen, Emina Torlak, and Xi Wang University of Washington Goal: formally verified (e)BPF JITs in the

267 views • 22 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing mathematics

353 views • 19 slides
Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA http://www.clifford.at/papers/2018/riscv-formal/ About assertion based formal verification (formal ABV) Assertion based verification (ABV) Uses

781 views • 39 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

706 views • 56 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
Project L.A.K.E. Logging of Acoustic Keyboard Emanations Team A2: Ronit Banerjee, Kevin

Project L.A.K.E. Logging of Acoustic Keyboard Emanations Team A2: Ronit Banerjee, Kevin

Project L.A.K.E. Logging of Acoustic Keyboard Emanations Team A2: Ronit Banerjee, Kevin DeVincentis, James Zhang Using Sound as a Keylogger Determine what a person is typing based on the sound of their keystrokes Exploit small

821 views • 12 slides
Project L.A.K.E. Logging of Acoustic Keyboard Emanations Team A2: Ronit Banerjee, Kevin

Project L.A.K.E. Logging of Acoustic Keyboard Emanations Team A2: Ronit Banerjee, Kevin

Project L.A.K.E. Logging of Acoustic Keyboard Emanations Team A2: Ronit Banerjee, Kevin DeVincentis, James Zhang Using Sound as a Keylogger Determine what a person is typing based on the sound of their keystrokes Exploit small

290 views • 11 slides
Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification 2 Formal

627 views • 19 slides
Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification Transition systems 2

798 views • 62 slides
Associations Betw een Practice- Reported Medical Homeness and Health Care Utilization Among

Associations Betw een Practice- Reported Medical Homeness and Health Care Utilization Among

Associations Betw een Practice- Reported Medical Homeness and Health Care Utilization Among Publicly Insured Children Presentation at the AcademyHealth Annual Research Meeting Minneapolis, MN June 16, 2015 Anna L. Christensen, PhD Joseph

472 views • 21 slides
Blue Cross Blue Shield Massachusettss Role in Addressing Health Equity and Preventing Chronic

Blue Cross Blue Shield Massachusettss Role in Addressing Health Equity and Preventing Chronic

Blue Cross Blue Shield Massachusettss Role in Addressing Health Equity and Preventing Chronic Disease Massachusetts Partnership for Health Promotion and Chronic Disease Prevention Insurer panel: The Role of Insurers in Addressing Health

371 views • 9 slides
S9708 - STRONG SCALING HPC APPLICATIONS: BEST PRACTICES WITH A LATTICE QCD CASE STUDY Kate Clark,

S9708 - STRONG SCALING HPC APPLICATIONS: BEST PRACTICES WITH A LATTICE QCD CASE STUDY Kate Clark,

S9708 - STRONG SCALING HPC APPLICATIONS: BEST PRACTICES WITH A LATTICE QCD CASE STUDY Kate Clark, Mathias Wagner Lattice Quantum Chromodynamics QUDA Bandwidth Optimization AGENDA Latency Optimization Multi-node scaling NVSHMEM Summary 2

1.18k views • 63 slides
The Effects of Race Conditions when Implementing Single-Source Redundant Clock Trees in Triple

The Effects of Race Conditions when Implementing Single-Source Redundant Clock Trees in Triple

The Effects of Race Conditions when Implementing Single-Source Redundant Clock Trees in Triple Modular Redundant Synchronous Architectures Melanie Berg, AS&D in support of NASA/GSFC Melanie.D.Berg@NASA.gov Ken LaBel, NASA/GSFC Jonathan

389 views • 27 slides
Akka Java Documentation Release 2.2.3 1 Thursday, November 28, 13 Terminology, Concepts

Akka Java Documentation Release 2.2.3 1 Thursday, November 28, 13 Terminology, Concepts

Akka Java Documentation Release 2.2.3 1 Thursday, November 28, 13 Terminology, Concepts Concurrency vs. Parallelism Asynchronous vs. Synchronous Non-blocking vs. Blocking Deadlock vs. Starvation vs. Live-lock Race Condition 2 Thursday,

440 views • 18 slides
Laboratory of Advanced Network Technologies. MSC & SCStudio Mat u s Madzin Faculty of

Laboratory of Advanced Network Technologies. MSC & SCStudio Mat u s Madzin Faculty of

Laboratory of Advanced Network Technologies. MSC & SCStudio Mat u s Madzin Faculty of Informatics Masaryk University Autumn 2011 1 / 30 Message Sequence Chart Message Sequence Chart (MSC) is a formalism for communication

679 views • 57 slides
Infinite Campus Teacher Training 8/22/2012 * Attendance Entry * Account Log In * Password

Infinite Campus Teacher Training 8/22/2012 * Attendance Entry * Account Log In * Password

Infinite Campus Teacher Training 8/22/2012 * Attendance Entry * Account Log In * Password Reset * Campus Community * Teacher Preferences * Assignment Creation Attendance Entry * by Section Roster * by Process Inbox 1 Section Roster

194 views • 4 slides
TxEVER Birth and Death for Local Registrars CDCAT Fall Conference Derek Johnson, Field

TxEVER Birth and Death for Local Registrars CDCAT Fall Conference Derek Johnson, Field

TxEVER Birth and Death for Local Registrars CDCAT Fall Conference Derek Johnson, Field Services, VSS 0 2 Aug 2 0 1 8 Agenda This conference call presentation will cover the following: 1 . Birth Local Registration a. Local

527 views • 28 slides

More recommend