how trustworthy can systems become
play

How Trustworthy Can Systems Become? Vincent Rahli - PowerPoint PPT Presentation

Jul 23, 2023 •333 likes •964 views

How Trustworthy Can Systems Become? Vincent Rahli http://www.nuprl.org http://www.cs.cornell.edu/~rahli/ January 28, 2015 Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 1/62 My collaborators PRL group Abhishek Anand

  1. How Trustworthy Can Systems Become? Vincent Rahli http://www.nuprl.org http://www.cs.cornell.edu/~rahli/ January 28, 2015 Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 1/62

  2. My collaborators PRL group Abhishek Anand Mark Bickford Robert L. Constable Richard Eaton Vincent Rahli ATC-NY David Guaspari Matt Stillerman System group Robbert van Renesse Nicolas Schiper Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 2/62

  3. Distributed systems are ubiquitous Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 3/62

  4. Distributed systems are ubiquitous Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 4/62

  5. Correctness What evidence do we have that these systems are correct? Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 5/62

  6. Correctness What evidence do we have that these systems are correct? Type checking Testing Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 6/62

  7. Correctness What evidence do we have that these systems are correct? Type checking Testing Model checking Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 7/62

  8. Correctness What evidence do we have that these systems are correct? Type checking Testing Model checking Theorem proving Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 8/62

  9. Correctness Specification Program Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 9/62

  10. Correctness Specification Verification Program Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 10/62

  11. Correctness — Constructive Type Theory Specification Proofs as programs Verification Program Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 11/62

  12. Correctness — Constructive Type Theory What does it mean? Lemma comm : ∀ A B : Type , ( A × B ) → ( B × A ). Proof . refine ( fun A B p ⇒ match p with | ( a , b ) ⇒ ( b , a ) end ). Qed . Proofs are programs and vice-versa Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 12/62

  13. Proof assistants The technology is mature { ACL2 : Motorola, AMD, IBM, Centaur, Rockwell Collins,. . . { Coq : Java Card, Compcert, Four Colour Theorem, Odd Order Theorem,. . . { HOL : Hardware verification, CakeML, Kepler conjecture,. . . { Nuprl : Ensemble, Paxos, Higman’s Lemma,. . . { PVS : Flight control systems,. . . Agda , Idris , Twelf , Matita , Mizar , . . . Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 13/62

  14. Projects What evidence do we have that these distributed systems are correct? What evidence do we have that our proofs are correct? Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 14/62

  15. Projects What evidence do we have that these distributed systems are correct? Platform to develop and reason about distributed systems. What evidence do we have that our proofs are correct? Building and verifying Nuprl in Coq. Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 15/62

  16. Distributed Systems Distributed systems are hard to specify, implement and verify. We need to tolerate failures. It is hard to test all possible scenarios. State space explosion using model checking. Model checking often done on abstractions of the code rather than on the code itself. Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 16/62

  17. Distributed Systems We use Nuprl as a specification, programming and verification language. Programming interface: a constructive specification language called EventML Verification methodology Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 17/62

  18. Distributed Systems A logic of events implemented in Nuprl. Specified, verified, and generated consensus protocols (e.g., Paxos) using EventML . Aneris : a total ordered broadcast service. ShadowDB : a replicated database with 2 parametrizable replication protocols (PBR & SMR) built on top of Aneris. Improved performance without introducing bugs. We get decent performance . Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 18/62

  19. Distributed Systems — Big picture Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 19/62

  20. Distributed Systems — Message sequence diagram See: Paxos Made Moderately Complex Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 20/62

  21. Distributed Systems — Combinators Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 21/62

  22. Distributed Systems — Combinators Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 22/62

  23. Distributed Systems — EventML EventML for Paxos Synod: . . . agent Leader = SpawnFirstSc out | | (( LeaderPropose | | LeaderAdopted ) > > = Commander ) | | ( LeaderPreempted > > = Scout ) ; ; main Leader @ l d r s | | Acceptor @ ac c pts Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 23/62

  24. Distributed Systems — Verification We use causal induction + inductive logical forms (ILFs) + state machine invariants Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 24/62

  25. Distributed Systems — Verification We use causal induction + inductive logical forms (ILFs) + state machine invariants Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 25/62

  26. Distributed Systems — Code generation Efficiency? January 2012: 2 seconds per transaction Faster process combinators. June 2012: 500 milliseconds per transaction Optimization/compilation to Lisp. End of 2012: 60 milliseconds per transaction (interpreted), 9 milliseconds per transaction (compiled) Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 26/62

  27. Distributed Systems — What next? Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 27/62

  28. Correctness What evidence do we have that these distributed systems are correct? What evidence do we have that our proofs are correct? Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 28/62

  29. Correctness What evidence do we have that these distributed systems are correct? Platform to develop and reason about distributed systems. What evidence do we have that our proofs are correct? Building and verifying Nuprl in Coq. Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 29/62

  30. Nuprl in Coq — Our initial motivation We build theorem provers to prove programs’ correctness Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 30/62

  31. Nuprl in Coq — Our initial motivation We build theorem provers to prove programs’ correctness . . . but rarely use them to prove their own correctness Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 31/62

  32. Nuprl in Coq — Our initial motivation How do we know that our systems are sound? How do we safely extend them? Proofs mostly carried out on paper Not carried out in full detail Spread over several papers/PhD theses Precise metatheory, precise account of Nuprl Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 32/62

  33. Nuprl in Coq — Our initial motivation Agda & Coq { 2013/2014: bug in the termination checker Nuprl { Invalid rules after modifying the theory Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 33/62

  34. Nuprl in Coq — Our initial motivation Agda & Coq { 2013/2014: bug in the termination checker Nuprl { Invalid rules after modifying the theory How can we be sure that these rules are valid? Nuprl’s PER semantics (types are defined as partial equivalence relations on terms — extensional) in Coq and Agda. Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 34/62

  35. Nuprl in Coq — Mechanization and Experimentation! Mechanization Experimentation { Adding new computations { Less error prone { Adding new types { Easier to propagate changes { Exploring type theory { Positive feedback loop { Changing the theory { Additive Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 35/62

  36. Nuprl in Coq — What do we cover? Stuart Allen had his own meta-theory that was meant to be meaningful on its own and needs not be framed into type theory. We chose to use Coq and Agda. Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 36/62

  37. Nuprl in Coq — Nuprl Stack Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 37/62

  38. Nuprl in Coq — Nuprl Environment Distributed Runs in the cloud Structure editor Tactic language: Classic ML Shared library Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 38/62

  39. Nuprl in Coq — Nuprl Types Based on Martin-L¨ of’s extensional type theory. Equality : a = b ∈ T Dependent function : a : A → B [ a ] Dependent product : a : A × B [ a ] Universe : U i Vincent Rahli How Trustworthy Can Systems Become? January 28, 2015 39/62

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Gaining Confidence in the Correctness of Robotic and Autonomous Systems Kerstin Eder Trustworthy

Gaining Confidence in the Correctness of Robotic and Autonomous Systems Kerstin Eder Trustworthy

Gaining Confidence in the Correctness of Robotic and Autonomous Systems Kerstin Eder Trustworthy Systems Laboratory Verification and Validation for Safety in Robots, Bristol Robotics Laboratory Designing Trustworthy Systems Create flawless

898 views • 65 slides
Building Trustworthy Systems on seL4 Ihor Kuz seL4 Summit:

Building Trustworthy Systems on seL4 Ihor Kuz seL4 Summit:

Building Trustworthy Systems on seL4 Ihor Kuz seL4 Summit: 25 September 2019 www.data61.csiro.au Overview What is a Trustworthy System? What does

747 views • 26 slides
Provably Trustworthy Systems seL4 and beyond Gerwin Klein Royal Society Meeting on Verified

Provably Trustworthy Systems seL4 and beyond Gerwin Klein Royal Society Meeting on Verified

Provably Trustworthy Systems seL4 and beyond Gerwin Klein Royal Society Meeting on Verified trustworthy software systems April 2016 data61.csiro.au Formal verification of real systems is happening! Formal verification of real systems

981 views • 75 slides
CTSRD CRASH-worthy Trustworthy Systems Research and Development Beyond the PDP-11:

CTSRD CRASH-worthy Trustworthy Systems Research and Development Beyond the PDP-11:

CTSRD CTSRD CRASH-worthy Trustworthy Systems Research and Development Beyond the PDP-11: Architectural support for a memory-safe C abstract machine David Chisnall , Colin Rothwell , Brooks Davis , Robert N.M. Watson ,

252 views • 22 slides
TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies

TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies for Local Responding To and Trust Assessment Area Monitoring and Area

291 views • 8 slides
Trustworthy Systems from Un-Trusted Components http://www.comp.nus.edu.sg/~tsunami PRESENTED BY

Trustworthy Systems from Un-Trusted Components http://www.comp.nus.edu.sg/~tsunami PRESENTED BY

Trustworthy Systems from Un-Trusted Components http://www.comp.nus.edu.sg/~tsunami PRESENTED BY PROF. ABHIK ROYCHOUDHURY NATIONAL UNIVERSITY OF SINGAPORE ABHIK@COMP.NUS.EDU.SG Enhancing local Ongoing NRF Project Overall capabilities Outlook

407 views • 25 slides
Trustworthy Self-Assembly: A Use-Case for Distributed Runtime Verification John Rushby Computer

Trustworthy Self-Assembly: A Use-Case for Distributed Runtime Verification John Rushby Computer

Trustworthy Self-Assembly: A Use-Case for Distributed Runtime Verification John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Self-Integrating Systems 1 Introduction: Systems of Systems

491 views • 29 slides
CTSRD CRASH-worthy Trustworthy Systems Research and Development The CHERI CPU RISC in the

CTSRD CRASH-worthy Trustworthy Systems Research and Development The CHERI CPU RISC in the

CTSRD CTSRD CRASH-worthy Trustworthy Systems Research and Development The CHERI CPU RISC in the age of risk David Chisnall University of Cambridge Approved for public release; distribution is unlimited. This research is sponsored by the

803 views • 41 slides
Trustworthy Technologies for Local Area Management, Monitoring, and Control Tom Overbye Number

Trustworthy Technologies for Local Area Management, Monitoring, and Control Tom Overbye Number

Trustworthy Technologies for Local Area Management, Monitoring, and Control Tom Overbye Number of Activities: 5 2012 Industry Workshop October 30, 2012 | 1 TCIPG Technical Clusters and Threads Trustworthy Technologies Trustworthy

419 views • 10 slides
Trustworthy Computing * Reverse engineers agree on that! Trustworthy Computing Trustworthy

Trustworthy Computing * Reverse engineers agree on that! Trustworthy Computing Trustworthy

Trustworthy Computing * Reverse engineers agree on that! Trustworthy Computing Trustworthy Computing Trustworthy Computing Trustworthy Computing Trustworthy Computing Trustworthy Computing *

753 views • 63 slides
Trustworthy Technologies for Wide Area Monitoring and Control Carl Hauser Number of Activities:

Trustworthy Technologies for Wide Area Monitoring and Control Carl Hauser Number of Activities:

Trustworthy Technologies for Wide Area Monitoring and Control Carl Hauser Number of Activities: 9 2012 Industry Workshop October 30, 2012 | 1 TCIPG Technical Clusters and Threads Trustworthy Technologies Trustworthy Technologies Responding

249 views • 12 slides
Trustworthy Elections: Evidence and Dispute Resolution 2019 Def Con Las Vegas, NV Philip B.

Trustworthy Elections: Evidence and Dispute Resolution 2019 Def Con Las Vegas, NV Philip B.

Trustworthy Elections: Evidence and Dispute Resolution 2019 Def Con Las Vegas, NV Philip B. Stark 9 August 2019 University of California, Berkeley 1 Suitably designed and operated paper-based voting systems can be strongly software

598 views • 39 slides
Tamper-resistant creation of integrity tokens for trustworthy communication in cyber-physical

Tamper-resistant creation of integrity tokens for trustworthy communication in cyber-physical

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Tamper-resistant creation of integrity tokens for trustworthy communication in cyber-physical systems Intermediate talk for the Masters

740 views • 25 slides
HATS: Highly Adaptable & Trustworthy Software Using Formal Models Reiner H ahnle

HATS: Highly Adaptable & Trustworthy Software Using Formal Models Reiner H ahnle

Titlepage HATS: Highly Adaptable & Trustworthy Software Using Formal Models Reiner H ahnle Chalmers University of Technology, Gothenburg, Sweden Sophia-Antipolis, 23 October 2008 R. H ahnle HATS: Adaptable & Trustworthy

563 views • 28 slides
Presentations TCIP: Trustworthy Cyber Infrastructure for Power y y Overview Presented by:

Presentations TCIP: Trustworthy Cyber Infrastructure for Power y y Overview Presented by:

Trustworthy Cyber Infrastructure for the Power Grid Presentations TCIP: Trustworthy Cyber Infrastructure for Power y y Overview Presented by: William H. Sanders TCIP Industry Workshop, October 17, 2007 University of Illinois

303 views • 9 slides
BGPSec Interoperability Test QuaggaSRx and BIRD bgpsec IETF 97 Trustworthy Networking Program

BGPSec Interoperability Test QuaggaSRx and BIRD bgpsec IETF 97 Trustworthy Networking Program

BGPSec Interoperability Test QuaggaSRx and BIRD bgpsec IETF 97 Trustworthy Networking Program Seoul, South Korea Nov. 17, 2016 Oliver Borchert (oliver.borchert@nist.gov) NaNonal InsNtute of Standards and Technology 1 Tested Systems:

304 views • 17 slides
RZ: a Tool for Bringing Constructive and Computable Mathematics Closer to Practice Andrej Bauer

RZ: a Tool for Bringing Constructive and Computable Mathematics Closer to Practice Andrej Bauer

RZ: a Tool for Bringing Constructive and Computable Mathematics Closer to Practice Andrej Bauer Chris Stone Department of Mathematics and Physics University of Ljubljana, Slovenia Computer Science Department Harvey Mudd College, USA CiE

144 views • 13 slides
Numerical tensor methods and their applications I.V. Oseledets 7 May 2013 I.V. Oseledets

Numerical tensor methods and their applications I.V. Oseledets 7 May 2013 I.V. Oseledets

Numerical tensor methods and their applications I.V. Oseledets 7 May 2013 I.V. Oseledets Numerical tensor methods and their applications All lectures 4 lectures, 2 May, 08:00 - 10:00: Introduction: ideas, matrix results, history. 7 May,

596 views • 55 slides
degrees 0 20 0 20 40 500 10 20 30 40 50 10 20 30 40 50 frame frame RMS

degrees 0 20 0 20 40 500 10 20 30 40 50 10 20 30 40 50 frame frame RMS

estimated camera position estimated camera rotation 500 80 60 40 degrees 0 20 0 20 40 500 10 20 30 40 50 10 20 30 40 50 frame frame RMS errors using prev (:) vs. model ( ) 60 50 RMS intensity error 40 30 20

717 views • 23 slides
1 L Feb-15-04 SMD159, Object-Oriented Modeling Overview Motivation Hierarchical

1 L Feb-15-04 SMD159, Object-Oriented Modeling Overview Motivation Hierarchical

INSTITUTIONEN FR SYSTEMTEKNIK LULE TEKNISKA UNIVERSITET Object-Oriented Modeling David Carr Fundamentals of Computer Graphics Spring 2004 1 L Feb-15-04 SMD159, Object-Oriented Modeling Overview Motivation Hierarchical models,

155 views • 13 slides
Celebration Event for Johan van Benthem, Amsterdam Syntactic Epistemic Logic Sergei Artemov

Celebration Event for Johan van Benthem, Amsterdam Syntactic Epistemic Logic Sergei Artemov

Celebration Event for Johan van Benthem, Amsterdam Syntactic Epistemic Logic Sergei Artemov Graduate Center CUNY September 27, 2014 Sergei Artemov Syntactic Epistemic Logic Abstract We offer a paradigm shift in Epistemic Logic: to view an

590 views • 48 slides
A logic for reasoning about logic specifications Dale Miller INRIA/Futurs and Ecole

A logic for reasoning about logic specifications Dale Miller INRIA/Futurs and Ecole

WIPS 2005, 30 June 1/30 A logic for reasoning about logic specifications Dale Miller INRIA/Futurs and Ecole polytechnique Outline 1. A new architecture for a theorem prover. 2. Proof search, logic programming, proof theory 3. A proof

593 views • 30 slides
Management Dr. Stefan Wagner Technische Universitt Mnchen Garching 14 May 2010 1 Last

Management Dr. Stefan Wagner Technische Universitt Mnchen Garching 14 May 2010 1 Last

Technische Universitt Mnchen Software Quality Management Dr. Stefan Wagner Technische Universitt Mnchen Garching 14 May 2010 1 Last QOT: difference between functional and quality requirements "Functional requirements can be

627 views • 28 slides
HF Sets in Constructive Type Theory Gert Smolka and Kathrin Stark Interactive Theorem Proving,

HF Sets in Constructive Type Theory Gert Smolka and Kathrin Stark Interactive Theorem Proving,

HF Sets in Constructive Type Theory Gert Smolka and Kathrin Stark Interactive Theorem Proving, Nancy, August 24, 2016 saarland university computer science saarland university computer science A minimal computational axiomatization of HF

427 views • 29 slides

More recommend