SLIDE 1
Languages at Galois Joey Dodds and many others Trust boundary - - PowerPoint PPT Presentation
Languages at Galois Joey Dodds and many others Trust boundary - - PowerPoint PPT Presentation
Languages at Galois Joey Dodds and many others Trust boundary Aggregator Aggregator User Core Aggregator Aggregator User What does a user want? Sandwich eating certificate System What does a user want? Sandwich eating certificate
SLIDE 2
SLIDE 3
SLIDE 4
SLIDE 5
Core Aggregator Aggregator Aggregator Aggregator User User Trust boundary
SLIDE 6
What does a user want?
System
Sandwich eating certificate
SLIDE 7
What does a user want?
System
Sandwich eating certificate checker at time t
SLIDE 8
How many languages?
5*
*It’s way more than 5
SLIDE 9
Core Aggregator Aggregator Aggregator Aggregator User User Trust boundary
SLIDE 10
Layered verification
- Code meets a low-level specification
- Low-level specification meets higher-level specification
- High level-specification has meaningful properties
SLIDE 11
Core Aggregator Aggregator Aggregator Aggregator User User Trust boundary
SLIDE 12
Layered verification (TLS)
- Code meets a low-level specification
Proof that C code for transition function is equal to ours
- Low-level specification meets higher-level specification
Proof that our transition fn is equal to a fn written from RFCs
- High level-specification has meaningful properties
Handshake always completes
SLIDE 13
Core Aggregator Aggregator Aggregator Aggregator User User Trust boundary
SLIDE 14
Proof for internal messages
In we’ve defined executable serialization and parsing functions We have proved: ∀ msg. parse (serialize msg) = msg
SLIDE 15
Proof for monolithic system
In we’ve defined a linear temporal logic This allows us to talk about things that ☐ always happen And ♢ eventually happen
SLIDE 16
Proof for monolithic system
We prove that if a user sends a message to the system now, eventually they will get a certificate back This was crazy hard