solution approaches towards verifjed kernel
play

Solution approaches towards verifjed -Kernel Danny Ziesche August - PowerPoint PPT Presentation

Feb 05, 2023 •20 likes •560 views

Solution approaches towards verifjed -Kernel Danny Ziesche August 25, 2017 RheinMain University of Applied Sciences Outline Motivation Methods Defjnitions Results Conclusions Open Questions 1 Motivation Motivation kernels should

  1. Solution approaches towards verifjed µ-Kernel Danny Ziesche August 25, 2017 RheinMain University of Applied Sciences

  2. Outline Motivation Methods Defjnitions Results Conclusions Open Questions 1

  3. Motivation

  4. Motivation • kernels should have a high reliability • in comparison to monolithic kernels small enough to make verifjcation process worthwhile • trusted codebase • security concerns 2

  5. Methods

  6. • research which parts are verifjed and why • how does the verifjcation process work • compare verifjcations Dig into the past • search for (partly) verifjed µ-Kernel 3

  7. • how does the verifjcation process work • compare verifjcations Dig into the past • search for (partly) verifjed µ-Kernel • research which parts are verifjed and why 3

  8. • compare verifjcations Dig into the past • search for (partly) verifjed µ-Kernel • research which parts are verifjed and why • how does the verifjcation process work 3

  9. Dig into the past • search for (partly) verifjed µ-Kernel • research which parts are verifjed and why • how does the verifjcation process work • compare verifjcations 3

  10. • used methods by the µ-kernel? • do we benefjt from it? Learn about formal methods • fjrm understanding about the fundamentals 4

  11. • do we benefjt from it? Learn about formal methods • fjrm understanding about the fundamentals • used methods by the µ-kernel? 4

  12. Learn about formal methods • fjrm understanding about the fundamentals • used methods by the µ-kernel? • do we benefjt from it? 4

  13. Defjnitions

  14. • no automated process • human guidance and skill needed • example theorem prover is isabelle with resolution based on higher-order unifjcation Theorem Prover • assist in formalising proofs 5

  15. • human guidance and skill needed • example theorem prover is isabelle with resolution based on higher-order unifjcation Theorem Prover • assist in formalising proofs • no automated process 5

  16. • example theorem prover is isabelle with resolution based on higher-order unifjcation Theorem Prover • assist in formalising proofs • no automated process • human guidance and skill needed 5

  17. Theorem Prover • assist in formalising proofs • no automated process • human guidance and skill needed • example theorem prover is isabelle with resolution based on higher-order unifjcation 5

  18. • Always • Next • Eventually • derived from FOPL with new temporal operators: Linear Temporal Logic • temporal reasoning 6

  19. • Always • Next • Eventually Linear Temporal Logic • temporal reasoning • derived from FOPL with new temporal operators: 6

  20. • Next • Eventually Linear Temporal Logic • temporal reasoning • derived from FOPL with new temporal operators: • � Always 6

  21. • Eventually Linear Temporal Logic • temporal reasoning • derived from FOPL with new temporal operators: • � Always • � Next 6

  22. Linear Temporal Logic • temporal reasoning • derived from FOPL with new temporal operators: • � Always • � Next • ♦ Eventually 6

  23. • let f be a formula of temporal logic • fjnd all states s of M such that s f Model Checkers • let M be a state-transition graph 7

  24. • fjnd all states s of M such that s f Model Checkers • let M be a state-transition graph • let f be a formula of temporal logic 7

  25. Model Checkers • let M be a state-transition graph • let f be a formula of temporal logic • fjnd all states s of M such that s | = f 7

  26. Results

  27. RUBIS • verifjed only the IPC 8

  28. RUBIS IPC Processor 1 Processor 2 Synchronous Task 2 Task 1 Synchronous Asynchronous Asynchronous Task 4 Task 3 Figure 1: RUBIS Mixed Synchronous and Asynchronous Communication 9

  29. LTL Property Example � ( P ( 0 ) → Q ( 0 ) ∧ ( P ( 1 ) → Q ( 1 )) ∧ . . . ∧ ( P ( m ) → Q ( m ))) • ports need sound state before reusing • property expressed as LTL • P ( p ) = ( Port_State [ p ] = CREATED ) • Q ( p ) = ( empty ( Port [ p ] .messages )) • also expressed as promela defjnition 10

  30. RUBIS Results • lots of errors related to return codes • memory management errors 11

  31. • IPC is important and highly concurrent with a complex implementation • makes it worthy target for formal methods Fluke • verifjed only the IPC 12

  32. • makes it worthy target for formal methods Fluke • verifjed only the IPC • IPC is important and highly concurrent with a complex implementation 12

  33. Fluke • verifjed only the IPC • IPC is important and highly concurrent with a complex implementation • makes it worthy target for formal methods 12

  34. Fluke Formal Methods • uses spin • uses subset of C 13

  35. • found race condition • scaling problems • maintenance problems Fluke Results • found mutex bugs 14

  36. • scaling problems • maintenance problems Fluke Results • found mutex bugs • found race condition 14

  37. • maintenance problems Fluke Results • found mutex bugs • found race condition • scaling problems 14

  38. Fluke Results • found mutex bugs • found race condition • scaling problems • maintenance problems 14

  39. seL4 • interactive machine-assisted and machine-checked proof • proven over 150 invariants • discovered about 140 bugs • revealed 150 problems within the specifjcation • uses theorem prover isabelle/hol • tries to offmoad problematic code to userspace (memory management) • executable specifjcation in haskell subset • implementation in a C subset 15

  40. Refjnement Layers Figure 2: Refjnement layers in the verifjcation of seL4 16

  41. seL4 Results • claims to have no nullpointer access (the kernel itself) • functional correctness for the c kernel implementation • proof maintenance 17

  42. Conclusions

  43. • IPC is a high candidate for verifjcation • agreement on a subset of standard language • existing code proven with model checker • model checker have a short learning curve • non-existing code proven with theorem prover • in my estimation seL4 did the most and best job so far • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel 18

  44. • agreement on a subset of standard language • existing code proven with model checker • model checker have a short learning curve • non-existing code proven with theorem prover • in my estimation seL4 did the most and best job so far • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel • IPC is a high candidate for verifjcation 18

  45. • existing code proven with model checker • model checker have a short learning curve • non-existing code proven with theorem prover • in my estimation seL4 did the most and best job so far • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel • IPC is a high candidate for verifjcation • agreement on a subset of standard language 18

  46. • model checker have a short learning curve • non-existing code proven with theorem prover • in my estimation seL4 did the most and best job so far • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel • IPC is a high candidate for verifjcation • agreement on a subset of standard language • existing code proven with model checker 18

  47. • non-existing code proven with theorem prover • in my estimation seL4 did the most and best job so far • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel • IPC is a high candidate for verifjcation • agreement on a subset of standard language • existing code proven with model checker • model checker have a short learning curve 18

  48. • in my estimation seL4 did the most and best job so far • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel • IPC is a high candidate for verifjcation • agreement on a subset of standard language • existing code proven with model checker • model checker have a short learning curve • non-existing code proven with theorem prover 18

  49. • seems to be a general pattern to µ-kernel verifjcation Conclusions • IPC is obviously an important component for µ-kernel • IPC is a high candidate for verifjcation • agreement on a subset of standard language • existing code proven with model checker • model checker have a short learning curve • non-existing code proven with theorem prover • in my estimation seL4 did the most and best job so far 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Solution approaches for Solution approaches for address-selection problems address-selection

Solution approaches for Solution approaches for address-selection problems address-selection

Solution approaches for Solution approaches for address-selection problems address-selection problems draft-arifumi-6man-addr-select-sol-00.txt NTT PF Lab. Arifumi Matsumoto Tomohiro Fujisaki Intec NetCore, Inc. Ruri Hiromi Kenichi Kanayama

501 views • 13 slides
. . : =L distance functions Possible Euclidean . Manhattan - other .

. . : =L distance functions Possible Euclidean . Manhattan - other .

Midterm the Since Topics based Instance and classification ] learning NN . regression Kernel . mgohssien ... ] ' , margin than Peru " learning , . .dyu, online approaches trick kernel kernel based ^ ,

345 views • 11 slides
Company overview May 2015 1 Disclaimer This presentation has been prepared by been verifjed by

Company overview May 2015 1 Disclaimer This presentation has been prepared by been verifjed by

Company overview May 2015 1 Disclaimer This presentation has been prepared by been verifjed by any independent sources such restrictions. The securities of the This presentation may include forward- MERLIN Properties SOCIMI, S.A. (the and

479 views • 47 slides
Company overview June 2015 1 Disclaimer This presentation has been prepared by been verifjed

Company overview June 2015 1 Disclaimer This presentation has been prepared by been verifjed

Company overview June 2015 1 Disclaimer This presentation has been prepared by been verifjed by any independent sources such restrictions. The securities of the This presentation may include forward- MERLIN Properties SOCIMI, S.A. (the and

674 views • 48 slides
Company overview March 2015 1 Disclaimer This presentation has been prepared by been verifjed

Company overview March 2015 1 Disclaimer This presentation has been prepared by been verifjed

Company overview March 2015 1 Disclaimer This presentation has been prepared by been verifjed by any independent sources such restrictions. The securities of the This presentation may include forward- MERLIN Properties SOCIMI, S.A. (the and

492 views • 32 slides
Robust Solution Approaches for Optimization under Uncertainty: Applications to Air Traffic

Robust Solution Approaches for Optimization under Uncertainty: Applications to Air Traffic

Robust Solution Approaches for Optimization under Uncertainty: Applications to Air Traffic Management Problems Frauke Liers - FAU Erlangen-Nrnberg Konstanz, 15.11.2016 Relevance of Uncertainties in Optimization + x 2 max 0 , 7 x 1 + 1 x 2

895 views • 70 slides
In Kernel Switcher: A solution to support ARM's new big.LITTLE technology Presenter: Mathieu

In Kernel Switcher: A solution to support ARM's new big.LITTLE technology Presenter: Mathieu

In Kernel Switcher: A solution to support ARM's new big.LITTLE technology Presenter: Mathieu Poirier web: www.linaro.org email: mathieu.poirier@linaro.org What is big.LITTLE? A system that contains two sets of architecturally identical

628 views • 29 slides
PhD course in Machine Learning Kernel Engineering Alessandro Moschitti Department of information

PhD course in Machine Learning Kernel Engineering Alessandro Moschitti Department of information

PhD course in Machine Learning Kernel Engineering Alessandro Moschitti Department of information and communication technology University of Trento Email: moschitti@dit.unitn.it Kernel Engineering approaches Basic Combinations Canonical

1.06k views • 78 slides
Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel Fernndez V, David P. Woodruff, Taisuke Yasuda Kernel Method Many machine learning tasks can be expressed as a function of the inner product

389 views • 22 slides
Review of Ghost-Fishing; Scientific Approaches to Evaluation and Solution Tatsuro Matsuoka,

Review of Ghost-Fishing; Scientific Approaches to Evaluation and Solution Tatsuro Matsuoka,

Review of Ghost-Fishing; Scientific Approaches to Evaluation and Solution Tatsuro Matsuoka, Toshiko Nakashima and Naoki Nagsawa (Faculty of Fisheries, Kagoshima University, Shimoatarata 4-50-20, Kagoshima, 890-0057 Japan,

700 views • 14 slides
1 Kernel methods & optimization One example of a kernel that is frequently used in practice

1 Kernel methods & optimization One example of a kernel that is frequently used in practice

Machine Learning Class Notes 9-25-12 Prof. David Sontag 1 Kernel methods & optimization One example of a kernel that is frequently used in practice and which allows for highly non-linear discriminant functions is the Gaussian kernel,

240 views • 5 slides
DL Approaches to Tim ime Series Data Miro Enev, DL Solution Architect Jeff Weiss, Director West

DL Approaches to Tim ime Series Data Miro Enev, DL Solution Architect Jeff Weiss, Director West

DL Approaches to Tim ime Series Data Miro Enev, DL Solution Architect Jeff Weiss, Director West SAs Agenda Define Time Series [ Examples & Brief Summary of Considerations ] Semi-supervised Anomaly Detection [ with Deep Autoencoders

486 views • 30 slides
New Approaches to the Direct Solution of Large-Scale Banded Linear Systems Samuel Rodrguez

New Approaches to the Direct Solution of Large-Scale Banded Linear Systems Samuel Rodrguez

www.bsc.es New Approaches to the Direct Solution of Large-Scale Banded Linear Systems Samuel Rodrguez Bernabeu samuel.rodriguez@bsc.es San Jos, California 2 Solving the linear system after reordering 10 Million degrees of freedom, double

409 views • 23 slides
Chance-Constrained AC Optimal Power Flow: Modelling and Solution Approaches Line A. Roald UW

Chance-Constrained AC Optimal Power Flow: Modelling and Solution Approaches Line A. Roald UW

Chance-Constrained AC Optimal Power Flow: Modelling and Solution Approaches Line A. Roald UW Madison ICERM, June 27, 2019 Power Line! Power Line. Joint work with Sidhant Misra (LANL), Tillmann Mhlpfordt (KIT) and Gran Andersson (ETH)

744 views • 51 slides
Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel Fernndez V, David P. Woodruff, Taisuke Yasuda Overview Preliminaries Kernel ridge regression Kernel -means clustering

476 views • 25 slides
Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
The Greatest Challenge Joachim Parrow Bertinoro 2014 The slides for this talk is a subset of the

The Greatest Challenge Joachim Parrow Bertinoro 2014 The slides for this talk is a subset of the

The Greatest Challenge Joachim Parrow Bertinoro 2014 The slides for this talk is a subset of the slides for my invited talk at Discotec 2014. I here include all of them. onsdag 18 juni 14 The Right Stuff - failure is not an option This is a

1.36k views • 73 slides
Finding Your Bot-Mate: Criteria for evaluating robot kits for use in undergraduate computer

Finding Your Bot-Mate: Criteria for evaluating robot kits for use in undergraduate computer

Finding Your Bot-Mate: Criteria for evaluating robot kits for use in undergraduate computer science education Richard Weiss Isaac Overcast (David McAvity) The Evergreen State College Supported in part by a Plato Royalty Grant Robotics is

361 views • 16 slides
BUILDING YOUR OWN SMART DEVICE 1 Agenda Introduction to Electronics Voltage and current

BUILDING YOUR OWN SMART DEVICE 1 Agenda Introduction to Electronics Voltage and current

iLab 2 BUILDING YOUR OWN SMART DEVICE 1 Agenda Introduction to Electronics Voltage and current Units and parameters Resistance: Ohms Law and Kirchhoff's Laws (Light Emitting) Diodes Common Sensor types 2 Agenda

1.04k views • 30 slides
ProtoDUNE data selection Philip Rodrigues DUNE UK DAQ meeting 11 April 2019 Overall plan

ProtoDUNE data selection Philip Rodrigues DUNE UK DAQ meeting 11 April 2019 Overall plan

ProtoDUNE data selection Philip Rodrigues DUNE UK DAQ meeting 11 April 2019 Overall plan reminder New components: Hit finding in FELIX BR (later, FPGA) Hit-finding board reader Software data selector Trigger at timestamp X

391 views • 11 slides
About me A data engineering challenge

About me A data engineering challenge

About me A data engineering challenge Transaction Data store responsible for Billing Internal debugging

627 views • 43 slides
SVM Kernels COMPSCI 371D Machine Learning COMPSCI 371D Machine Learning SVM Kernels 1 /

SVM Kernels COMPSCI 371D Machine Learning COMPSCI 371D Machine Learning SVM Kernels 1 /

SVM Kernels COMPSCI 371D Machine Learning COMPSCI 371D Machine Learning SVM Kernels 1 / 27 Outline 1 Linear Separability and Feature Augmentation 2 Sample Complexity 3 Computational Complexity 4 Kernels and Nonlinear SVMs 5 Mercers

600 views • 27 slides
Excursion 3 Tour III Capability and Severity: Deeper Concepts Frequentist Family Feud A

Excursion 3 Tour III Capability and Severity: Deeper Concepts Frequentist Family Feud A

Excursion 3 Tour III Capability and Severity: Deeper Concepts Frequentist Family Feud A long-standing statistics war is between hypotheses tests and confidence intervals (CIs) (New Statistics) 2 Historical aside(p. 189) It was

643 views • 51 slides
Multicore Processing Element for SIMD Computing Da-Qi Ren and Reiji Suda Department of Computer

Multicore Processing Element for SIMD Computing Da-Qi Ren and Reiji Suda Department of Computer

Optimization on the Power Efficiency of GPU and Multicore Processing Element for SIMD Computing Da-Qi Ren and Reiji Suda Department of Computer Science Energy aware SIMD/SPMD program design framework GOAL : Importing hardware power

669 views • 19 slides

More recommend