SLIDE 1
Formal verification
- f low-level
Motivations
Host 1
Hardware OS Apps
Formal verification of low-level execution platforms Apps OS - - PowerPoint PPT Presentation
Formal verification of low-level execution platforms Apps OS - - PowerPoint PPT Presentation
Roberto Guanciale Estonian Winter School Day 02 Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations Apps Crypto Service OS Hypervisor/ Separation Kernel Hardware Host 1 Motivations Separation
SLIDE 2
SLIDE 3
Motivations
Host 1
Hardware OS Apps Hypervisor/ Separation Kernel Crypto Service
SLIDE 4
Hosting untrusted SW (hypervisors host operating systems)
Hosting trusted critical SW
Supporting
CPU sharing
Spatial isolation
Context switch
Communications
Separation Kernel / Hypervisor
SLIDE 5
- Registers (Program Counter)
- Flags
- Fetches instruction from memory
- Executes arithmetical instructions
- Loads/Stores data from/to memory
- Has several mode of operations (PL0/PL1)
- Multiplexed
5 minute course on computer architecture (ARMv7)
SLIDE 6
- Contains instructions
- Contains data (heap/stack/etc)
- Is a big table from physical addresses
to bytes
- Partitioned
5 minute course on computer architecture
SLIDE 7
- Translates virtual addresses to
physical addresses
- Configured via page tables (stored in
memory) and coprocessors
- for every va
- corresponding pa (if mapped)
- access rights (rd/wt)
- required mode
- Enforce access policies
5 minute course on computer architecture
MMU
Load/Store VA Page Tables Load/Store PA Exceptions
SLIDE 8
5 minute course on computer architecture
MMU
Load/Store VA Page Tables Load/Store PA Exceptions
- From PL1 to PL0
- Special instruction
- Jump to an arbitrary address
- From PL0 to PL1
- Exceptions / Instruction to raise a SW interrupt
- jump to a fixed address (exception handler)
SLIDE 9
ISA model
SLIDE 10
ISA model
SLIDE 11
Hardware OS Hypervisor Crypto Service
Cooperative scheduling Static memory allocation Message passing Paravirtualization No preemption
SLIDE 12
Hardware OS Hypervisor Crypto Service
Cooperative scheduling Static memory allocation Message passing Paravirtualization No preemption
- executed in PL1
- invoked via SW interrupt
- supervises page tables
SLIDE 13
A trace of the system
SLIDE 14
A trace of the system
Context switch: page tables are updated blue-registers are stored red-registers are loaded
SLIDE 15
Security property
- Non-interference
SLIDE 16
Security property
- Non-interference
SLIDE 17
Security property
- Non-interference
SLIDE 18
Security property
- Non-interference
SLIDE 19
Security property
- Non-interference
SLIDE 20
Security property
- Non-interference
Does not work: the two partitions communicate!
SLIDE 21
Top Level Specification
Host 1
Hardware Software Crypto Service
Host 2
Hardware
SLIDE 22
Top level specification (ideal world)
- Two physically separated machine
- Only one machine active
- No PL1 computation
SLIDE 23
Top level specification (ideal world)
- Two physically separated machine
- Only one machine active
- No PL1 computation
?
SLIDE 24
Top level specification (ideal world)
- Two physically separated machine
- Only one machine active
- No PL1 computation
Ideal Functionality
SLIDE 25
Top level specification (ideal world)
- Two physically separated machine
- Only one machine active
- No PL1 computation (replaced by atomic functionalities)
Ideal Functionality
SLIDE 26
Top level specification (ideal world)
- Two physically machines (one active)
and hypervisor data
SLIDE 27
Top level specification (ideal world)
- Two physically machines (one active)
and hypervisor data
- Standard computations
have standard effects
SLIDE 28
Top level specification (ideal world)
- Two physically machines (one active)
and hypervisor data
- Standard computations
have standard effects
- Exceptions activate the
ideal functionalities
SLIDE 29
Verification Strategy
- Trace equivalence
- Unwinding condition based on bisimulation
SLIDE 30
Verification Strategy
- Bisimulation
SLIDE 31
Verification Strategy
- Bisimulation
Weak transitions
SLIDE 32
Bisimulation
Reg OS1 Hypervisor OS2 Reg OS1 Reg OS2 h
SLIDE 33
Bisimulation
Reg OS1 Hypervisor OS2 Reg OS1 Reg OS2 h
SLIDE 34
Bisimulation
Reg OS1 Hypervisor OS2 Reg OS1 Reg OS2 h
SLIDE 35
Bisimulation
Reg OS1 Hypervisor OS2 Reg OS1 Reg OS2 h
SLIDE 36
Bisimulation
Reg OS1 Hypervisor OS2 Reg OS1 Reg OS2 h
SLIDE 37
Bisimulation
Reg OS1 Hypervisor OS2 Reg OS1 Reg OS2 h
SLIDE 38
Exercise
- Assuming non-interference property of H: H only depends
- n the active machine
- n the content of the memory of other machine at address
OUT2 (OUT1)
- Assuming non-interference property for guest 2: region of memory
in MEM2 that includes OUT2 does not depend on the content of region K2
SLIDE 39
Proof Decomposition: PL0 transitions
- Non-interference for ARMv7
- Non dependent by the kernel code
- Non dependent by the partition code
SLIDE 40
Proof Decomposition: PL1 transitions
- Functional correctness
- The handlers code respects the specification
SLIDE 41
PL0 proof
- Non dependent by the kernel code / guest code
- have to be done for every possible instruction
- Strategy
- prove SW independent theorems assuming properties of the
system
- verify that our SW meets this assumptions
SLIDE 42
PL0 proof: ISA integrity
SLIDE 43
PL0 proof: ISA integrity
SLIDE 44
PL0 proof: ISA integrity
SLIDE 45
PL0 proof: ISA integrity
SLIDE 46
Exercise
- When is an equivalence relation?
- Reflexive
- Symmetric
- Transitive
SLIDE 47
PL0 proof: ISA confidentiality
SLIDE 48
PL0 proof: ISA confidentiality
SLIDE 49
PL0 proof: ISA confidentiality
SLIDE 50
PL0 proof: ISA confidentiality
SLIDE 51
PL0 proof: ISA confidentiality
SLIDE 52
PL0 proof: ISA confidentiality
SLIDE 53
PL0 proof: ISA confidentiality
SLIDE 54
Proof obligation (O1): page tables
SLIDE 55
PL0 Proof: memory equality
- If machine 1 is active then machine 2 is unchanged
- from O1 and T1 we know that in the real machine the memory
MEM2 is unchanged
- thus the equivalence between the real machine and machine 2 for
MEM2 is preserved
SLIDE 56
PL0 Proof: memory equality
- from O1 and T2 we know that the behavior of both the real machine
and machine 1 depends only on memory in MEM1
- thus the equivalence between the real machine and machine 1 for
MEM1 is preserved
SLIDE 57
Proof obligation (O2): page tables
SLIDE 58
PL0 Proof: invariants and hypervisor data-structures
- from definition of TLS we know that the hypervisor data can not be
changed
- from O2 and T1 we know that in the real machine the memory that
holds these structure can not be changed
- from O2 and T1 we know that the invariants are preserved
SLIDE 59
Exercise
- Extend the model and proofs to handle a Memory Mapped device
(UART)
- Address DevOut can be used to write something
- Address DevIn can be used to read something
- Device fetches and writes into these addresses
- Partition 2 should be in control of the device
- Device transitions are interleaved with CPU transitions (assume
the device does not perform any action while the CPU is in PL1)
SLIDE 60
Exercise
- How should DMA devices be handled?
- Address DevOut can be used to write a pointer
- Address DevIn can be used to write a pointer
- Device fetches these pointers and writes/reads into the pointed
memory
- Partition 2 should be in control of the device
SLIDE 61
Exercise
- Extend the toy CPU with a new instruction
SLIDE 62
Summary
- ISA model
- Verification Goal (via TLS)
- Proof decomposition
- Sketch of proof for PL0
- Upcoming
- Verification for PL1
SLIDE 63