论文信息 - Asphalion: trustworthy shielding against Byzantine faults

Asphalion: trustworthy shielding against Byzantine faults

Byzantine fault-tolerant state-machine replication (BFT-SMR) is a technique for hardening systems to tolerate arbitrary faults. Although robust, BFT-SMR protocols are very costly in terms of the number of required replicas (3f+1 to tolerate f faults) and of exchanged messages. However, with "hybrid" architectures, where "normal" components trust some "special" components to provide properties in a trustworthy manner, the cost of using BFT can be dramatically reduced. Unfortunately, even though such hybridization techniques decrease the message/time/space complexity of BFT protocols, they also increase their structural complexity. Therefore, we introduce Asphalion, the first theorem prover-based framework for verifying implementations of hybrid systems and protocols. It relies on three novel languages: (1) HyLoE: a Hybrid Logic of Events to reason about hybrid fault models; (2) MoC: a Monadic Component language to implement systems as collections of interacting hybrid components; and (3) LoCK: a sound Logic of events-based Calculus of Knowledge to reason about both homogeneous and hybrid systems at a high-level of abstraction (thereby allowing reusing proofs, and capturing the high-level logic of distributed systems). In addition, Asphalion supports compositional reasoning, e.g., through mechanisms to lift properties about trusted-trustworthy components, to the level of the distributed systems they are integrated in. As a case study, we have verified crucial safety properties (e.g., agreement) of several implementations of hybrid protocols.

[1] Lars Birkedal,et al. Logical Step-Indexed Logical Relations , 2009, 2009 24th Annual IEEE Symposium on Logic In Computer Science.

[2] Antonio Casimiro,et al. The Timely Computing Base Model and Architecture , 2002, IEEE Trans. Computers.

[3] Graham Steel,et al. Formal Analysis of Protocols Based on TPM State Registers , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[4] Adam Chlipala,et al. Chapar: certified causally consistent distributed key-value stores , 2016, POPL.

[5] Miguel Correia,et al. Efficient Byzantine Fault-Tolerance , 2013, IEEE Transactions on Computers.

[6] Joseph Y. Halpern,et al. A Knowledge-Based Analysis of the Blockchain Protocol , 2017, TARK.

[7] André Schiper,et al. The Heard-Of model: computing in distributed systems with benign faults , 2009, Distributed Computing.

[8] Helmut Veith,et al. SMT and POR Beat Counter Abstraction: Parameterized Model Checking of Threshold-Based Distributed Algorithms , 2015, CAV.

[9] Helmut Veith,et al. A short counterexample property for safety and liveness verification of fault-tolerant distributed algorithms , 2016, POPL.

[10] Natarajan Shankar,et al. Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[11] Paulo Veríssimo,et al. Uncertainty and Predictability: Can They Be Reconciled? , 2003, Future Directions in Distributed Computing.

[12] Donald E. Porter,et al. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[13] Danfeng Zhang,et al. Ironclad Apps: End-to-End Security via Automated Full-System Verification , 2014, OSDI.

[14] Toby Murray,et al. CAmkES formalisation of a component platform , 2013 .

[15] Gene Tsudik,et al. HYDRA: hybrid design for remote attestation (using a formally verified microkernel) , 2017, WISEC.

[16] Dengguo Feng,et al. Formal analysis of HMAC authorisation in the TPM2.0 specification , 2018, IET Inf. Secur..

[17] Seif Haridi,et al. Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[18] Alysson Bessani,et al. A Byzantine Fault-Tolerant Ordering Service for the Hyperledger Fabric Blockchain Platform , 2017, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[19] Helmut Veith,et al. On the completeness of bounded model checking for threshold-based distributed algorithms: Reachability , 2014, Inf. Comput..

[20] Tobias Distler,et al. Resource-Efficient Byzantine Fault Tolerance , 2016, IEEE Transactions on Computers.

[21] V. Ganapathy,et al. Automatic discovery of API-level exploits , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[22] Mattias Ulbrich,et al. Deductive Verification of a Byzantine Agreement Protocol , 2010 .

[23] Yoram Moses,et al. Knowledge and Common Knowledge in a Byzantine Environment I: Crash Failures , 1986, TARK.

[24] Miguel Castro,et al. A Correctness Proof for a Practical Byzantine-Fault-Tolerant Replication Algorithm , 1999 .

[25] Yang Liu,et al. TrustFound: Towards a Formal Foundation for Model Checking Trusted Computing Platforms , 2014, FM.

[26] Michael D. Ernst,et al. Planning for change in a formal verification of the raft consensus protocol , 2016, CPP.

[27] Matthew Fernandez,et al. Verifying Linearizability of Intel® Software Guard Extensions , 2015, CAV.

[28] K. Mani Chandy,et al. How processes learn , 1985, PODC '85.

[29] Ilya Sergey,et al. Programming and proving with distributed protocols , 2017, Proc. ACM Program. Lang..

[30] Leslie Lamport,et al. Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[31] Johannes Behl,et al. Hybrids on Steroids: SGX-Based High Performance BFT , 2017, EuroSys.

[32] Sanjit A. Seshia,et al. Moat: Verifying Confidentiality of Enclave Programs , 2015, CCS.

[33] Christian Decker,et al. Bitcoin meets strong consistency , 2014, ICDCN.

[34] Mark Bickford,et al. The Logic of Events, a framework to reason about distributed systems , 2012 .

[35] Mike Bond,et al. Robbing the Bank with a Theorem Prover - (Abstract) , 2007, Security Protocols Workshop.

[36] Stephan Merz,et al. Formal Verification of Consensus Algorithms Tolerating Malicious Faults , 2011, SSS.

[37] Dilsun Kirli Kaynar,et al. A Logic of Secure Systems and its Application to Trusted Computing , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[38] Miguel Correia,et al. EBAWA: Efficient Byzantine Agreement for Wide-Area Networks , 2010, 2010 IEEE 12th International Symposium on High Assurance Systems Engineering.

[39] Athanasios Avgerinos,et al. Exploiting Trade-offs in Symbolic Execution for Identifying Security Bugs , 2014 .

[40] Rance Cleaveland,et al. Implementing mathematics with the Nuprl proof development system , 1986 .

[41] Stephan Merz,et al. A Reduction Theorem for the Verification of Round-Based Distributed Algorithms , 2009, RP.

[42] Kartik Nayak,et al. Solida: A Blockchain Protocol Based on Reconfigurable Byzantine Consensus , 2016, OPODIS.

[43] Ronald Fagin,et al. Reasoning about knowledge , 1995 .

[44] Ross A. Knepper,et al. ROSCoq: Robots Powered by Constructive Reals , 2015, ITP.

[45] Miguel Correia,et al. Wormhole-Aware Byzantine Protocols , 2004 .

[46] Gavin Keighren. Model Checking Security APIs , 2006 .

[47] Graham Steel,et al. A Formal Analysis of Authentication in the TPM , 2010, Formal Aspects in Security and Trust.

[48] Joseph Y. Halpern. USING REASONING ABOUT KNOWLEDGE TO ANALYZE DISTRIBUTED SYSTEMS , 1987 .

[49] Thomas A. Henzinger,et al. The Need for Language Support for Fault-Tolerant Distributed Systems , 2015, SNAPL.

[50] D. Garg,et al. A Logic of Programs with Interface-Confined Code , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[51] Sanjit A. Seshia,et al. Compositional programming and testing of dynamic distributed systems , 2018, Proc. ACM Program. Lang..

[52] David A. Wagner,et al. MOPS: an infrastructure for examining security properties of software , 2002, CCS '02.

[53] Leslie Lamport,et al. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers [Book Review] , 2002, Computer.

[54] Jochen Hoenicke,et al. Reducing liveness to safety in first-order logic , 2017, Proc. ACM Program. Lang..

[55] Aaron Bembenek Lily Tsai Ezra Zigmond. Better Trust Zone : Verifying Security of Enclave-Aware Calculi , 2017 .

[56] Gernot Heiser,et al. Formally verified software in the real world , 2018, Commun. ACM.

[57] Elaine Shi,et al. Hybrid Consensus: Efficient Consensus in the Permissionless Model , 2016, DISC.

[58] Roberto Blanco,et al. When Good Components Go Bad: Formally Secure Compilation Despite Dynamic Compromise , 2018, CCS.

[59] David A. Basin,et al. Cutoff Bounds for Consensus Algorithms , 2017, CAV.

[60] Johannes Behl,et al. CheapBFT: resource-efficient byzantine fault tolerance , 2012, EuroSys '12.

[61] Leslie Lamport,et al. The temporal logic of actions , 1994, TOPL.

[62] Prateek Saxena,et al. A Secure Sharding Protocol For Open Blockchains , 2016, CCS.

[63] Paulo Veríssimo,et al. Travelling through wormholes: a new look at distributed systems models , 2006, SIGA.

[64] Igor Konnov,et al. Synthesis of Distributed Algorithms with Parameterized Threshold Guards , 2018, OPODIS.

[65] Yanhong A. Liu,et al. Formal Verification of Multi-Paxos for Distributed Consensus , 2016, FM.

[66] Matthew Fernandez,et al. Formal Verification of a Component Platform , 2016 .

[67] Jolyon Clulow,et al. Robbing the Bank with a Theorem Prover - (Transcript of Discussion) , 2007, Security Protocols Workshop.

[68] Thai Son Hoang,et al. Rodin: an open toolset for modelling and reasoning in Event-B , 2010, International Journal on Software Tools for Technology Transfer.

[69] Pierre Castéran,et al. Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[70] Kunihiko Miyazaki,et al. Code Generation for Event-B , 2014, IFM.

[71] Chris Newcombe. Why Amazon Chose TLA + , 2014, ABZ.

[72] Stephan Merz,et al. Towards Verification of the Pastry Protocol Using TLA + , 2011, FMOODS/FORTE.

[73] Marko Vukolic,et al. A Byzantine Fault-Tolerant Ordering Service for the Hyperledger Fabric Blockchain Platform , 2018, DSN.

[74] Mark Bickford,et al. Knowledge-Based Synthesis of Distributed Systems Using Event Structures , 2009, LPAR.

[75] Eileen Cleary. Silence. , 2020, JAMA.

[76] Leslie Lamport,et al. Checking Cache-Coherence Protocols with TLA+ , 2003, Formal Methods Syst. Des..

[77] Jean-Raymond Abrial,et al. Modeling in event-b - system and software engineering by Jean-Raymond Abrial , 2010, SOEN.

[78] Shmuel Sagiv,et al. Paxos made EPR: decidable reasoning about distributed protocols , 2017, Proc. ACM Program. Lang..

[79] Srinivas Devadas,et al. A Formal Foundation for Secure Remote Execution of Enclaves , 2017, IACR Cryptol. ePrint Arch..

[80] Thomas A. Henzinger,et al. A Logic-Based Framework for Verifying Consensus Algorithms , 2014, VMCAI.

[81] Laura L. Pullum,et al. Appendix A: References. , 2022, The international journal of tuberculosis and lung disease : the official journal of the International Union against Tuberculosis and Lung Disease.

[82] Ronald Fagin,et al. Knowledge-based programs , 1995, PODC '95.

[83] Ido Ben-Zvi,et al. Causality, Knowledge and Coordination in Distributed Systems , 2011, ArXiv.

[84] Miguel Correia,et al. The Design of a COTSReal-Time Distributed Security Kernel , 2002, EDCC.

[85] Thomas A. Henzinger,et al. PSync: a partially synchronous language for fault-tolerant distributed algorithms , 2016, POPL.

[86] S. Rajamani,et al. A decade of software model checking with SLAM , 2011, Commun. ACM.

[87] Miguel Correia,et al. How to tolerate half less one Byzantine nodes in practical distributed systems , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[88] Tatsuhiro Tsuchiya,et al. Model Checking of Consensus Algorit , 2007, 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007).

[89] Michael Norrish,et al. seL4: formal verification of an OS kernel , 2009, SOSP '09.

[90] Xi Wang,et al. Verdi: a framework for implementing and formally verifying distributed systems , 2015, PLDI.

[91] Mark Bickford,et al. Component Specification Using Event Classes , 2009, CBSE.

[92] Stephen J. Garland. TIOA User Guide and Reference Manual , 2005 .

[93] Benjamin C. Pierce,et al. Beyond Good and Evil: Formalizing the Security Guarantees of Compartmentalizing Compilation , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[94] Yoram Moses,et al. Beyond Lamport's Happened-before , 2014, J. ACM.

[95] Dominique Méry,et al. Automatic code generation from event-B models , 2011, SoICT '11.

[96] Pavol Cerný,et al. Synthesis of interface specifications for Java classes , 2005, POPL '05.

[97] Yoram Moses,et al. On Using Time Without Clocks via Zigzag Causality , 2017, PODC.

[98] Srinath T. V. Setty,et al. IronFleet: proving practical distributed systems correct , 2015, SOSP.

[99] Peter Müller,et al. Actor Services - Modular Verification of Message Passing Programs , 2016, ESOP.

[100] Joseph Y. Halpern,et al. Knowledge and common knowledge in a distributed environment , 1984, JACM.

[101] Rui Xu,et al. Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis , 2017, ASPLOS.

[102] Ulrich Schmid,et al. Formally verified Byzantine agreement in presence of link faults , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[103] Danny Dolev,et al. Shifting gears: changing algorithms on the fly to expedite Byzantine agreement , 1987, PODC '87.

[104] Miguel Oom Temudo de Castro,et al. Practical Byzantine fault tolerance , 1999, OSDI '99.

[105] Nancy A. Lynch,et al. Verifiable compilation of i/o automata without global synchronization , 2005 .

[106] Bryan Ford,et al. Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing , 2016, USENIX Security Symposium.

[107] Nancy A. Lynch,et al. Automated implementation of complex distributed algorithms specified in the IOA language , 2009, International Journal on Software Tools for Technology Transfer.

[108] Dominique Méry,et al. Analysis of Self-⋆ and P2P Systems Using Refinement , 2014, ABZ.

[109] Mark Bickford,et al. A diversified and correct-by-construction broadcast service , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[110] Julian P. Murphy,et al. New abstractions in applied pi-calculus and automated verification of protected executions , 2013, IACR Cryptol. ePrint Arch..

[111] Dengguo Feng,et al. Formal Analysis of Enhanced Authorization in the TPM 2.0 , 2015, AsiaCCS.

[112] André Schiper,et al. Tolerating corrupted communication , 2007, PODC '07.

[113] Miguel Correia,et al. BFT-TO: Intrusion Tolerance with Less Replicas , 2013, Comput. J..

[114] Mark Bickford,et al. Formal Specification, Verification, and Implementation of Fault-Tolerant Systems using EventML , 2015, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[115] Xi Wang,et al. An Empirical Study on the Correctness of Formally Verified Distributed Systems , 2017, EuroSys.

[116] Stephan Merz,et al. Verifying Safety Properties with the TLA+ Proof System , 2010, IJCAR.

[117] Eugenio Moggi,et al. Computational lambda-calculus and monads , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[118] Jacob R. Lorch,et al. TrInc: Small Trusted Hardware for Large Distributed Systems , 2009, NSDI.

[119] Gustavo Alonso,et al. Proceedings of the Twelfth European Conference on Computer Systems , 2017, EuroSys.

[120] Jorge A. Navas,et al. Verification of Fault-Tolerant Protocols with Sally , 2018, NFM.

[121] Mark Bickford,et al. ShadowDB: A Replicated Database on a Synthesized Consensus Core , 2012, HotDep.

[122] Nancy A. Lynch,et al. Hierarchical correctness proofs for distributed algorithms , 1987, PODC '87.

[123] Alysson Neves Bessani,et al. State Machine Replication for the Masses with BFT-SMART , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[124] Antonio Casimiro,et al. The timely computing base: Timely actions in the presence of uncertain timeliness , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[125] Mark Bickford,et al. Developing Correctly Replicated Databases Using Formal Tools , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[126] Lars Birkedal,et al. Logical Step-Indexed Logical Relations , 2009, LICS.

[127] Tatsuhiro Tsuchiya,et al. Using Bounded Model Checking to Verify Consensus Algorithms , 2008, DISC.

[128] Leslie Lamport,et al. Distributed snapshots: determining global states of distributed systems , 1985, TOCS.

[129] Paulo Veríssimo,et al. Velisarios: Byzantine Fault-Tolerant Protocols Powered by Coq , 2018, ESOP.

[130] Prakash Panangaden,et al. Concurrent common knowledge: defining agreement for asynchronous systems , 2005, Distributed Computing.

[131] Yoram Moses,et al. Unbeatable Set Consensus via Topological and Combinatorial Reasoning , 2016, PODC.

[132] Christian Johansen,et al. Automated Verification of Dynamic Root of Trust Protocols , 2017, POST.

[133] LamportLeslie,et al. Checking Cache-Coherence Protocols with TLA+ , 2003 .

[134] Gerard J. Holzmann,et al. The SPIN Model Checker - primer and reference manual , 2003 .

[135] Andrew Ferraiuolo,et al. Komodo: Using verification to disentangle secure-enclave hardware from software , 2017, SOSP.

[136] Scott Shenker,et al. Attested append-only memory: making adversaries stick to their word , 2007, SOSP.

[137] Giuliana Santos Veronese,et al. Intrusion Tolerance in Large Scale Networks , 2010 .