Towards a verified component platform

This paper describes ongoing work on a new technique for reducing the cost of assurance of large software systems by building on a verified component platform. From a component architecture description, we automatically derive a formal model of the system and a semantics for the runtime behaviour of generated inter-component communication code. We can prove wellformedness properties of the architecture automatically and provide a framework in which users can reason about their component code and its behaviour. By leveraging the isolation properties and communication guarantees of a formally verified platform, correctness arguments for critical components will be able to be derived independently and composed together to reason about system-level correctness.

[1]  Kevin Elphinstone,et al.  Towards Proving Security in the Presence of Large Untrusted Components , 2010, SSV.

[2]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[3]  J. S. Moore,et al.  A Grand Challenge Proposal for Formal Methods: A Verified Stack , 2002, 10th Anniversary Colloquium of UNU/IIST.

[4]  하수철,et al.  [서평]「Component Software」 - Beyond Object-Oriented Programming - , 2000 .

[5]  Jirí Adámek,et al.  Static analysis of component systems using behavior protocols , 2003, OOPSLA '03.

[6]  Xin Gao,et al.  Formally Verified System Initialisation , 2013, ICFEM.

[7]  Michael Norrish,et al.  Types, bytes, and separation logic , 2007, POPL '07.

[8]  John Rushby A Trusted Computing Base for Embedded Systems , 1984 .

[9]  Jim Alves-Foss,et al.  The MILS architecture for high-assurance embedded systems , 2006, Int. J. Embed. Syst..

[10]  Gerwin Klein,et al.  Bridging the Gap: Automatic Verified Abstraction of C , 2012, ITP.

[11]  Gernot Heiser,et al.  Camkes: a Component Model for Secure Microkernel-based Emebedded Systems , 2007 .

[12]  Howard Barringer,et al.  Assumption generation for software component verification , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.

[13]  Daniel M. Yellin,et al.  Protocol specifications and component adaptors , 1997, TOPL.

[14]  Timothy Bourke,et al.  seL4: From General Purpose to a Proof of Information Flow Enforcement , 2013, 2013 IEEE Symposium on Security and Privacy.

[15]  Frantisek Plasil,et al.  Behavior Protocols for Software Components , 2002, IEEE Trans. Software Eng..

[16]  Gerwin Klein,et al.  seL4 Enforces Integrity , 2011, ITP.

[17]  George C. Necula,et al.  Translation validation for an optimizing compiler , 2000, PLDI '00.

[18]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[19]  Gerwin Klein,et al.  capDL: a language for describing capability-based systems , 2010, APSys '10.

[20]  John M. Rushby,et al.  Design and verification of secure systems , 1981, SOSP.

[21]  Kathi Fisler,et al.  Decomposing Verification Around End-User Features , 2005, VSTTE.

[22]  George C. Necula,et al.  Proof-Carrying Code , 2011, Encyclopedia of Cryptography and Security.

[23]  Manfred Broy,et al.  Engineering Automotive Software , 2007, Proceedings of the IEEE.

[24]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[25]  Xavier Leroy,et al.  Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[26]  Hermann Härtig,et al.  Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors , 2004, EW 11.