Abstract
Guardol is a domain-specific language focused on the creation of high-assurance cross-domain systems (i.e., network guards). The Guardol system generates executable code from Guardol programs while also providing formal property specification and automated verification support. Guardol programs and specifications are translated to higher order logic, then deductively transformed to a form suitable for code generation. Recently, we extended Guardol to support regular expressions; this has enabled the creation of a class of fast and secure hardware guards. We justify the regular expression extension via proof that the extension compiles to the original language while preserving key correctness properties. In this paper, we detail the verified compilation of regular expression guards written in Guardol, producing Ada, Java, ML, and VHDL. We have compiled a regular expression guard written in Guardol to VHDL, then synthesized and tested the guard on a low-SWAP (Size, Weight, And Power) embedded FPGA-based hardware guard platform; performance of the FPGA guard core exceeded the data payload rate for UDP/IP packets on Gigabit Ethernet, while consuming less than 1 % of FPGA resources.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Regular expression literals in Guardol largely conform to the syntax found in the Python programming language.
- 2.
Note that any logic capable of expressing computable functions, e.g., ACL2 [12] or higher order logic, can be regarded as a verification-enhanced programming language; our emphasis here is on more conventional programming languages.
References
Ada Working Group (ISO WG 9). Ada Reference Manual: Language and Standard Libraries (2012)
Appel, A.W.: Program Logics for Certified Compilers. Cambridge University Press, Cambridge (2014)
Barnes, J.: High Integrity Software: The SPARK Approach to Safety and Security. Addison-Wesley, Boston (2003)
Blanc, R., Kuncak, V., Kneuss, E., Suter, P.: An overview of the Leon verification system: verification by translation to recursive functions. In: Proceedings of the 4th Workshop on Scala, SCALA 2013, New York, NY, USA, pp. 1:1–1:10. ACM (2013)
Bortz, M., Wilding, M., Marek, J., Hardin, D., Hiratzka, T.D., Limondin, P.: High-assurance architecture for routing of information between networks of differing security level. United States Patent 8,161,529, April 2012
Brzozowski, J.: Derivatives of regular expressions. J. ACM 11(4), 481–494 (1964)
Eysholdt, M., Behrens, H.: Xtext: implement your language faster than the quick and dirty way. In: Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications Companion, SPLASH 2010, pp. 307–309. ACM (2010)
Gill, A., Bull, T., Kimmell, G., Perrins, E., Komp, E., Werling, B.: Introducing Kansas Lava. In: Scholz, S.-B., Morazán, M.T. (eds.) IFL 2009. LNCS, vol. 6041, pp. 18–35. Springer, Heidelberg (2010)
Greve, D., Slind, K.: A step-indexing approach to partial functions. In: Proceedings of the Eleventh International Workshop on the ACL2 Theorem Prover and its Applications. Electronic Proceedings in Theoretical Computer Science, vol. 114, pp. 42–53 (2013)
Hardin, D., Slind, K., Whalen, M., Pham, T.H.: The Guardol language and verification system. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 18–32. Springer, Heidelberg (2012)
Institute of Electrical and Electronics Engineers: IEEE Standard VHDL Language Reference Manual (2000)
Kaufmann, M., Manolios, P., Moore, J.S.: Computer-Aided Reasoning: An Approach. Texts and Monographs in Computer Science. Kluwer Academic, Boston (2000)
Kumar, R., Myreen, M.O., Norrish, M., Owens, S.: CakeML: a verified implementation of ML. In: POPL 2014: Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 179–191. ACM Press, January 2014
Leino, K. Rustan M.: Developing verified programs with Dafny. In: Proceedings of the International Conference on Software Engineering, ICSE 2013, Piscataway, NJ, USA, pp. 1488–1490. IEEE Press (2013)
Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7), 107–115 (2009)
Milner, R., Tofte, M., Harper, R., MacQueen, D.: The Definition of Standard ML (Revised). The MIT Press, Cambridge (1997)
Owens, S., Reppy, J., Turon, A.: Regular-expression derivatives re-examined. J. Funct. Program. 19(2), 173–190 (2009)
Parr, T., Fisher, K.: LL(*): the foundation of the ANTLR parser generator. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, pp. 425–436 (2011)
Pham, T.H., Gacek, A., Whalen, M.W.: Reasoning about algebraic data types with abstractions. J. Autom. Reasoning (2016, to appear)
Rockwell Collins: Rockwell Collins Turnstile Selected for UCDMO’s Baseline List of Validated Cross Domain Products, March 2012
Slind, K., Hardin, D., Davis, J., Owens, S.: Benefits of using logic as an intermediate verification language. In: Review (2016)
Slind, K., Norrish, M.: A brief overview of HOL4. In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs 2008. LNCS, vol. 5170, pp. 28–32. Springer, Heidelberg (2008)
Tuch, H., Klein, G., Norrish, M.: Types, bytes, and separation logic. In: Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2007, New York, NY, USA, pp. 97–108, ACM (2007)
Wilding, M., Greve, D., Richards, R., Hardin, D.: Formal verification of partition management for the AAMP7G microprocessor. In: Hardin, D. (ed.) Design and Verification of Microprocessor Systems for High-Assurance Applications, pp. 175–192. Springer, New York (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Hardin, D., Slind, K., Bortz, M., Potts, J., Owens, S. (2016). A High-Assurance, High-Performance Hardware-Based Cross-Domain System. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9922. Springer, Cham. https://doi.org/10.1007/978-3-319-45477-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-45477-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45476-4
Online ISBN: 978-3-319-45477-1
eBook Packages: Computer ScienceComputer Science (R0)