Skip to main content
SpringerLink
Log in
Book cover

International Conference on Interactive Theorem Proving

ITP 2013: Interactive Theorem Proving pp 311–327Cite as

Practical Probability: Applying pGCL to Lattice Scheduling

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7998))

Abstract

Building on our published mechanisation of the probabilistic program logic pGCL we present a verified lattice scheduler, a standard covert-channel mitigation technique, employing randomisation as an elegant means of ensuring starvation-freeness. We show that this scheduler enforces probabilistic non-leakage, in addition to non-starvation. The refinement framework employed is compatible with that used in the L4.verified project, supporting our argument that full-scale verification of probabilistic security properties for realistic systems software is feasible.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barthe, G., Betarte, G., Campo, J.D., Luna, C.: Cache-leakage resilient os isolation in an idealized model of virtualization. In: 25th Comp. Security Foundations WS, pp. 186–197 (2012)

    Google Scholar 

  2. Bernstein, D.J.: Cache-timing attacks on AES (2004)

    Google Scholar 

  3. Cock, D., Klein, G., Sewell, T.: Secure microkernels, state monads and scalable refinement. In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs 2008. LNCS, vol. 5170, pp. 167–182. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  4. Chen, H., Malacaria, P.: Quantitative analysis of leakage for multi-threaded programs. In: Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security, PLAS 2007, pp. 31–40. ACM, New York (2007)

    Chapter  Google Scholar 

  5. Cock, D.: Verifying probabilistic correctness in isabelle with pGCL. In: Systems Software Verification, Sydney, Australia, p. 10 (November 2012)

    Google Scholar 

  6. Denning, D.E.: A lattice model of secure information flow. CACM 19, 236–242 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  7. Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. CACM 18(8), 453–457 (1975)

    Article  MathSciNet  MATH  Google Scholar 

  8. US Department of Defence. Trusted Computer System Evaluation Criteria, DoD 5200.28-STD (1986)

    Google Scholar 

  9. Fidge, C., Shankland, C.: But what if i don’t want to wait forever? Formal Aspects of Computing 14, 281–294 (2003)

    Article  Google Scholar 

  10. Gong, X., Kiyavash, N., Venkitasubramaniam, P.: Information theoretic analysis of side channel information leakage in FCFS schedulers. In: 2011 IEEE International Symposium on Information Theory Proceedings (ISIT), pp. 1255–1259 (August 2011)

    Google Scholar 

  11. Hurd, J., McIver, A., Morgan, C.: Probabilistic guarded commands mechanized in HOL. Theoretical Computer Science 346(1), 96–112 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  12. Huisman, M., Ngo, T.M.: Scheduler-specific confidentiality for multi-threaded programs and its logic-based verification. In: Beckert, B., Damiani, F., Gurov, D. (eds.) FoVeOOS 2011. LNCS, vol. 7421, pp. 178–195. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  13. Hu, W.M.: Lattice scheduling and covert channels. In: IEEE Symp. Security & Privacy, pp. 52–61 (1992)

    Google Scholar 

  14. Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: Formal verification of an OS kernel. In: Proceedings of the 22nd ACM Symposium on Operating Systems Principles, Big Sky, MT, USA, pp. 207–220. ACM (2009)

    Google Scholar 

  15. Karger, P.A., Zurko, M.E., Bonin, D.W., Mason, A.H., Kahn, C.E.: A retrospective on the VAX VMM security kernel. Trans. Softw. Engin. 17(11), 1147–1165 (1991)

    Article  Google Scholar 

  16. Morgan, C., Mciver, A.K.: An expectation-based model for probabilistic temporal logic. Logic Journal of the IGPL 7, 779–804 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  17. McIver, A., Morgan, C.: Abstraction, Refinement and Proof for Probabilistic Systems. Springer (2004)

    Google Scholar 

  18. Matichuk, D., Murray, T.: Extensible specifications for automatic re-use of specifications and proofs. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 333–341. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  19. Murray, T., Matichuk, D., Brassil, M., Gammie, P., Klein, G.: Noninterference for operating system kernels. In: Hawblitzel, C., Miller, D. (eds.) CPP 2012. LNCS, vol. 7679, pp. 126–142. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  20. Percival, C.: Cache missing for fun and profit. In: BSDCan 2005 (2005)

    Google Scholar 

  21. von Oheimb, D.: Information flow control revisited: Noninfluence = noninterference + nonleakage. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 225–243. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  22. Waldspurger, C.A., Weihl, W.E.: Lottery scheduling: Flexible proportional-share resource management. In: 1st OSDI, Monterey, CA, USA, pp. 1–11 (November 1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NICTA and University of New South Wales, Australia

    David Cock

Authors
  1. David Cock
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IRISA, Université Rennes 1, Campus de Beaulieu, 35042, Rennes Cedex, France

    Sandrine Blazy

  2. Université Paris-Sud, LRI, Bat 650, Univ. Paris Sud, 91405, Orsay Cedex, France

    Christine Paulin-Mohring

  3. Inria Rennes-Bretagne Atlantique, Campus de Beaulieu, 35042, Rennes Cedex, France

    David Pichardie

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cock, D. (2013). Practical Probability: Applying pGCL to Lattice Scheduling. In: Blazy, S., Paulin-Mohring, C., Pichardie, D. (eds) Interactive Theorem Proving. ITP 2013. Lecture Notes in Computer Science, vol 7998. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39634-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-39634-2_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-39633-5

  • Online ISBN: 978-3-642-39634-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation