Matthew Fernandez
ABSTRACT
This paper describes ongoing work on a new technique for reducing the cost of assurance of large software systems by building on a verified component platform. From a component architecture description, we automatically derive a formal model of the system and a semantics for the runtime behaviour of generated inter-component communication code. We can prove wellformedness properties of the architecture automatically and provide a framework in which users can reason about their component code and its behaviour. By leveraging the isolation properties and communication guarantees of a formally verified platform, correctness arguments for critical components will be able to be derived independently and composed together to reason about system-level correctness.
- J. Adamek. Static analysis of component systems using behavior protocols. In OOPSLA, pages 116--117, Anaheim, CA, USA, Oct 2003. Google Scholar
Digital Library
- J. Alves-Foss, P. W. Oman, C. Taylor, and S. Harrison. The MILS architecture for high-assurance embedded systems. Int. J. Emb. Syst., 2:239--247, 2006.Google ScholarCross Ref
- J. Andronick, D. Greenaway, and K. Elphinstone. Towards proving security in the presence of large untrusted components. In G. Klein, R. Huuck, and B. Schlich, editors, 5th SSV, Vancouver, Canada, Oct 2010. USENIX. Google ScholarDigital Library
- A. Boyton, J. Andronick, C. Bannister, M. Fernandez, X. Gao, D. Greenaway, G. Klein, C. Lewis, and T. Sewell. Formally verified system initialisation. In Lindsay Groves, Jing Sun, editor, 15th ICFEM, Queenstown, New Zealand, Oct 2013. Springer.Google Scholar
- M. Broy, I. H. Krüger, A. Pretschner, and C. Salzman. Engineering automotive software. Proc. IEEE, 95:356--373, 2007.Google ScholarCross Ref
- K. Fisler and S. Krishnamurthi. Decomposing verification around end-user features. In VSTTE 2005, pages 74--81. Springer, Oct 2005.Google Scholar
- D. Giannakopoulou, C. S. Păsăreanu, and H. Barringer. Assumption generation for software component verification. In 17th ASE, pages 3--12, Edinburgh, Scotland, UK, Sep 2002. Google ScholarDigital Library
- D. Greenaway, J. Andronick, and G. Klein. Bridging the gap: Automatic verified abstraction of C. In L. Beringer and A. Felty, editors, 3rd ITP, volume 7406 of LNCS, pages 99--115, Princeton, New Jersey, Aug 2012. Springer. ISBN 978-3-642-32346-1.Google Scholar
- M. Hohmuth, M. Peter, H. Härtig, and J. S. Shapiro. Reducing TCB size by using untrusted components --- small kernels versus virtual-machine monitors. In 11th SIGOPS Eur. WS, Leuven, Belgium, Sep 2004. Google ScholarDigital Library
- G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal verification of an OS kernel. In 22nd SOSP, pages 207--220, Big Sky, MT, USA, Oct 2009. ACM. doi: 10.1145/1629575.1629596. Google ScholarDigital Library
- I. Kuz, Y. Liu, I. Gorton, and G. Heiser. CAmkES: A component model for secure microkernel-based embedded systems. Journal of Systems and Software Special Edition on Component-Based Software Engineering of Trustworthy Embedded Systems, 80(5): 687--699, May 2007. Google ScholarDigital Library
- I. Kuz, G. Klein, C. Lewis, and A. Walker. capDL: A language for describing capability-based systems. In 1st APSys, pages 31--36, New Delhi, India, Aug 2010. Google ScholarDigital Library
- X. Leroy. Formal certification of a compiler back-end, or: Programming a compiler with a proof assistant. In J. G. Morrisett and S. L. P. Jones, editors, 33rd POPL, pages 42--54, Charleston, SC, USA, 2006. ACM. Google ScholarDigital Library
- J. S. Moore. A grand challenge for formal methods: A verified stack. In B. K. Aichernig and T. Maibaum, editors, Formal Methods at the Crossroads: from Panacea to Foundational Support, pages 161--172. Springer, 2003.Google Scholar
- T. Murray, D. Matichuk, M. Brassil, P. Gammie, T. Bourke, S. Seefried, C. Lewis, X. Gao, and G. Klein. seL4: from general purpose to a proof of information flow enforcement. In IEEE Symp. Security & Privacy, pages 415--429, San Francisco, CA, May 2013. ISBN 10.1109/SP.2013.35. Google ScholarDigital Library
- G. C. Necula. Proof-carrying code. In 24th POPL, pages 106--119, Paris, France, Jan 1997. Google ScholarDigital Library
- G. C. Necula. Translation validation for an optimizing compiler. In PLDI, pages 83--94, Vancouver, British Columbia, Canada, 2000. Google ScholarDigital Library
- T. Nipkow, L. Paulson, and M. Wenzel. Isabelle/HOL --- A Proof Assistant for Higher-Order Logic, volume 2283 of LNCS. Springer, 2002. Google ScholarDigital Library
- F. Plasil and S. Visnovsky. Behavior protocols for software components. IEEE Trans. Softw. Engin., 28(11):1056--1076, Nov 2002. Google ScholarDigital Library
- A. Pnueli, M. Siegel, and E. Singerman. Translation validation. In 4th TACAS, pages 151--166, Lisbon, Portugal, Mar 1998. Springer. Google ScholarDigital Library
- J. Rushby. A trusted computing base for embedded systems. In Proceedings of 7th DoD/NBS Computer Security Conference, pages 294--311, Sep 1984.Google Scholar
- J. M. Rushby. Design and verification of secure systems. In 8th SOSP, pages 12--21, Pacific Grove, CA, USA, Dec 1981. Google ScholarDigital Library
- T. Sewell, S. Winwood, P. Gammie, T. Murray, J. Andronick, and G. Klein. seL4 enforces integrity. In M. C. J. D. van Eekelen, H. Geuvers, J. Schmaltz, and F. Wiedijk, editors, 2nd ITP, volume 6898 of LNCS, pages 325--340, Nijmegen, The Netherlands, Aug 2011. Springer. doi: http://dx.doi.org/10.1007/978-3-642-22863-6_24. Google ScholarDigital Library
- C. Szyperski. Component Software: Beyond Object-Oriented Programming. Addison-Wesley/ACM Press, Essex, England, 1997. Google ScholarDigital Library
- H. Tuch, G. Klein, and M. Norrish. Types, bytes, and separation logic. In M. Hofmann and M. Felleisen, editors, 34th POPL, pages 97--108, Nice, France, Jan 2007. ACM. Google ScholarDigital Library
- D. M. Yellin and R. E. Strom. Protocol specifications and component adaptors. ACM Trans. Progr. Lang. & Syst., 19(2):292--333, Mar 1997. Google ScholarDigital Library
Recommendations
Verified systems by composition from verified components
ESEC/FSE-11: Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineeringThis paper presents an approach to integration of model checking into component-based development of software systems. This approach assists in development of highly reliable component-based software systems and reduces the complexity of verifying these ...
Verified systems by composition from verified components
This paper presents an approach to integration of model checking into component-based development of software systems. This approach assists in development of highly reliable component-based software systems and reduces the complexity of verifying these ...
Towards verified synthesis of ProCom, a component model for real-time embedded systems
CBSE '11: Proceedings of the 14th international ACM Sigsoft symposium on Component based software engineeringTo take advantage of component-based software engineering, software designers need a component framework that automates the assemblage and integration of developed components. It is then of prime importance to ensure that the synthesized code respects ...
Comments