ABSTRACT
Proof-oriented programming is a paradigm where programs are designed and developed along with mathematical proofs of their correctness and security. In recent years, proof-oriented programming has reached a point where not only several high-assurance software components have been developed using it, but these components have also been deployed in production systems. In this talk, I will provide an overview of this paradigm in the context of F*, a proof-oriented programming language developed at Microsoft Research. I will briefly discuss several critical software components, developed from scratch in F*. These components are already deployed in production systems such as Windows Hyper-V, the Linux kernel, Firefox, and mbedTLS. As a complementary methodology for retrofitting strong, formal guarantees on existing legacy services, I will present the Zeta framework. Zeta works by running a small, proven correct monitor in a trusted execution environment validating responses from the service. The key idea is that we only need to develop the monitor using proof-oriented programming once-and-for-all, while the large legacy service remains untrusted. I will illustrate Zeta by sketching an example of how we can make a concurrent, high-performance, key-value store "zero trust" and argue that this step incurs modest software engineering effort and modest runtime overheads.
Index Terms
- Proof-oriented programming for high-assurance systems
Recommendations
What Is Object-Oriented Programming?
The meaning of the term 'object oriented' is examined in the context of the general-purpose programming language C++. This choice is made partly to introduce C++ and partly because C++ is one of the few languages that supports data abstraction, object-...
A rule-based and object-oriented AI programming language
This paper presents a new artificial intelligence programming language called ROOP which is machine independent and has the ability to deal with logical programming in general. ROOP is a multiple paradigm language which combines rule-based, procedure, ...
Building High-Assurance Systems Using COTS Components: Whether, Why, When and How?
HASE '99: The 4th IEEE International Symposium on High-Assurance Systems EngineeringThe implementation of COTS-based high assurance is becoming a major challenge today when cost concern has led to increased use of COTS products for critical applications. On the other hand, vendors remain reluctant to incorporate fault tolerance ...
Comments