Filters








75 Hits in 3.4 sec

Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties [chapter]

Narges Khakpour, Oliver Schwarz, Mads Dam
2013 Lecture Notes in Computer Science  
In this paper, we formally verify security properties of the ARMv7 Instruction Set Architecture (ISA) for user mode executions.  ...  To obtain guarantees that arbitrary (and unknown) user processes are able to run isolated from privileged software and other user processes, instruction level noninterference and integrity properties are  ...  The rst is an instruction level noninterference property related to the non-inltration property in [12] stating that the behavior of an ARMv7 processor in user mode only depends on its accessible resources  ... 
doi:10.1007/978-3-319-03545-1_18 fatcat:i4pmlgkppzalrd6ti73ud7n4je

Trustworthy Virtualization of the ARMv7 Memory Subsystem [chapter]

Hamed Nemati, Roberto Guanciale, Mads Dam
2015 Lecture Notes in Computer Science  
ARMv7 CPU that includes the MMU, (ii) Formalization of a system behavior that includes the hypervisor and the untrusted guest (iii) Verication of the isolation properties.  ...  In this paper we present the verication of the isolation properties of a hypervisor design that uses direct paging.  ...  Together with the machine-assisted proof of its correctness and the spatial isolation provided by the hypervisor, the design represents the rst trustworthy virtualization mechanism using direct paging,  ... 
doi:10.1007/978-3-662-46078-8_48 fatcat:aywqqtkjzrfyxb23gd4qmwfhlq

Secure System Virtualization: End-to-End Verification of Memory Isolation [article]

Hamed Nemati
2020 arXiv   pre-print
They reduce the software portion of the system's trusted computing base to a thin layer, which enforces isolation between low- and high-criticality components.  ...  Once these techniques were implemented and functionally verified, they provide reliable a foundation for application scenarios that require strong guarantees of isolation and facilitate formal reasoning  ...  property [65] has been verified based on a sequential memory model within the proof assistant Coq.  ... 
arXiv:2005.02605v1 fatcat:h7sdyjoxyrexhaswjns5mcfdey

Highly Automated Formal Proofs over Memory Usage of Assembly Code [chapter]

Freek Verbeek, Joshua A. Bockenek, Binoy Ravindran
2020 Lecture Notes in Computer Science  
Moreover, it can be used to prove low-level security properties, such as integrity of the return address of a function.  ...  A formal proof of memory usage is required for compositional reasoning over assembly programs.  ...  Instead of manually codifying instruction semantics, they applied machine learning to derive semantics from a live x86 machine.  ... 
doi:10.1007/978-3-030-45237-7_6 fatcat:jlabxfgxonfojob46dquwcx4zi

AUSPICE: Automatic Safety Property Verification for Unmodified Executables [chapter]

Jiaqi Tan, Hui Jun Tay, Rajeev Gandhi, Priya Narasimhan
2016 Lecture Notes in Computer Science  
Verification of machine-code programs using program logic has focused on functional correctness, and proofs have required manuallyprovided program specifications.  ...  Fortunately, the verification of shallow safety properties such as memory and control-flow safety can be easier to automate, but past techniques for automatically verifying machine-code safety have required  ...  The authors thank Lu Zhao for his assistance with ARMor [23, 22] , and Magnus Myreen for his assistance with the Cambridge ARM model [11, 12] .  ... 
doi:10.1007/978-3-319-29613-5_12 fatcat:a5qyfpmt3jfn3khjhshqv5l3ge

uTango: an open-source TEE for IoT devices [article]

Daniel Oliveira, Tiago Gomes, Sandro Pinto
2022 arXiv   pre-print
Security is one of the main challenges of the Internet of Things (IoT).  ...  paper, we present uTango, the first multi-world TEE for modern IoT devices. uTango proposes a novel architecture aiming at tackling the major architectural deficiencies currently affecting TrustZone(-M)-assisted  ...  As of this writing, ATF-M only implements isolation levels 1 and 2, which partitions the system into three major domains.  ... 
arXiv:2102.03625v2 fatcat:brmjvgd5k5e37ebrumm5dhj7e4

uTango: an open-source TEE for IoT devices

Daniel Oliveira, Tiago Gomes, Sandro Pinto
2022 IEEE Access  
Security is one of the main challenges of the Internet of Things (IoT).  ...  UTANGO proposes a novel architecture aiming at tackling the major architectural deficiencies currently affecting TrustZone(-M)-assisted TEEs.  ...  As of this writing, ATF-M only implements isolation levels 1 and 2, which partitions the system into three major domains.  ... 
doi:10.1109/access.2022.3152781 fatcat:u6dckk2ye5gzvcejg7z4nruk5u

Formal virtualization requirements for the ARM architecture

Niels Penneman, Danielius Kudinskas, Alasdair Rawsthorne, Bjorn De Sutter, Koen De Bosschere
2013 Journal of systems architecture  
We present an analysis of the virtualizability of the ARMv7-A architecture carried out in the context of the seminal paper published by Popek and Goldberg 38 years ago.  ...  Because their definitions are dated, we first extend their machine model to modern architectures with paged virtual memory, IO and interrupts.  ...  In general, a guest or virtual machine (VM) refers to all software that is executed deprivileged and in an isolated environment under the control of a virtual machine monitor (VMM).  ... 
doi:10.1016/j.sysarc.2013.02.003 fatcat:u56d2dxztbex3lmxifv57fira4

Virtualizing mixed-criticality systems: A survey on industrial trends and issues

Marcello Cinque, Domenico Cotroneo, Luigi De Simone, Stefano Rosiello
2021 Future generations computer systems  
platform, while obtaining isolation guarantees.  ...  This work surveys the state-of-the-practice of real-time virtualization technologies by discussing common issues in the industry.  ...  In the context of virtualization, we mainly consider three isolation properties.  ... 
doi:10.1016/j.future.2021.12.002 fatcat:4q277etxfjewlpmkjcn7by42pm

Automatically Proving Microkernels Free from Privilege Escalation from their Executable [article]

Olivier Nicole, Matthieu Lemerre, Sébastien Bardin, Xavier Rival
2020 arXiv   pre-print
Kernels are in particular responsible for their own security, i.e. they must prevent untrusted user tasks from reaching their level of privilege.  ...  We demonstrate that proving such absence of privilege escalation is a pre-requisite for any definitive security proof of the kernel.  ...  [11] , but each of these properties requires an in-depth specification of the kernel behavior and knowledge of its source codepreventing automated machine-level verification.  ... 
arXiv:2003.08915v1 fatcat:wggfoncabbcibn4m7fg5zpjr7i

Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures

Roberto Guanciale, Hamed Nemati, Christoph Baumann, Mads Dam
2016 2016 IEEE Symposium on Security and Privacy (SP)  
Moreover, we subvert the integrity properties of an ARMv7 hypervisor that was formally verified against a cache-less model.  ...  address into the caches and observe which addresses are stored in different levels of cache.  ...  ACKNOWLEDGMENT The authors would like to thank Didrik Lundberg for supporting the development of the Raspberry Pi 2 prototypes.  ... 
doi:10.1109/sp.2016.11 dblp:conf/sp/GuancialeNBD16 fatcat:bz4taektybgsrdykg7tqgq3jaq

Proof-Oriented Design of a Separation Kernel with Minimal Trusted Computing Base

Narjes Jomaa, Paolo Torrini, David Nowak, Gilles Grimaud, Samuel Hym
2019 Electronic Communications of the EASST  
This proof-oriented design allows us to formally prove separation properties on a concrete executable model very close to its automatically extracted C implementation.  ...  Our design is shown to be realistic as it can execute isolated instances of a realtime embedded system that has moreover been modified to isolate its own processes through the Pip services.  ...  We use Coq, a proof assistant based on the Calculus of Constructions [BC04] , to develop the monadic, executable model of the services on top of a hardware abstraction layer, and we prove security properties  ... 
doi:10.14279/tuj.eceasst.76.1080 dblp:journals/eceasst/JomaaTNGH18 fatcat:ozmsdi775bgtdfnwiutuvusn3i

Securing DMA through virtualization

Oliver Schwarz, Christian Gehrmann
2012 2012 Complexity in Engineering (COMPENG). Proceedings  
Instead, the protection of the DMA controller is realized with means of a common ARM MMU only. Overhead occurs only in pre-and postprocessing of DMA transfers and is limited to a few microseconds.  ...  The solution was designed with focus on security and the abstract concept of the approach was formally verified.  ...  Furthermore we put the assurance of security properties into the focus. Recent work has shown that verification of low level software is in fact feasible.  ... 
doi:10.1109/compeng.2012.6242958 dblp:conf/compeng/SchwarzG12 fatcat:zfkq3a52xrfjvc4cchwzqvjfna

High-Assurance Separation Kernels: A Survey on Formal Methods [article]

Yongwang Zhao, David Sanan, Fuyuan Zhang, Yang Liu
2017 arXiv   pre-print
Based on the proposed analytical framework, a taxonomy is designed according to formal methods application, functionalities, and properties of separation kernels.  ...  In this paper, an analytical framework is first proposed to clarify the functionalities, implementations, properties and standards, and formal methods application of separation kernels.  ...  R, TP HOL proof assistant ?  ... 
arXiv:1701.01535v1 fatcat:wivlgaqkmffc5nb2kalmpy77sy

System-level Non-interference for Constant-time Cryptography

Gilles Barthe, Gustavo Betarte, Juan Campo, Carlos Luna, David Pichardie
2014 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14  
The soundness proofs are based on new theorems of independent interest, including isolation theorems for virtualization platforms (resp. platforms supporting stealth memory), and proofs that constant-time  ...  We formalize our results using the Coq proof assistant and we demonstrate the effectiveness of our analyses on cryptographic implementations, including PolarSSL AES, DES and RC4, SHA256 and Salsa20.  ...  We formalize our results in the Coq proof assistant (over 50,000 lines of Coq). The formalization is based on the first formal model of stealth memory.  ... 
doi:10.1145/2660267.2660283 dblp:conf/ccs/BartheBCLP14 fatcat:wg2ibaucqnbj3c2lo5yv34tv2e
« Previous Showing results 1 — 15 out of 75 results