A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is
Lecture Notes in Computer Science
Hypervisors must isolate memories of guest operating systems. This paper is concerned with proving memory isolation properties about the virtualization of the memory management unit provided by a hypervisor through shadow page tables. We conduct the proofs using abstraction techniques between high-level and low-level descriptions of the system, based on techniques from previous work on formally proving memory isolation in micro-kernels. The present paper shows how a hypervisor developed bydoi:10.1007/978-3-662-49665-7_13 fatcat:5xagght3ofatfbgdjhcthfjylq
more »... ische Universität Berlin has been formalized and presents the isolation properties we have proved on the targeted abstract model. In particular, we provide details about how the management of page tables has been formally modeled.
We present a novel approach to differential cost analysis that, given a program revision, attempts to statically bound the difference in resource usage, or cost, between the two program versions. Differential cost analysis is particularly interesting because of the many compelling applications for it, such as detecting resource-use regressions at code-review time or proving the absence of certain side-channel vulnerabilities. One prior approach to differential cost analysis is to applyarXiv:2204.00870v2 fatcat:obzl7tdamreovnqajfaqkqzmf4
more »... l reasoning that conceptually constructs a product program on which one can over-approximate the difference in costs between the two program versions. However, a significant challenge in any relational approach is effectively aligning the program versions to get precise results. In this paper, our key insight is that we can avoid the need for and the limitations of program alignment if, instead, we bound the difference of two cost-bound summaries rather than directly bounding the concrete cost difference. In particular, our method computes a threshold value for the maximal difference in cost between two program versions simultaneously using two kinds of cost-bound summaries -- a potential function that evaluates to an upper bound for the cost incurred in the first program and an anti-potential function that evaluates to a lower bound for the cost incurred in the second. Our method has a number of desirable properties: it can be fully automated, it allows optimizing the threshold value on relative cost, it is suitable for programs that are not syntactically similar, and it supports non-determinism. We have evaluated an implementation of our approach on a number of program pairs collected from the literature, and we find that our method computes tight threshold values on relative cost in most examples.
Cloud computing provides on-demand access to IT resources via the Internet. Permissions for these resources are defined by expressive access control policies. This paper presents a formalization of the Amazon Web Services (AWS) policy language and a corresponding analysis tool, called ZELKOVA, for verifying policy properties. ZELKOVA encodes the semantics of policies into SMT, compares behaviors, and verifies properties. It provides users a sound mechanism to detect misconfigurations of theirdoi:10.23919/fmcad.2018.8602994 dblp:conf/fmcad/BackesBCDGLRTV18 fatcat:jnyqutkzbrdz3lhlhkud6gig4i
more »... licies. ZELKOVA solves a PSPACE-complete problem and is invoked many millions of times daily.
Paulin et T. Coquand. ... Séminaire 3 : Utilisation des méthodes formelles pour la sécurisation de systèmes complexes : une avancée industrielle Dominique Bolignano (Prove&Run), le 11 mars 2015 22L’équipe de Prove&Run a réalisé ...doi:10.4000/annuaire-cdf.12509 fatcat:hr4c3hc6sjc3hg6hr4pscdfdam
Emerson, Sam R Emmett, Pauline Engidawork, Ephrem Englund Ögge, Linda Enko, Dietmar Enomoto, Hirayuki Enos, Reilly T. Erdman, John W. ... Boland, Mike Bold, Justine Bolignano, Davide Bolling, Bradley Bolton, Kristy Bommagani, Shobanbabu Bonavina, Luigi Boncinelli, Fabio Bond, Simon T Bondoc, Ionel Boneh, Avihu Bonilha, Heather S Nutrients ...doi:10.3390/nu12010273 fatcat:hc5qsecoqzhl3l3aa2eyhhljpq
Lecture Notes in Computer Science
Bolignano  . Inductive definitions are used to model the exchanges. We have three agents A, B, I for Alice, Bob and the Intruder. ... Many Werner, 1989 -Letouzey 2002 , inductive definitions (Coquand & Paulin, 1989 ), co-inductive definitions (Giménez, 1995) , advanced pattern-matching (Cornes, 1995 -Herbelin, 2002 , coercions (Saibi ...doi:10.1007/978-3-642-35746-6_3 fatcat:3mvrpjgkoba4nl55exsmmd62fi