6 Hits in 1.2 sec

Modeling and Abstraction of Memory Management in a Hypervisor [chapter]

Pauline Bolignano, Thomas Jensen, Vincent Siles
2016 Lecture Notes in Computer Science  
Hypervisors must isolate memories of guest operating systems. This paper is concerned with proving memory isolation properties about the virtualization of the memory management unit provided by a hypervisor through shadow page tables. We conduct the proofs using abstraction techniques between high-level and low-level descriptions of the system, based on techniques from previous work on formally proving memory isolation in micro-kernels. The present paper shows how a hypervisor developed by
more » ... ische Universität Berlin has been formalized and presents the isolation properties we have proved on the targeted abstract model. In particular, we provide details about how the management of page tables has been formally modeled.
doi:10.1007/978-3-662-49665-7_13 fatcat:5xagght3ofatfbgdjhcthfjylq

Differential Cost Analysis with Simultaneous Potentials and Anti-potentials [article]

Đorđe Žikelić, Bor-Yuh Evan Chang, Pauline Bolignano, Franco Raimondi
2022 arXiv   pre-print
We present a novel approach to differential cost analysis that, given a program revision, attempts to statically bound the difference in resource usage, or cost, between the two program versions. Differential cost analysis is particularly interesting because of the many compelling applications for it, such as detecting resource-use regressions at code-review time or proving the absence of certain side-channel vulnerabilities. One prior approach to differential cost analysis is to apply
more » ... l reasoning that conceptually constructs a product program on which one can over-approximate the difference in costs between the two program versions. However, a significant challenge in any relational approach is effectively aligning the program versions to get precise results. In this paper, our key insight is that we can avoid the need for and the limitations of program alignment if, instead, we bound the difference of two cost-bound summaries rather than directly bounding the concrete cost difference. In particular, our method computes a threshold value for the maximal difference in cost between two program versions simultaneously using two kinds of cost-bound summaries -- a potential function that evaluates to an upper bound for the cost incurred in the first program and an anti-potential function that evaluates to a lower bound for the cost incurred in the second. Our method has a number of desirable properties: it can be fully automated, it allows optimizing the threshold value on relative cost, it is suitable for programs that are not syntactically similar, and it supports non-determinism. We have evaluated an implementation of our approach on a number of program pairs collected from the literature, and we find that our method computes tight threshold values on relative cost in most examples.
arXiv:2204.00870v2 fatcat:obzl7tdamreovnqajfaqkqzmf4

Semantic-based Automated Reasoning for AWS Access Policies using SMT

John Backes, Pauline Bolignano, Byron Cook, Catherine Dodge, Andrew Gacek, Kasper Luckow, Neha Rungta, Oksana Tkachuk, Carsten Varming
2018 2018 Formal Methods in Computer Aided Design (FMCAD)  
Cloud computing provides on-demand access to IT resources via the Internet. Permissions for these resources are defined by expressive access control policies. This paper presents a formalization of the Amazon Web Services (AWS) policy language and a corresponding analysis tool, called ZELKOVA, for verifying policy properties. ZELKOVA encodes the semantics of policies into SMT, compares behaviors, and verifies properties. It provides users a sound mechanism to detect misconfigurations of their
more » ... licies. ZELKOVA solves a PSPACE-complete problem and is invoked many millions of times daily.
doi:10.23919/fmcad.2018.8602994 dblp:conf/fmcad/BackesBCDGLRTV18 fatcat:jnyqutkzbrdz3lhlhkud6gig4i

Algorithmes, machines et langages

Gérard Berry
2016 Annuaire du Collège de France : Résumé Des Cours et Travaux  
Paulin et T. Coquand.  ...  Séminaire 3 : Utilisation des méthodes formelles pour la sécurisation de systèmes complexes : une avancée industrielle Dominique Bolignano (Prove&Run), le 11 mars 2015 22L’équipe de Prove&Run a réalisé  ... 
doi:10.4000/annuaire-cdf.12509 fatcat:hr4c3hc6sjc3hg6hr4pscdfdam

Acknowledgement to Reviewers of Nutrients in 2019

Nutrients Editorial Office
2020 Nutrients  
Emerson, Sam R Emmett, Pauline Engidawork, Ephrem Englund Ögge, Linda Enko, Dietmar Enomoto, Hirayuki Enos, Reilly T. Erdman, John W.  ...  Boland, Mike Bold, Justine Bolignano, Davide Bolling, Bradley Bolton, Kristy Bommagani, Shobanbabu Bonavina, Luigi Boncinelli, Fabio Bond, Simon T Bondoc, Ionel Boneh, Avihu Bonilha, Heather S Nutrients  ... 
doi:10.3390/nu12010273 fatcat:hc5qsecoqzhl3l3aa2eyhhljpq

Introduction to the Coq Proof-Assistant for Practical Software Verification [chapter]

Christine Paulin-Mohring
2012 Lecture Notes in Computer Science  
Bolignano [13] . Inductive definitions are used to model the exchanges. We have three agents A, B, I for Alice, Bob and the Intruder.  ...  Many Werner, 1989 -Letouzey 2002 , inductive definitions (Coquand & Paulin, 1989 ), co-inductive definitions (Giménez, 1995) , advanced pattern-matching (Cornes, 1995 -Herbelin, 2002 , coercions (Saibi  ... 
doi:10.1007/978-3-642-35746-6_3 fatcat:3mvrpjgkoba4nl55exsmmd62fi