On the Scalability of Proof Carrying Code for Software Certification - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

On the Scalability of Proof Carrying Code for Software Certification

Description:

Heriot-Watt University. Edinburgh Andrew Ireland. Dependable Systems Group. Outline ... formal verification - in particular, exception freedom proofs ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 20
Provided by: calumw
Category:

less

Transcript and Presenter's Notes

Title: On the Scalability of Proof Carrying Code for Software Certification


1
On the Scalability of Proof Carrying Code for
Software Certification
Andrew Ireland School of Mathematical Computer
Sciences Heriot-Watt University Edinburgh
2
Outline
  • High integrity software development
  • Evidence based software certificates
  • Scalability problems
  • A planning approach
  • Issues for discussion

3
The SPARK Approach
SPARK code
Proofs
SPARK Examiner
SPADE Simplifier
VCs
?
UnprovenVCs
X
Revisions
Tactics
SPADE Proof Checker
  • SPARK is a subset of Ada with annotations
  • (Praxis High Integrity Systems Ltd)
  • Supports data information flow analysis and
  • formal verification - in particular, exception
    freedom proofs
  • EuroFighter and Hawk projects, advocated by NSA,

4
SPARK and Certification
  • Z specifications rigorous proofs
  • Data information flow analysis
  • Code level proofs
  • Exception freedom proofs automatic interactive
    proofs
  • Functional proofs significant level of
    interactive proofs
  • Proof review files
  • Resource analysis
  • Note explicit evidence via proof either fragile
    or absent

5
NuSPADE
SPARK code
Proofs
SPARK Examiner
SPADE Simplifier
VCs
?
UnprovenVCs
X
Annotations
Tactics
NuSPADE
SPADE Proof Checker
  • NuSPADE proof planning program analysis
  • Annotation generation motivated by proof-failure
    analysis
  • Proof planning supports a robust style of
    reasoning, i.e.
  • addresses the fragility of interactive proof

6
NuSPADE
Unproven VCs
Abstract Predicates
Tactics
Annotations
Proof Planner
Program Analyzer
Co-operative style of integration, i.e.
productive use of failure
7
Evidence Based Certification
  • Proof-Carrying Code (PCC) a example of an
    evidence based approach to certification
  • Code is delivered with a certificate containing a
    condensed mathematical proof, i.e. a proof that
    the code satisfies desired safety properties
  • Responsibility for proof construction lies with
    the code producer, consumer performs proof
    checking
  • Trusted Computing Base (TCB) for PCC is small,
    i.e. safety properties, verification condition
    generator and proof checker

8
Properties, Proofs Certificates
  • Properties typically simple, e.g. memory safety
  • Proof construction involves advanced type
    checking, i.e. no theorem proving
  • Certificates
  • LF proofs quadratic with respect to program size
  • LFi proofs 2.5 to 5 times program size
  • Oracles strings on average 12 program size
  • Proof tactics have also been used

9
Scalability Problems
  • Need for comprehensive properties, e.g.
    functional properties
  • MOBIUS combining type-based and logic-based
    approaches
  • Need to exploit automated theorem proving
    techniques
  • Will current PCC architecture scale-up, e.g.
    oracles strings?

10
Proof Plans
Conjecture
Plan
Theory
Proof Planner
Tactic
Proof Checker
Proof
11
Proof Plans
Conjecture
Plan
Theory
Proof Planner
Tactic
Proof Checker
Proof
12
Proof Plans
Conjecture
Plan
Theory
Oracle
Proof Planner
Tactic
Proof Checker
Proof
13
Planning Oracles as Certificates
Conjecture
Plan
Theory
Oracle
Proof Planner
Tactic
Proof Checker
Proof
14
Planning Oracles as Certificates
Conjecture
Plan
Theory
  • Oracle identifies
  • Proof plans and where they should be used
  • Relevant theories
  • Search control hints, e.g. auxiliary lemmas
  • and generalization steps

Oracle
Proof Planner
Tactic
Proof Checker
Proof
15
Certificate Generation
Code Spec
Repositories (plans theories)
Certificate Generation (VCGen Planner Checker)
Certificate (Oracle)
?
Proof
Failure
16
Certificate Validation
Code Spec
CPU
Repositories (plans theories)
Certificate Validation (VCGen Planner Checker)
Certificate (Oracle)
Proof
?
Failure
17
Discussion Issues
  • The proposed proof planning approach will add
    theory repositories (and specifications) to the
    TCB is this acceptable?
  • For memory limited devices, proof planning
    oracles are not an option for on-device
    certificate validation how important is
    on-device validation to certification management
    in general?
  • More comprehensive properties will require
    off-device validation could a dedicated
    certificate validation device have a role to
    play?
  • Certificate transforming compiler or trusted
    compiler?

18
Conclusion
  • The SPARK Approach
  • SPARK proofs lack explicit evidence or are
    fragile
  • Proof planning gives rise to fully expansive
    proofs and increases automation, i.e. proofs are
    explicit and robust
  • Building upon the idea of oracle strings, we
    propose the use of proof planning oracles as a
    technique for scaling PCC for general purpose
    software certification

19
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "On the Scalability of Proof Carrying Code for Software Certification" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!