Deductive Verification of a Hypervisor Model

Abstract : We propose a deductive-verification approach for proving partial-correctness and invariance properties on arbitrary transition systems, and demonstrate it on a security hypervisor model for machine code. Regarding partial correctness, we generalise the recently-introduced formalism of Reachability Logic, currently used as a language-parametric program logic, to arbitrary transition systems. We propose a sound and relatively-complete proof system for the resulting logic. The soundness of the proof system is formally established in the Coq proof assistant, and the mechanised proof provides us with a generic Reachability-Logic prover within Coq for transition-system specifications. The relative completeness of the proof system, although theoretical in nature, also has a practical value, as it induces a proof strategy that is guaranteed to prove all valid formulas on a given transition system. The strategy reduces partial-correctness verification to invariant verification; for the latter we propose an incremental technique in order to deal with the case-explosion problem. All these various techniques were instrumental in enabling us to deal with a nontrivial case study: proving that a Coq model of a security hypervisor meets its expected requirements, expressed as invariants and partial-correctness properties, within reasonable time and effort limits. We also report on some experiments with a C+ARM assembly implementation of our hypervisor in order to confirm the fact that it introduces a limited amount of execution-time overhead to operating-system calls.
Type de document :
Pré-publication, Document de travail
(27 pages). 2017
Liste complète des métadonnées

Littérature citée [40 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01614509
Contributeur : Pal Dream <>
Soumis le : mardi 17 octobre 2017 - 12:27:13
Dernière modification le : mardi 17 avril 2018 - 09:05:36
Document(s) archivé(s) le : jeudi 18 janvier 2018 - 13:58:48

Fichier

paper.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01614509, version 2

Citation

Vlad Rusu, Gilles Grimaud, Michaël Hauspie, François Serman. Deductive Verification of a Hypervisor Model. (27 pages). 2017. 〈hal-01614509v2〉

Partager

Métriques

Consultations de la notice

132

Téléchargements de fichiers

33