Abstract
Building on our published mechanisation of the probabilistic program logic pGCL we present a verified lattice scheduler, a standard covert-channel mitigation technique, employing randomisation as an elegant means of ensuring starvation-freeness. We show that this scheduler enforces probabilistic non-leakage, in addition to non-starvation. The refinement framework employed is compatible with that used in the L4.verified project, supporting our argument that full-scale verification of probabilistic security properties for realistic systems software is feasible.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Barthe, G., Betarte, G., Campo, J.D., Luna, C.: Cache-leakage resilient os isolation in an idealized model of virtualization. In: 25th Comp. Security Foundations WS, pp. 186–197 (2012)
Bernstein, D.J.: Cache-timing attacks on AES (2004)
Cock, D., Klein, G., Sewell, T.: Secure microkernels, state monads and scalable refinement. In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs 2008. LNCS, vol. 5170, pp. 167–182. Springer, Heidelberg (2008)
Chen, H., Malacaria, P.: Quantitative analysis of leakage for multi-threaded programs. In: Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security, PLAS 2007, pp. 31–40. ACM, New York (2007)
Cock, D.: Verifying probabilistic correctness in isabelle with pGCL. In: Systems Software Verification, Sydney, Australia, p. 10 (November 2012)
Denning, D.E.: A lattice model of secure information flow. CACM 19, 236–242 (1976)
Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. CACM 18(8), 453–457 (1975)
US Department of Defence. Trusted Computer System Evaluation Criteria, DoD 5200.28-STD (1986)
Fidge, C., Shankland, C.: But what if i don’t want to wait forever? Formal Aspects of Computing 14, 281–294 (2003)
Gong, X., Kiyavash, N., Venkitasubramaniam, P.: Information theoretic analysis of side channel information leakage in FCFS schedulers. In: 2011 IEEE International Symposium on Information Theory Proceedings (ISIT), pp. 1255–1259 (August 2011)
Hurd, J., McIver, A., Morgan, C.: Probabilistic guarded commands mechanized in HOL. Theoretical Computer Science 346(1), 96–112 (2005)
Huisman, M., Ngo, T.M.: Scheduler-specific confidentiality for multi-threaded programs and its logic-based verification. In: Beckert, B., Damiani, F., Gurov, D. (eds.) FoVeOOS 2011. LNCS, vol. 7421, pp. 178–195. Springer, Heidelberg (2012)
Hu, W.M.: Lattice scheduling and covert channels. In: IEEE Symp. Security & Privacy, pp. 52–61 (1992)
Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: Formal verification of an OS kernel. In: Proceedings of the 22nd ACM Symposium on Operating Systems Principles, Big Sky, MT, USA, pp. 207–220. ACM (2009)
Karger, P.A., Zurko, M.E., Bonin, D.W., Mason, A.H., Kahn, C.E.: A retrospective on the VAX VMM security kernel. Trans. Softw. Engin. 17(11), 1147–1165 (1991)
Morgan, C., Mciver, A.K.: An expectation-based model for probabilistic temporal logic. Logic Journal of the IGPL 7, 779–804 (1999)
McIver, A., Morgan, C.: Abstraction, Refinement and Proof for Probabilistic Systems. Springer (2004)
Matichuk, D., Murray, T.: Extensible specifications for automatic re-use of specifications and proofs. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 333–341. Springer, Heidelberg (2012)
Murray, T., Matichuk, D., Brassil, M., Gammie, P., Klein, G.: Noninterference for operating system kernels. In: Hawblitzel, C., Miller, D. (eds.) CPP 2012. LNCS, vol. 7679, pp. 126–142. Springer, Heidelberg (2012)
Percival, C.: Cache missing for fun and profit. In: BSDCan 2005 (2005)
von Oheimb, D.: Information flow control revisited: Noninfluence = noninterference + nonleakage. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 225–243. Springer, Heidelberg (2004)
Waldspurger, C.A., Weihl, W.E.: Lottery scheduling: Flexible proportional-share resource management. In: 1st OSDI, Monterey, CA, USA, pp. 1–11 (November 1994)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cock, D. (2013). Practical Probability: Applying pGCL to Lattice Scheduling. In: Blazy, S., Paulin-Mohring, C., Pichardie, D. (eds) Interactive Theorem Proving. ITP 2013. Lecture Notes in Computer Science, vol 7998. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39634-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-39634-2_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39633-5
Online ISBN: 978-3-642-39634-2
eBook Packages: Computer ScienceComputer Science (R0)