Parametric Verification of Address Space Separation
Jason
Franklin, Sagar Chaki, Anupam Datta, Jonathan M. McCune, Amit
Vasudevan,
Proceedings of the First Conference on Principles of Security
and Trust (POST), page 51-68, March 24 -- April 1, 2012. Best paper
award nominee.
Abstract:
The address translation subsystem of operating systems, hypervisors,
and virtual machine monitors must correctly enforce address space
separation in the presence of adversaries. The size, and hierarchical
nesting, of the data structures over which such systems operate raise
challenges for automated model checking techniques to be fruitfully
applied to them. We address this problem by developing a sound and
complete parametric verification technique that achieves the best
possible reduction in model size. Our results significantly generalize
prior work on this topic, and bring interesting systems within the
scope of analysis. We demonstrate the applicability of our approach by
modeling shadow paging mechanisms of Xen version 3.0.3 and
ShadowVisor, a research hypervisor developed for the x86 platform.
Online