High-speed, analyzable simulators
Computer-Aided reasoning
Computer-Aided Reasoning: An Approach
Computer-Aided Reasoning: An Approach
Single-Threaded Objects in ACL2
PADL '02 Proceedings of the 4th International Symposium on Practical Aspects of Declarative Languages
Transforming the Theorem Prover into a Digital Design Tool: From Concept Car to Off-Road Vehicle
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
A robust machine code proof framework for highly secure applications
ACL2 '06 Proceedings of the sixth international workshop on the ACL2 theorem prover and its applications
Verification condition generation via theorem proving
LPAR'06 Proceedings of the 13th international conference on Logic for Programming, Artificial Intelligence, and Reasoning
Development of Security Software: A High Assurance Methodology
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Hi-index | 0.00 |
In this tutorial, we will examine issues in the design and verification of microprocessors for safety-critical and security-critical applications. We will consider architectural and design alternatives to support high-assurance applications, and will describe techniques to improve secure system evaluation -- measured in terms of completeness, human effort required, time, and cost -- through the use of highly automated formal methods. We will describe practical techniques for creating executable formal computing platform models that can both be proved correct, and also function as high-speed simulators. This allows us to both verify the correctness of the models, as well as validate that the formalizations accurately model what was actually designed and built. As a case study, we will examine the design and verification of the Rockwell Collins AAMP7G microprocessor. The AAMP7G, currently in use in Rockwell Collins high-assurance system products, supports strict time and space partitioning in hardware, and has received an NSA MILS (Multiple Independent Levels of Security) certificate based in part on proofs of correctness. We will discuss the AAMP7G verification effort, focusing on the proof architecture that enabled us to show that the AAMP7G separation kernel microcode implements a particular security specification, using the ACL2 theorem prover.