Introduction to HOL: a theorem proving environment for higher order logic
Introduction to HOL: a theorem proving environment for higher order logic
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Automated proofs of object code for a widely used microprocessor
Journal of the ACM (JACM)
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Proceedings of the 12th ACM conference on Computer and communications security
Certified assembly programming with embedded code pointers
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
MiBench: A free, commercially representative embedded benchmark suite
WWC '01 Proceedings of the Workload Characterization, 2001. WWC-4. 2001 IEEE International Workshop
XFI: software guards for system address spaces
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Evaluating SFI for a CISC architecture
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Machine-code verification for multiple architectures: an application of decompilation into logic
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Native Client: a sandbox for portable, untrusted x86 native code
Communications of the ACM - Amir Pnueli: Ahead of His Time
Hoare logic for realistically modelled machine code
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Hoare logic for ARM machine code
FSEN'07 Proceedings of the 2007 international conference on Fundamentals of software engineering
Adapting software fault isolation to contemporary CPU architectures
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Finding and understanding bugs in C compilers
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
A theory of secure control flow
ICFEM'05 Proceedings of the 7th international conference on Formal Methods and Software Engineering
A compositional logic for control flow
VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
A trustworthy monadic formalization of the ARMv7 instruction set architecture
ITP'10 Proceedings of the First international conference on Interactive Theorem Proving
Formalizing the LLVM intermediate representation for verified program transformations
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
RockSalt: better, faster, stronger SFI for the x86
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
A versatile code execution isolation framework with security first
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Hi-index | 0.00 |
We have designed and implemented ARMor, a system that uses software fault isolation (SFI) to sandbox application code running on small embedded processors. Sandboxing can be used to protect components such as the RTOS and critical control loops from other, less-trusted components. ARMor guarantees memory safety and control flow integrity; it works by rewriting a binary to put a check in front of every potentially dangerous operation. We formally and automatically verify that an ARMored application respects the SFI safety properties using the HOL theorem prover. Thus, ARMor provides strong isolation guarantees and has an exceptionally small trusted computing base - there is no trusted compiler, binary rewriter, verifier, or operating system.