High-speed, analyzable simulators
Computer-Aided reasoning
Computer-Aided Reasoning: An Approach
Computer-Aided Reasoning: An Approach
Transforming the Theorem Prover into a Digital Design Tool: From Concept Car to Off-Road Vehicle
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Verification condition generation via theorem proving
LPAR'06 Proceedings of the 13th international conference on Logic for Programming, Artificial Intelligence, and Reasoning
Introducing abstractions via rewriting
CHARME'05 Proceedings of the 13 IFIP WG 10.5 international conference on Correct Hardware Design and Verification Methods
A verifying core for a cryptographic language compiler
ACL2 '06 Proceedings of the sixth international workshop on the ACL2 theorem prover and its applications
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Machine-code verification for multiple architectures: an application of decompilation into logic
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Verified just-in-time compiler on x86
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Hoare logic for realistically modelled machine code
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Hoare logic for ARM machine code
FSEN'07 Proceedings of the 2007 international conference on Fundamentals of software engineering
Verification condition generation via theorem proving
LPAR'06 Proceedings of the 13th international conference on Logic for Programming, Artificial Intelligence, and Reasoning
Science of Computer Programming
A trustworthy monadic formalization of the ARMv7 instruction set architecture
ITP'10 Proceedings of the First international conference on Interactive Theorem Proving
Formal security policy models for smart card evaluations
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Machine code verification of a tiny ARM hypervisor
Proceedings of the 3rd international workshop on Trustworthy embedded devices
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
| Hi-index | 0.00 |
Security-critical applications at the highest Evaluation Assurance Levels (EAL) require formal proofs of correctness in order to achieve certification. To support secure application development at the highest EALs, we have developed techniques to largely automate the process of producing proofs of correctness of machine code. As part of the Secure, High-Assurance Development Environment program, we have produced in ACL2 an executable formal model of the Rockwell Collins AAMP7G microprocessor at the instruction set level, in order to facilitate proofs of correctness about that processor's machine code. The AAMP7G, currently in use in Rockwell Collins secure system products, supports strict time and space partitioning in hardware, and has received a U.S. National Security Agency (NSA) Multiple Independent Levels of Security (MILS) certificate based in part on a formal proof of correctness of its separation kernel microcode. Proofs of correctness of AAMP7G machine code are accomplished using the method of "compositional cutpoints", which requires neither traditional clock functions nor a Verification Condition Generator (VCG). In this paper, we will summarize the AAMP7G architecture, detail our ACL2 model of the processor, and describe our development of the compositional cutpoint method into a robust machine code proof framework.