Skip to Main content Skip to Navigation

Formal models and verification of memory management in a hypervisor

Pauline Bolignano 1 
1 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : A hypervisor is a software which virtualizes hardware resources, allowing several guest operating systems to run simultaneously on the same machine. Since the hypervisor manages the access to resources, a bug can be critical for the guest Oses. In this thesis, we focus on memory isolation properties of a type 1 hypervisor, which virtualizes memory using Shadow Page Tables. More precisely, we present a low-level and a high-level model of the hypervisor, and we formally prove that guest OSes cannot access or tamper with private data of other guests, unless they have the authorization to do so. We use the language and the proof assistant developed by Prove & Run. There are many optimizations in the low-level model, which makes the data structures and algorithms complexes. It is therefore difficult to reason on such a model. To circumvent this issue, we design an abstract model in which it is easier to reason. We prove properties on the abstract model, and we prove its correspondence with the low-level model, in such a way that properties proved on the abstract model also hold for the low-level model. The correspondence proof is valid only for low-level states which respect some properties. We prove that these properties are invariants of the low-level system. The proof can be divided into three parts : the proof of invariants preservation on the low-level, the proof of correspondence between abstract and low-level models, and proof of the security properties on the abstract level.
Document type :
Complete list of metadata

Cited literature [54 references]  Display  Hide  Download
Contributor : ABES STAR :  Contact
Submitted on : Saturday, November 18, 2017 - 5:18:24 PM
Last modification on : Friday, August 5, 2022 - 2:54:52 PM
Long-term archiving on: : Monday, February 19, 2018 - 12:54:52 PM


Version validated by the jury (STAR)


  • HAL Id : tel-01637937, version 1


Pauline Bolignano. Formal models and verification of memory management in a hypervisor. Cryptography and Security [cs.CR]. Université Rennes 1, 2017. English. ⟨NNT : 2017REN1S026⟩. ⟨tel-01637937⟩



Record views


Files downloads