Formal models and verification of memory management in a hypervisor

Pauline Bolignano 1
1 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA_D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : A hypervisor is a software which virtualizes hardware resources, allowing several guest operating systems to run simultaneously on the same machine. Since the hypervisor manages the access to resources, a bug can be critical for the guest Oses. In this thesis, we focus on memory isolation properties of a type 1 hypervisor, which virtualizes memory using Shadow Page Tables. More precisely, we present a low-level and a high-level model of the hypervisor, and we formally prove that guest OSes cannot access or tamper with private data of other guests, unless they have the authorization to do so. We use the language and the proof assistant developed by Prove & Run. There are many optimizations in the low-level model, which makes the data structures and algorithms complexes. It is therefore difficult to reason on such a model. To circumvent this issue, we design an abstract model in which it is easier to reason. We prove properties on the abstract model, and we prove its correspondence with the low-level model, in such a way that properties proved on the abstract model also hold for the low-level model. The correspondence proof is valid only for low-level states which respect some properties. We prove that these properties are invariants of the low-level system. The proof can be divided into three parts : the proof of invariants preservation on the low-level, the proof of correspondence between abstract and low-level models, and proof of the security properties on the abstract level.
Document type :
Theses
Complete list of metadatas

Cited literature [54 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01637937
Contributor : Abes Star <>
Submitted on : Saturday, November 18, 2017 - 5:18:24 PM
Last modification on : Monday, March 11, 2019 - 5:11:10 PM
Long-term archiving on : Monday, February 19, 2018 - 12:54:52 PM

File

BOLIGNANO_Pauline.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01637937, version 1

Citation

Pauline Bolignano. Formal models and verification of memory management in a hypervisor. Cryptography and Security [cs.CR]. Université Rennes 1, 2017. English. ⟨NNT : 2017REN1S026⟩. ⟨tel-01637937⟩

Share

Metrics

Record views

602

Files downloads

656