Abstract
Resource usage abuse is a major security concern for computer systems that run programs uploaded from other computers. In the absence of any guarantee on resource usage bounds, we cannot have any confidence that the external codes have been supplied by trustworthy computers or the codes have not been tempered with by a third party. In a previous report [1], we described the TINMAN security architecture and a tool set for enforcing resource safety of external C code. In this paper, we detail the formalization of resource specification and verification of the resource safety properties. This formal framework is based on an extended Hoare logic with resource usage variables. We formalize the construct (tasks) and resource safety assertions (resource specifications) in a proof system that is built on the PVS theorem prover. We also discuss the proof strategies for different types of resource usage verification tasks that are important for the mechanization of TINMAN.
This research is supported by a research gift from Microsoft Corporation and by a grant from the US Office of Naval Research under grant number N00014-99-1-0402 and N00014-03-1-0705.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mok, A.K., Yu, W.: TINMAN: A Resource Bound Security Checking System for Mobile Code. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 178–193. Springer, Heidelberg (2002)
Necula, G.C.: Proof-Carrying Code. In: ACM Symposium on Principles of Programming Languages, pp. 106–119 (1997)
Morrisett, G., Walker, D., Crary, K., Glew, N.: From System F to Typed Assembly Language. In: ACM Symposium on Principles of Programming Languages, pp. 85–97 (1998)
Crary, K., Weirich, S.: Resource Bound Certification. In: The 27th Annual ACM Symposium on Principles of Programming Languages, pp. 184–198 (2000)
Hofmann, M.: A Type System for Bounded Space and Functional In-Place Update–Extended Abstract. In: Smolka, G. (ed.) ESOP 2000 and ETAPS 2000. LNCS, vol. 1782, pp. 165–179. Springer, Heidelberg (2000)
Evans, N., Schneider, S.: Analysing Time Dependent Security Properties in CSP Using PVS. In: 6th European Symposium on Research in Computer Security, pp. 222–237 (2000)
Hooman, J.: Correctness of Real Time Systems by Construction. In: Langmaack, H., de Roever, W.-P., Vytopil, J. (eds.) FTRTFT 1994 and ProCoS 1994. LNCS, vol. 863, pp. 19–40. Springer, Heidelberg (1994)
Owre, S., Rushby, J., Shankar, N.: PVS: A Prototype Verification System. In: 11th International Conference on Automated Deduction. LNCS (LNAI), pp. 748–752. Springer, Heidelberg (1992)
Necula, G.C., Lee, P.: The Design and Implementation of a Certifying Compiler. In: Proceedings of the ACM Conference on Programming Language Design and Implementation, pp. 333–344 (1998)
Yu, W., Mok, A.K.: Enforcing Resource Bound Safety for Mobile SNMP Agents. In: 18th Annual Computer Security Applications Conference, pp. 69–77 (2002)
The Familiar Project, http://familiar.handhelds.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yu, W., Mok, A.K. (2004). Formal Specification and Verification of Resource Bound Security Using PVS. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds) Software Security - Theories and Systems. ISSS 2003. Lecture Notes in Computer Science, vol 3233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-37621-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-37621-7_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23635-1
Online ISBN: 978-3-540-37621-7
eBook Packages: Springer Book Archive