Combining Mechanized Proofs and Model-Based Testing in the Formal Analysis of a Hypervisor

  • Hanno Becker
  • Juan Manuel Crespo
  • Jacek Galowicz
  • Ulrich Hensel
  • Yoichi Hirai
  • César Kunz
  • Keiko Nakata
  • Jorge Luis Sacchini
  • Hendrik Tews
  • Thomas Tuerk
Conference paper

DOI: 10.1007/978-3-319-48989-6_5

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9995)
Cite this paper as:
Becker H. et al. (2016) Combining Mechanized Proofs and Model-Based Testing in the Formal Analysis of a Hypervisor. In: Fitzgerald J., Heitmeyer C., Gnesi S., Philippou A. (eds) FM 2016: Formal Methods. FM 2016. Lecture Notes in Computer Science, vol 9995. Springer, Cham

Abstract

Virtualization engines play a critical role in many modern software products. In an effort to gain definitive confidence on critical components, our company has invested on the formal verification of the NOVA micro hypervisor, following recent advances in similar academic and industrial operating-system verification projects. There are inherent difficulties in applying formal methods to low-level implementations, and even more under specific constraints arising in commercial software development. In order to deal with these, the chosen approach consists in the splitting of the verification effort by combining the definition of an abstract model of NOVA, the verification of fundamental security properties over this model, and testing the conformance of the model w.r.t. the NOVA implementation. This article reports on our experiences in applying formal methods to verify a hypervisor for commercial purposes. It describes the verification approach, and the security properties under consideration, and reports the results obtained.

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Hanno Becker
    • 1
  • Juan Manuel Crespo
    • 1
  • Jacek Galowicz
    • 1
  • Ulrich Hensel
    • 1
  • Yoichi Hirai
    • 1
  • César Kunz
    • 1
  • Keiko Nakata
    • 1
  • Jorge Luis Sacchini
    • 1
  • Hendrik Tews
    • 1
  • Thomas Tuerk
    • 1
  1. 1.DresdenGermany

Personalised recommendations