Practical Probability: Applying pGCL to Lattice Scheduling
نویسنده
چکیده
Building on our published mechanisation of the probabilistic program logic pGCL we present a verified lattice scheduler, a standard covert-channel mitigation technique, employing randomisation as an elegant means of ensuring starvation-freeness. We show that this scheduler enforces probabilistic non-leakage, in addition to non-starvation. The refinement framework employed is compatible with that used in the L4.verified project, supporting our argument that full-scale verification of probabilistic security properties for realistic systems software is feasible.
منابع مشابه
Leakage in Trustworthy Systems
This dissertation presents a survey of the theoretical and practical techniques necessary to provably eliminate side-channel leakage through known mechanisms in component-based secure systems. We cover the state of the art in leakage measures, including both Shannon and min entropy, concluding that Shannon entropy models the observed behaviour of our example systems closely, and can be used to ...
متن کاملpGCL : formal reasoningfor random algorithms
Dijkstra's guarded-command language GCL contains explicit`demonic' nondeterminism, representing abstraction from (or ignorance of) which of two program fragments will be executed. We introduce probabilistic nondeter-minism to the language, calling the result pGCL. Important is that both forms of nondeterminism are present | both demonic and probabilistic: unlike earlier approaches, we do not de...
متن کاملA UTP Semantics of pGCL as a Homogeneous Relation
We present an encoding of the semantics of the probabilistic guarded command language (pGCL) in the Unifying Theories of Programming (UTP) framework. Our contribution is a UTP encoding that captures pGCL programs as predicate-transformers, on predicates over probability distributions on beforeand after-states: these predicates capture the same information as the models traditionally used to giv...
متن کاملArticles pGCL � formal reasoning for random algorithms �
Dijkstra s guarded command language GCL contains explicit demonic nondeterminism representing abstraction from or ignorance of which of two program fragments will be executed We introduce probabilistic nondeter minism to the language calling the result pGCL Important is that both forms of nondeterminism are present both demonic and probabilistic unlike earlier approaches we do not deal only wit...
متن کاملWeapon scheduling in naval combat systems for maximization of defense capabilities
Air defense is a crucial area for all naval combat systems. In this study, we consider a warship equipped with an air-defense weapon that targets incoming threats using surface-to-air missiles. We define the weapon scheduling problem as the optimal scheduling of a set of surface-to-air missiles of a warship to a set of attacking air threats. The optimal scheduling of the weapon results in an in...
متن کامل