Formally Verifying Memory Isolation Based on ARM Processors.

Jiabin Zhu,Wenchao Huang,Yan Xiong
DOI: https://doi.org/10.1109/bigcom.2018.00038
2018-01-01
Abstract:Memory isolation is an important property ensured by many security systems, e.g., shielding systems, for programs, e.g., the untrusted OS and security critical applications, executed on the systems. The property states that each of the programs cannot intentionally or unintentionally read or write memory allocated for other programs. In this paper, we propose a general framework to formally model and verify systems that ensure memory isolation based on ARM processors. Specifically, first, we propose a general model for the systems in the framework. The model shows how to change configurations on ARM processors, e.g., extended page tables or configurations used for specifying memory in the secure world, without of violating the isolation. Then, we propose a general refinement strategy to model the memory management of the systems through the general model. If the memory management can be modeled by using the strategy, the memory management ensures memory isolation. We have used the framework to model and verify memory management of a security system, which is called as OSP and utilizes both of virtualization extensions on ARM processors and ARM TrustZone to isolate memory of programs. Our result shows that the system actually ensures the isolation for the programs executed on the system.
What problem does this paper attempt to address?