Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OSIS18_IoT : Ada and SPARK - Defense in Depth for Safe Micro-controller Programming, by Fabien CHOUTEAU & Yannick MOY (Adacore)


Published on

The programming language Ada offers unique features to safely program a micro-controller. From the start, Ada was designed to make it difficult to introduce errors, and to make it easy to discover errors that were introduced. For example, language rules enforced at compile time make it possible to have safe concurrency by design. And run-time checking allows immediate detection of what would be "undefined behavior" in C/C++. In the first part of this presentation, we will present the benefits of using Ada for micro-controller programming, including support for debugging on a board. In the second part of this presentation, we will present how the Ada language and its subset SPARK provide a strong foundation for static analyzers, that make it possible to detect errors and provide guarantees on embedded software in Ada/SPARK.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

OSIS18_IoT : Ada and SPARK - Defense in Depth for Safe Micro-controller Programming, by Fabien CHOUTEAU & Yannick MOY (Adacore)

  1. 1. SPARK for Security Yannick Moy – AdaCore OSIS – May 24, 2018
  2. 2. Specification of effects Flow analysis Program implements specification SPARK – Flow Analysis 2
  3. 3. Specification of properties Proof Program implements specification SPARK – Proof 3
  4. 4. SPARK – a Subset of Ada pointers exception handlers controlled types function with effects 4 Ada features outside the SPARK subset Core language constructs common to Ada and SPARK Additional SPARK aspects Ada SPARK Abstract_State Initializes Initial_Condition Contract_Cases Global Depends strong typing low level programming generics object orientation concurrency
  5. 5. SPARK – a Simple Example 5 procedure Increment (X : in out Integer) with Global => null, Depends => (X => X), Pre => X < Integer'Last, Post => X = X'Old + 1; procedure Increment (X : in out Integer) is begin X := X + 1; end Increment; data dependencies flow dependencies functionality absence of runtime error
  6. 6. Software Assurance Levels 6
  7. 7. 7
  8. 8. Muen Separation Kernel The Muen Separation Kernel is the world’s first Open Source microkernel that has been formally proven to contain no runtime errors at the source code level. Runs on Intel x86/64 platform - developed at University of Rapperswil (Switzerland) with secunet (Germany) 8
  9. 9. Muen Separation Kernel 9 2013 – 1st release 3000 sloc SPARK 300 sloc assembly 2014 – Linux subject support Migration to SPARK 2014 2017 – release 0.9 project website runs on MirageOS on Muen! 2015 – Genode subject support 2016 – Windows support via VirtualBox/Genode 2018 – MirageOS subject support
  10. 10. Componolit Secure Phone Aim at building a trustworthy mobile OS based on Genode + SPARK 10
  11. 11. Componolit Secure Phone Genode provides isolation between trusted (green) and untrusted SPARK provides confidence in trusted Secure architectures: policy objects, trusted wrapper, transient component 11
  12. 12. WooKey Secure USB Key Answer to BadUSB threat disclosed in 2014 Custom STM32 USB thumb drive designed for security Custom microkernel for security: MPU, safe languages, formal methods 12 Figure from the article accepted at SSTIC 2018 – “WooKey: USB Devices Strike Back”
  13. 13. Conclusion 13
  14. 14. SPARK for Security 14 SPARK supports 5 levels of increasing software assurance From strong semantic coding standard to full functional correctness Bronze level (correct information flow) is key for confidentiality Silver level (AoRTE) is a must-have for secure software SPARK can be combined with Ada at fine-grain (subprogram) level SPARK can be combined with C at coarser-grain (file) level Common Code Generator (CCG) generates C code from SPARK
  15. 15. SPARK Resources SPARK toolset SPARK adoption guidance AdaCore Technologies for Cyber Security booklet SPARK reference documents (User’s Guide + Reference Manual) SPARK online training 15