• DocumentCode
    2130816
  • Title

    ARMor: Fully verified software fault isolation

  • Author

    Zhao, Lu ; Li, Guodong ; De Sutter, Bjorn ; Regehr, John

  • Author_Institution
    Univ. of Utah, Salt Lake City, UT, USA
  • fYear
    2011
  • fDate
    9-14 Oct. 2011
  • Firstpage
    289
  • Lastpage
    298
  • Abstract
    We have designed and implemented ARMor, a system that uses software fault isolation (SFI) to sandbox application code running on small embedded processors. Sandboxing can be used to protect components such as the RTOS and critical control loops from other, less-trusted components. ARMor guarantees memory safety and control flow integrity; it works by rewriting a binary to put a check in front of every potentially dangerous operation. We formally and automatically verify that an ARMored application respects the SFI safety properties using the HOL theorem prover. Thus, ARMor provides strong isolation guarantees and has an exceptionally small trusted computing base - there is no trusted compiler, binary rewriter, verifier, or operating system.
  • Keywords
    embedded systems; software fault tolerance; theorem proving; ARMor; critical control loops; embedded processors; sandbox application code; software fault isolation; theorem prover; Educational institutions; Embedded systems; Program processors; Registers; Safety; Semantics; ARM Executables; Automated Theorem Proving; Program Logic; Software Fault Isolation;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Embedded Software (EMSOFT), 2011 Proceedings of the International Conference on
  • Conference_Location
    Taipei
  • Print_ISBN
    978-1-4503-0714-7
  • Type

    conf

  • Filename
    6064537
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2130816