Please tell Stephan Gocht to announce your dissertation.
TCS Dissertations Spring 2017
20 Oct 2017 at 14:00 in Kollegiesalen, Brinellvägen 8, KTH Campus
Secure System Virtualization: End-to-End Verification of Memory Isolation
Over the last years, security kernels have played a promising role in reshaping the landscape of platform security on today’s ubiquitous embedded devices. Security kernels, such as separation kernels, enable constructing high-assurance mixed-criticality execution platforms. They reduce the software portion of the system’s trusted computing base to a thin layer, which enforces isolation between low- and high-criticality components. The reduced TCB minimizes the system attack surface and facilitates the use of formal methods to ensure functional correctness and security of the kernel.
In this thesis, we explore various aspects of building a provably secure separation kernel using virtualization technology. We show how the memory management subsystem can be virtualized to enforce isolation of system components. Virtualization is done using direct-paging that enables a guest software to manage its own memory configuration. We demonstrate the soundness of our approach by verifying that the high-level model of the system fulfills the desired security properties. Through refinement, we then propagate these properties (semi-)automatically to the machine-code of the virtualization mechanism.
Further, we show how a runtime monitor can be securely deployed alongside a Linux guest on a hypervisor to prevent code injection attacks targeting Linux. The monitor takes advantage of the provided separation to protect itself and to retain a complete view of the guest.
Separating components using a low-level software, while important, is not by itself enough to guarantee security. Indeed, current processors architecture involves features, such as caches, that can be utilized to violate the isolation of components. We present a new low-noise attack vector constructed by measuring caches effects. The vector is capable of breaching isolation of system components of different criticality levels, and it invalidates the verification of software that has been verified on a memory coherent (cacheless) model. To restore isolation, we provide several countermeasures and propose a methodology to repair the verification by including caches in the statement of the top-level security properties of the system.
09 Jun 2017 at 14:00 in E2, Lindstedtsvägen 3, KTH Campus
Space in Proof Compexity
(Marc Vinyals, TCS, KTH)
Propositional proof complexity is the study of the resources that are needed to prove formulas in propositional logic. In this thesis we are concerned with the size and space of proofs, and in particular with the latter.
Different approaches to reasoning are captured by corresponding proof systems. The simplest and most well studied proof system is resolution, and we try to get our understanding of other proof systems closer to that of resolution.
In resolution we can prove a space lower bound just by showing that any proof must have a large clause. We prove a similar relation between resolution width and polynomial calculus space that lets us derive space lower bounds, and we use it to separate degree and space.
For cutting planes we show length-space trade-offs. This is, there are formulas that have a proof in small space and a proof in small length, but there is no proof that can optimize both measures at the same time.
We introduce a new measure of space, cumulative space, that accounts for the space used throughout a proof rather than only its maximum. This is exploratory work, but we can also prove new results for the usual space measure.
We define a new proof system that aims to capture the power of current SAT solvers, and we show a landscape of length-space trade-offs comparable to those in resolution.
To prove these results we build and use tools from other areas of computational complexity. One area is pebble games, very simple computational models that are useful for modelling space. In addition to results with applications to proof complexity, we show that pebble game cost is PSPACE-hard to approximate.
Another area is communication complexity, the study of the amount of communication that is needed to solve a problem when its description is shared by multiple parties. We prove a simulation theorem that relates the query complexity of a function with the communication complexity of a composed function.
20 Jan 2017 at 14:00 in DRoom D2, Lindstedtsvägen 5
On Complexity Measures in Polynomial Calculus
(MMladen Mikša, KTH- TCS group)
Proof complexity is the study of different resources that a proof needs in different proof systems for propositional logic. This line of inquiry relates to the fundamental questions in theoretical computer science, as lower bounds on proof size for an arbitrary proof system would separate P from NP.
We study two simple proof systems: resolution and polynomial calculus. In resolution we reason using clauses, while in polynomial calculus we use polynomials. We study three measures of complexity of proofs: size, space, and width/degree. Size is the number of clauses or monomials that appear in a resolution or polynomial calculus proof, respectively. Space is the maximum number of clauses/monomials we need to keep at each time step of the proof. Width/degree is the size of the largest clause/monomial in a proof.
Width is a lower bound for space in resolution. The original proof of this claim used finite model theory. In this thesis we give a different, more direct proof of the space-width relation. We can ask whether a similar relation holds between space and degree in polynomial calculus. We make some progress on this front by showing that when a formula F requires resolution width w then the XORified version of F requires polynomial calculus space Ω(w). We also show that space lower bounds do not imply degree lower bounds in polynomial calculus.
Width/degree and size are also related, as strong lower bounds for width/degree imply strong lower bounds for size. Currently, proving width lower bounds has a well-developed machinery behind it. However, the degree measure is much less well-understood. We provide a unified framework for almost all previous degree lower bounds. We also prove some new degree and size lower bounds. In addition, we explore the relation between theory and practice by running experiments on some current state-of-the-art SAT solvers.