作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2024, Vol. 50 ›› Issue (4): 277-285. doi: 10.19678/j.issn.1000-3428.0067091

• 开发研究与工程应用 • 上一篇    下一篇

基于Isabelle/HOL的文件系统形式化设计与验证

王文斌1, 钱振江1,2, 靳勇2, 孙高飞2, 邢晓双2, 苏超2, 孙天琦2   

  1. 1. 苏州大学计算机科学与技术学院, 江苏 苏州 215000;
    2. 常熟理工学院计算机科学与工程学院, 江苏 苏州 215500
  • 收稿日期:2023-03-04 修回日期:2023-06-26 发布日期:2023-07-28
  • 通讯作者: 钱振江,E-mail:qianzj@cslg.edu.cn E-mail:qianzj@cslg.edu.cn
  • 基金资助:
    江苏省自然科学基金面上项目(BK20191475);常熟市社会发展项目(CS202204)。

Formal Design and Verification of File System Based on Isabelle/HOL

WANG Wenbin1, QIAN Zhenjiang1,2, JIN Yong2, SUN Gaofei2, XING Xiaoshuang2, SU Chao2, SUN Tianqi2   

  1. 1. School of Computer Science and Technology, Soochow University, Suzhou 215000, Jiangsu, China;
    2. School of Computer Science and Engineering, Changshu Institute of Technology, Suzhou 215500, Jiangsu, China
  • Received:2023-03-04 Revised:2023-06-26 Published:2023-07-28

摘要: 对于构建可信操作系统而言,文件系统设计和实现的正确性至关重要,即使是已经得到广泛运用的文件系统仍然有漏洞被检测出来。采用形式化方法对文件系统的设计和实现的正确性进行严格的验证是公认的可行方法。当前文件系统的形式化验证工作大多基于宏内核操作系统,而忽视了微内核操作系统架构下文件系统的验证。为此,提出一种微内核架构下采用内联数据机制的文件系统的形式化设计和验证方法。以高阶逻辑(HOL)和自动机模型为基础,将文件系统中的工作对象和系统资源抽象为系统对象来构建文件系统的工作状态,形式化地描述文件系统的相关系统调用的功能语义,将系统调用提供服务的过程抽象为系统工作状态发生跃迁的过程,并给出文件系统功能正确性和安全属性的断言。以实现的安全可信微内核操作系统(VSOS)中的安全可信文件系统(VSFS)为例,在设计阶段构建VSFS的有限状态机模型,并在Isabelle/HOL中抽象描述VSFS的可移植操作系统接口(POSIX)系统调用,分析和归纳出VSFS文件系统正确性断言,使用定理证明的方式来验证VSFS的正确性。实验结果表明,该方法在Isabella/HOL中完成VSFS有限状态机模型细粒度的形式化验证,满足预期的安全需求规范。

关键词: 形式化验证, 文件系统, 定理证明, 有限状态机, 微内核

Abstract: To construct a trusted operating system, the correctness of file system design and implementation is essential. Even file systems that are widely used can have bugs. Using formal methods to verify the correctness of file system design and implementation is feasible. Most of the current formal verification research conducted on file systems are based on macro-kernel operating systems, whereas the verification of file systems under a micro-kernel operating system architecture is lacking. Accordingly, in this study, a formal design and verification method for a file system using an inline data mechanism with a micro-kernel architecture is proposed. Based on the Higher-Order Logic(HOL) and automaton models, the working state of the file system is constructed by abstracting the working objects and system resources in the file system into system objects, and the functional semantics of the related system calls of the file system are formally described. The process of invoking and providing the service is abstracted as the process of transitioning the system working state, and asserting the correctness of the file system function and security attributes is given. Using the implemented microkernel Verified Secure Operating System(VSOS) file system called Verified Secure File System(VSFS) as an example, the finite state machine model of VSFS is built in the design stage, Portable Operating System Interface of UNIX(POSIX) system of the VSFS is abstractly described in the Isabelle/HOL call, correctness assertion of the VSFS file system is analyzed and summarized, and a theorem proof is used to verify the correctness of VSFS. The experimental results depict that the proposed method can complete the fine-grained formal verification of the VSFS finite-state machine model in Isabella/HOL and meet the expected security requirements.

Key words: formal verification, file system, theorem proof, finite-state machine, microkernel

中图分类号: