David Sanán

David Sanán
Nanyang Technological University | ntu · Centre for High Performance Embedded Systems (CHiPES)

PhD in Computer Science

About

52
Publications
7,281
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
284
Citations
Citations since 2017
27 Research Items
212 Citations
201720182019202020212022202301020304050
201720182019202020212022202301020304050
201720182019202020212022202301020304050
201720182019202020212022202301020304050
Additional affiliations
February 2015 - present
Nanyang Technological University
Position
  • Senior Researcher
January 2014 - February 2015
National University of Singapore
Position
  • PostDoc Position
November 2009 - May 2011
University of Malaga
Position
  • PostDoc Position

Publications

Publications (52)
Chapter
Security-aware CPU caches have been designed to mitigate side-channel attacks and prevent information leakage. How to validate the effectiveness of these designs remains an unsolved problem. Prior works assess the security of architectures empirically without a formal guarantee, making the evaluation results less convincing. In this paper, we propo...
Preprint
Full-text available
In the hardware design process, hardware components are usually described in a hardware description language. Most of the hardware description languages, such as Verilog and VHDL, do not have mathematical foundation and hence are not fit for formal reasoning about the design. To enable formal reasoning in one of the most commonly used description l...
Article
It is well-known that quantum programs are not only complicated to design but also challenging to verify because the quantum states can have exponential size and require sophisticated mathematics to encode and manipulate. To tackle the state-space explosion problem for quantum reasoning, we propose a Hoare-style inference framework that supports lo...
Article
Full-text available
The SPARC instruction set architecture (ISA) has been used in various processors in workstations, embedded systems, and in mission-critical industries such as aviation and space engineering. Hence, it is important to provide formal frameworks that facilitate the verification of hardware and software that run on or interface with these processors. I...
Article
To make feasible and scalable the verification of large and complex concurrent systems, it is necessary the use of compositional techniques even at the highest abstraction layers. When focusing on the lowest software abstraction layers, such as the implementation or the machine code, the high level of detail of those layers makes the direct verific...
Article
Full-text available
The Controller Area Network (CAN) has been widely used in the automotive and industrial automation for over two decades. However, due to the lack of security mechanisms, CAN is vulnerable to attacks. In this paper, we propose a novel protection scheme called CANeleon. It can defend CAN against a smart attacker who might inject malicious frames with...
Article
Full-text available
In order to define executable hardware description language while at the same time be fit for formal proofs of properties, a hardware description language VeriFormal, embedded in Isabelle/HOL, was created. VeriFormal, together with a translator and Isabelle/HOL proof facility, provides a platform for designing, simulating and reasoning about hardwa...
Chapter
Formal verification of real-time services is important because they are usually associated with safety-critical systems. In this paper, we present a verified Two-Level Segregated Fit (TLSF) memory management model. TLSF is a dynamic memory allocator and is designed for real-time operating systems. We formalize the specification of TLSF algorithm ba...
Chapter
Reactive systems are composed of a well defined set of event handlers by which the system responds to environment stimulus. In concurrent environments, event handlers can interact with the execution of other handlers such as hardware interruptions in preemptive systems, or other instances of the reactive system in multicore architectures. The rely-...
Chapter
Formal verification of concurrent operating systems (OSs) is challenging, and in particular the verification of the dynamic memory management due to its complex data structures and allocation algorithm. Up to our knowledge, this paper presents the first formal specification and mechanized proof of a concurrent buddy memory allocation for a real-wor...
Preprint
SPARC processors have many applications in mission-critical industries such as aviation and space engineering. Hence, it is important to provide formal frameworks that facilitate the verification of hardware and software that run on or interface with these processors. This paper presents the first mechanised SPARC Total Store Ordering (TSO) memory...
Preprint
Formal verification of traditional algorithms are of great significance due to their wide application in state-of-the-art software. Timsort is a complicated and hybrid stable sorting algorithm, derived from merge sort and insertion sort. Although Timsort implementation in OpenJDK has been formally verified, there is still not a standard and formall...
Preprint
Reactive systems are composed of a well defined set of input events that the system reacts with by executing an associated handler to each event. In concurrent environments, event handlers can interact with the execution of other programs such as hardware interruptions in preemptive systems, or other instances of the reactive system in multicore ar...
Chapter
Scalable and automatic formal verification for concurrent systems is always demanding. In this paper, we propose a verification framework to support automated compositional reasoning for concurrent programs with shared variables. Our framework models concurrent programs as succinct automata and supports the verification of multiple important proper...
Article
Rust is a system programming language designed for providing better memory safety whilst maintaining performance. Formalizing Rust is a necessary way to prove its memory safety and construct formal analysis tools for Rust. In this paper, we introduce an executable formal semantics of Rust using K-Framework (K), called K-Rust. K-Rust includes two pa...
Article
Bitcoin has attracted everyone's attention and interest recently. Ethereum (ETH), a second generation cryptocurrency, extends Bitcoin's design by offering a Turing-complete programming language called Solidity to develop smart contracts. Smart contracts allow creditable execution of contracts on EVM (Ethereum Virtual Machine) without third parties....
Conference Paper
Full-text available
This paper presents tactics for reasoning about the assertions of separation logic. We formalise our proof methods in Isabelle/HOL based on Klein et al.’s separation algebra library. Our methods can also be used in other separation logic frameworks that are instances of the separation algebra of Calcagno et al. The first method, separata , is bas...
Conference Paper
Full-text available
It is essential to deal with the interference of the environment between programs in concurrent program verification. This has led to the development of concurrent program reasoning techniques such as rely-guarantee. However, the source code of the programs to be verified often involves language features such as exceptions and procedures which are...
Conference Paper
Full-text available
The high security requirements of cyber-physical systems and the critical tasks they carry out make it necessary to guarantee the absence of any vulnerability to security attacks and that they have no unexpected behaviour. The size and complexity of the underlying hardware in cyber-physical systems are increasing and so is the risk of failures and...
Article
Assurance of information-flow security by formal methods is mandated in security certification of separation kernels. As an industrial standard for improving safety, ARINC 653 has been complied with by mainstream separation kernels. Due to the new trend of integrating safe and secure functionalities into one separation kernel, security analysis of...
Article
Full-text available
Separation kernels provide temporal/spatial separation and controlled information flow to their hosted applications. They are introduced to decouple the analysis of applications in partitions from the analysis of the kernel itself. More than 20 implementations of separation kernels have been developed and widely applied in critical domains, e.g., a...
Article
The high security requirements of cyber-physical systems and the critical tasks they carry out make it necessary to guarantee the absence of any vulnerability to security attacks and that they have no unexpected behaviour. The size and complexity of the underlying hardware in cyber-physical systems are increasing and so is the risk of failures and...
Conference Paper
Full-text available
The SPARCv8 instruction set architecture (ISA) has been used in various processors for workstations, embedded systems, and space missions. However, there are no publicly available formal models for the SPARCv8 ISA. In this work, we give the first formal model for the integer unit of SPARCv8 ISA in Isabelle/HOL. We capture the operational semantics...
Article
Full-text available
Scalable and automatic formal verification for concurrent systems is always demanding, but yet to be developed. In this paper, we propose a verification framework to support automated compositional reasoning for concurrent programs with shared variables. Our framework models concurrent programs as succinct automata and supports the verification of...
Article
Partitioning operating systems (POSs) have been widely applied in safety-critical domains from aerospace to automotive. In order to improve the safety and the certification process of POSs, the ARINC 653 standard has been developed and complied with by the mainstream POSs. Rigorous formalization of ARINC 653 can reveal hidden errors in this standar...
Conference Paper
Full-text available
Standards play the key role in safety-critical systems. Errors in standards could mislead system developer's understanding and introduce bugs into system implementations. In this paper, we present an Event-B formalization and verification for the ARINC 653 standard, which provides a standardized interface between safety-critical real-time operating...
Conference Paper
Full-text available
Assurance of information flow security by formal methods is mandated in security certification of separation kernels. As an industrial standard for separation kernels, ARINC 653 has been complied with by mainstream separation kernels. Security of functionalities defined in ARINC 653 is thus very important for the development and certification of se...
Article
Full-text available
Standards play the key role in safety-critical systems. Errors in standards could mislead system developer's understanding and introduce bugs into system implementations. In this paper, we present an Event-B formalization and verification for the ARINC 653 standard, which provides a standardized interface between safety-critical real-time operating...
Article
Full-text available
The project Methods and Tools for On-Board Software Engineering (MTOBSE)1 was a feasibility study into the ability to certify a timespace partitioning kernel aiming at Common Criteria (CC) evaluation assurance level 5+, in conformance with the Separation Kernel Protection Profile (SKPP) [1]. Here we describe the aspects of CC evaluation that involv...
Conference Paper
The separation kernel concept was developed as an architecture to simplify formal kernel security verification, and is the basis for many implementations of integrated modular avionics in the aerospace domain. This paper reports on a feasibility study conducted for the European Space Agency, to explore the resources required to formally verify the...
Article
The problem of verifying software systems that use dynamic data structures (such as linked lists, queues, or binary trees) has attracted increasing interest over the last decade. Dynamic structures are not easily supported by verification techniques because, among other reasons, it is difficult to efficiently manage the pointer-based internal repre...
Conference Paper
Wireless sensor networks may be used to conduct critical tasks like fire detection or surveillance monitoring. It is thus important to guarantee the correctness of such systems by systematically analyzing their behaviors. Formal verification of wireless sensor networks is an extremely challenging task as the state space of sensor networks is huge,...
Article
The development of reliable software for industrial critical systems benefits from the use of formal models and verification tools for detecting and correcting errors as early as possible. Ideally, with a complete model-based methodology, the formal models should be the starting point to obtain the final reliable code and the verification step shou...
Conference Paper
Full-text available
In this demonstration, a systematically domain-specific model checker, NesC@PAT, is presented. The tool takes NesC programs as input, and automatically verifies WSNs against properties specified in the form of deadlock freeness, state reachability or linear temporal logic formulas. We will show that NesC@PAT is able to find errors caused by rarely...
Conference Paper
The problem of verifying software systems that use dynamic data structures (such as linked lists, queues, or binary trees) has attracted increasing interest over the last decade. Dynamic structures are barely supported by verification techniques because among other reasons, it is difficult to efficiently manage the pointer-based internal representa...
Article
Locating potential execution errors in software is gaining more attention due to the economical and social impact of software crashes. For this reason, many software engineers are now in need of automatic debugging tools in their development environments. Fortunately, the work on formal method technologies during the past 25 years has produced a nu...
Article
Most system software, including operating systems, contains dynamic data structures whose shape and contents should satisfy design requirements during execution. Model checking technology, a powerful tool for automatic verification based on state exploration, should be adapted to deal with this kind of structure. This paper presents a method to spe...
Conference Paper
Full-text available
A current trend in the software engineering community is to integrate different tools in a friendly and powerful development environment for use by final users. This is also the case for tools based on formal methods, which are very valuable for increasing confidence in the reliability of software. This paper contributes to one promising approach t...
Conference Paper
Full-text available
This paper describes a set of verification components that open the way to perform on-the-fly software model checking with the Cadp toolbox, originally designed for verifying the functional correct- ness of Lotos specifications. Two new tools (named C.Open and Annotator) have been added to the toolbox. The approach taken fits well within the existi...
Conference Paper
Many existing open source projects are written with the classic programming language C. Due to the size and complexity of such projects this applications require C-oriented methods and tools to increase their realibility. For instance, advanced reachability analysis techniques like model checking, that traditionally have been applied to software mo...
Conference Paper
Full-text available
Verification technologies, like model checking, have obtained great success in the context of formal description techniques (FDTs), however there is still a lack of tools for applying the same approach to real programming languages. One promising approach in this second scenario is the reuse of well known and stable software architectures originall...
Article
Full-text available
In order to combat the state space explosion resulting from explicit-state model checking of software, we investigate the use of a parameterised boolean equation system (Pbes) to solve on-the-fly (i.e., with incremental construction of the program state space) influence analysis of program variables w.r.t. Application Programming Interface (Api) ca...
Article
In order to combat the state space explosion resulting from explicit-state model checking of software, we investigate the use of a parameterised boolean equation system (Pbes) to solve on-the-fly (i.e., with incremental construction of the program state space) influence analysis of program variables w.r.t. Application Programming Interface (Api) ca...

Questions

Question (1)
Question
We encourage all teams working on systems verification to participate in the 9th Systems Software Verification, Gold Coast, Australia, 7-8 2015.
Abstract Submission: September 21, 20215. Paper Submission: September 28, 2015.
Topics include, but are not restricted to: Model Checking, Automated and interactive theorem proving, Static analysis, Automated testing, Model-driven development, Embedded systems development, Programming languages, Verifying compilers, Software certification, Software tools, Experience reports.
More information in the link to the call for papers.
Thanks!

Network

Cited By