<!--
     Copyright 2022, The University of Melbourne (ABN 84 002 705 224) and
     UNSW (ABN 57 195 873 179)

     SPDX-License-Identifier: CC-BY-SA-4.0
-->

## VM artifact release

This is the README for the *VM artifact release* for the FM 2023 paper
"Formalising the Prevention of Microarchitectural Timing Channels by Operating
Systems" (R. Sison, S. Buckley, T. Murray, G. Klein, G. Heiser).

The VM image features the *proof release* of **an Isabelle/HOL formalisation
of microarchitectural timing channel prevention by operating systems**, which
comprises source contributions made by Scott Buckley (UNSW Sydney),
Robert Sison (University of Melbourne) and Gerwin Klein (Proofcraft).

For license information, see `License.txt`.

### Summary of contents

The VM contains a 64-bit Ubuntu 22.04.1 installation with username and
password "evaluator", whose home directory contains (1) the proof release of
Isabelle/HOL proof code provided as supplement material for the FM 2023 paper
and (2) the pre-installed system distribution of the version of the Isabelle
proof assistant (April 2020) under which it was mechanically checked.

In detail, the following contents of the home directory (`/home/evaluator`)
are relevant to this artifact release:
- `README`: This README file.
- `License.txt`: A summary of license information for the contents of the VM
  artifact release.
- `time-protection-model.zip`: The stand-alone proof release ZIP package.
  Its SHA256 checksum should be
  `594880448e1febe69df64cbdfdabd829f7c5b81be72ba03a29c14bbdfa8edc5b`.
- `time-protection-model/`: The proof release as unpackaged from the ZIP file.
- `Isabelle2020_linux.tar.gz`: The Isabelle2020 (April 2020) system
  distribution for Linux, obtained from
  <https://isabelle.in.tum.de/website-Isabelle2020/index.html>.
  Its SHA256 checksum should be
  `633aff864d6647bd175cf831e7513e3fd0cd06beacbf29a5c6c66d4de1522bae`.
- `Isabelle2020/`: An installation of the Isabelle2020 system distribution as
  unpackaged from the `.tar.gz` file.
- `.isabelle/`: Contains settings and pre-built session heaps associated with
  the Isabelle2020 installation, having been set up according to the proof
  release's documentation in `time-protection-model/README.md`, or
  alternatively by following the optional "Step by step instructions for
  reproducing environment" provided as the last section of this README.

### Step-by-step instructions for checking paper results

First, to ensure no "sorried" (incompletely proved) lemmas have been admitted
in any theory of the formalisation, run the following terminal commands:

    cd /home/evaluator/time-protection-model
    grep -r sorry *

This `grep` invocation should return no results.

Then, to inspect and have Isabelle mechanically check all the theories in the
proof release that correspond to results in the FM 2023 paper, run the
following commands to open Isabelle jEdit from the same directory:

    cd /home/evaluator/time-protection-model
    /home/evaluator/Isabelle2020/bin/isabelle jedit -d . -l Lib

From inside Isabelle jEdit via `File > Open` open
`/home/evaluator/time-protection-model/tests/Example_SyscallChannels.thy`,
which depends on all other contents of the proof release.

Scrolling to the bottom of this file in Isabelle jEdit will prompt Isabelle to
check all these proofs mechanically. To track the progress of this checking
visually, ensure the "Theories" sidebar is open with the "Continuous checking"
checkbox ticked. It is complete when all theories turn from pink to white,
with no purple markings remaining (which indicate proof checking in progress)
nor any red markings (which indicate errors).

### Guide to paper-relevant features in the proof release

The main definitions and results of the FM 2023 paper can be found in the
proof release as follows (here, all paths are relative to
`/home/evaluator/time-protection-model`):

- Definition 1 ("Observer-relative big-step confidentiality") of Section 4 is
  formalised as `definition confidentiality` in `locale obs_system` of
  `modified-l4v-theories/Noninterference_BigStep.thy`.
  (Note, for the FM 2023 paper we elide actions `a`, as we only instantiate
  `obs_system` with action type `unit`.)

- In Section 4.2 we claim that Definition 1 generalises the property used for
  the seL4 microkernel in prior work by Murray et al. (2012, 2013). This claim
  is proved as `theorem obs_conf_generalises_old_conf` in the same file,
  `modified-l4v-theories/Noninterference_BigStep.thy`.

- The transition system of our OS model of Section 5, depicted by Figure 3(a),
  is formalised as the definition `state_transitions` in `TPNoninfluence.thy`.

- The state model of our OS model of Section 5, depicted by Figure 3(b), is
  defined as `record ('address, 'domain, 'device, 'prot, 'args) state` in
  `TPModelTypes.thy`.

- The parameters over which our OS model of Section 5 "abstracts the essential
  elements of OS-enforced time protection" as described in Section 5.1 are
  formalised as follows:
  - "an OS-specific set of system calls...":
    the `'commit` type parameter returned by the `decode_function` fixed by
    `locale tp_address_domains` in `TPModel.thy`.
  - "...their implementations...":
    the fixed parameters named `k_decode_monad` and `k_commit_monad` to
    `locale tp_syscalls` in the same file.
  - "...and specifications of their policy channels":
    the fixed parameter `commit_channels` in `locale tp_address_domains` in
    the same file specifies these; the requirement that the commit
    implementation enforces these channels is then formalised as the
    assumptions of `locale tp_syscalls_meet_policy` in `TPNoninfluence.thy`.
  - "architecture-specific implementations of..."
    - "an interrupt handling routine":
      the fixed parameter `handle_interrupt_monad` to `locale tp_interrupts`
      in `TPModel.thy`.
    - "a domain switch routine that occurs on timer interrupt":
      `scheduler_monad` defined in `locale tp_scheduler` to sequence
      1. the `prefetch` routine defined in `locale `tp_prefetching`,
      2. the `flush` routine defined in `locale tp_flushing`,
      3. the `switchdomain` routine it defines relative to its fixed parameter
         `args_default`, and
      4. the `pad_to_slice` routine defined in `locale tp_timing`,
         all in the same file.
  - "the WCETs of all of the above":
    - system calls: `decode_WCET`, `commit_WCET`, `syscall_WCET`
      fixed by `locale tp_syscalls` in `TPModel.thy`.
    - interrupt handler: `time_interrupt_WCET` fixed by `locale tp_interrupts`
      in the same file.
    - domain switch: `domainswitch_WCET` defined in `locale tp_prefetching`
      relative to its fixed parameter `time_prefetch_max`, the parameter
      `time_flush_max` fixed by `locale tp_flushing`, and the aforementioned
      `time_interrupt_WCET`, all in the same file.
  - "the types of memory addresses *addr*, domain IDs *domain*, IRQ-generating
    device state *device*, syscall arguments *args*, protection state *prot*":
    the type parameters to the
    `('address, 'domain, 'device, 'prot, 'args) state` record type defined
    (as mentioned earlier) in `TPModelTypes.thy`.

- Theorem 1 ("OS model enforces confidentiality with time protection") of
  Section 5 can be found in the form of the lemmas `con_sched` and `con_user`
  at the end of `TPNonInfluenceBigProofs.thy`.

- The user step model described in Section 5.2 is specified by the only
  `KExit`-to-`KEntry` case of `state_transitions` in `TPNoninfluence.thy`.
  - This case uses fixed parameter `userop_until_int` to `locale tp_usermonad`
    in `TPModel.thy`, which that locale assumes is constrained by a
    "quarantine" mechanism (see below) via assumption `user_monad_quarantined`.
  - We then prove in `lemma user_monad_safe` that it meets our more intuitive
    specification of constraints on user steps, defined as `is_user_monad`.
  - The restriction that user steps cannot modify the protection is specified
    by the `monad_prot_same` conjunct of `is_user_monad`.

- For the **Memory and cache partitioning** subsection of 5.2:
  - The mapping `addr-domain` is formalised as the fixed parameter
    `addr_domain` to `locale tp_address_domains` in `TPModel.thy`.
  - The "quarantining" mechanism that specifies restrictions on user
    transitions is formalised by requiring monads `f` implementing them to
    equivalent to their `quarantine_monad f`, defined in `TPModel.thy`.
  - We prove that quarantining implies the `is_user_monad` restrictions
    in the form `lemma quarantined_monad_is_user_monad`, same file:
    - The part of quarantining relevant to memory partitioning is defined by
      `blank_unreadable_mem` and `restore_unwriteable_state`; the relevant
      part of `is_user_monad` is `monad_mem_same_except_curdom`.
    - The part of quarantining relevant to cache colouring is defined by
      `blank_unreadable_pch` and `restore_unwriteable_pch`; the relevant part
      of `is_user_monad` is `monad_pch_same_except_curdom_and_shared`.

- For the **Interrupt and device partitioning** subsection of 5.2:
  - The mapping `device-domain` is formalised as the fixed parameter
    `device_domain` to  `locale_address_domains` in `TPModel.thy`.
  - The part of quarantining relevant to device partitioning is defined by
    `blank_unreadable_dev` and `restore_unwriteable_dev`; the relevant part
    of `is_user_monad` is `monad_dev_same_except_curdom`, same file
  - The ability for users to be "able to choose the event indicating the
    reason for entry into the OS" is due to the fact that `is_user_monad`
    imposes only a confidentiality restriction on the `evt` field, as
    specified by the `is_focused_monad` conjunct to `is_user_monad`, rather
    than the sorts of integrity restrictions imposed by its other conjuncts.

- The OS step model described in Section 5.3 is specified by the three
  `KEntry`-to-`KExit` cases of `state_transitions` in `TPNoninfluence.thy`,
  which (as mentioned in the paper) are case split by whether the `evt` field
  has `TimerInterrupt` (i.e. for domain switch), `Syscall` or `UserInterrupt`.

- For the **Domain switch** subsection of 5.3:
  - The domain-switch step (as mentioned earlier) is defined as
    `scheduler_monad` in `locale tp_scheduler` in `TPModel.thy`.
  - The sum of WCETs to which `pad_to_slice` pads is defined in the same file
    as `domainswitch_WCET`, which this is fed via `locale tp_timing` into the
    `switch_WCET` parameter of `locale schedule_oracle` (`schedule_oracle.thy`)
    that determines the `slice_end` to which it pads.

- For the **Syscall handling and policy channels** subsection of 5.3:
  - The syscall handling step is defined as `handle_syscall_monad` by
    `locale tp_syscalls` relative to its parameters `k_decode_monad` and
    `k_commit_monad` (mentioned earlier), all in `TPModel.thy`.
  - The policy channels are specified as the fixed parameter `commit_channels`
    in `locale tp_address_domains` (mentioned earlier), also in `TPModel.thy`.
  - The "integrity property" we impose on the decode phase is assumption
    `k_decode_monad_constraints` of `locale tp_syscalls` in `TPModel.thy`.
  - The "confidentiality property" we impose on the commit phase is assumption
    `k_commit_monad_allowed_flow` of `locale tp_syscalls_meet_policy` in
    `TPNoninfluence.thy`.

- For the **User interrupt handling** subsection of 5.3:
  - The user interrupt handling step is fixed as the `handle_interrupt_monad`
    parameter to `locale tp_interrupts` in `TPModel.thy`.
  - The restrictions imposed on it are specified by assumptions
    `handle_interrupt_quarantined`, `handle_interrupt_doesnt_touch_evt` etc.
    to the same locale; we then prove as `lemma handle_interrupt_safe` that
    it satisfies the same `is_user_monad` constraints as for user steps.

- As mentioned in Section 5.3 (at the end of "Syscall handling" subsection),
  we also provide an example instantiation of our OS model of Section 5.
  This can be found in `tests/Example_SyscallChannels.thy`.

### Optional: Step-by-step instructions for reproducing environment

Alternatively to using the provided VM image, to reproduce this environment on
any Linux or macOS machine that supports Isabelle2020, install Isabelle to any
directory of your choice from the OS-appropriate distribution download
available at <https://isabelle.in.tum.de/website-Isabelle2020/index.html>.

Then, unzip the stand-alone proof release ZIP package
`time-protection-model.zip` in any directory of your choice.
For example, assuming the ZIP package is in your home directory:

   mkdir -p ~/time-protection-model
   cd ~/time-protection-model
   unzip ~/time-protection-model.zip

From that directory, and where `$ISABELLE2020` is the path to your Isabelle
installation, run the following sequence of terminal commands to configure
Isabelle and build all session heaps up to the `Lib` session, containing the
all the dependencies of the paper-relevant parts of the release:

    mkdir -p ~/.isabelle/Isabelle2020/etc
    cp -i l4v-misc-etc-settings ~/.isabelle/Isabelle2020/etc/settings

    $ISABELLE2020/bin/isabelle build -d . -bv Lib

Building these session heaps to completion may require the installation of
some TeX packages on your host machine; for example, on a fresh minimal
installation of Ubuntu 22.04.1, it was necessary to `apt-get install` the
`texlive-latex-recommended` and `texlive-plain-generic` packages.

Finally, running the following command from the same directory will open
Isabelle jEdit including the just-prebuilt `Lib` session heap:

    $ISABELLE2020/bin/isabelle jedit -d . -l Lib

From here you can have Isabelle mechanically check the paper-relevant proofs
interactively, as described in the previous "Step-by-step instructions"
section of the README.

### Acknowledgements

Thanks to Ivan Velickovic for assisting with QA testing of the VM artifact.