15:44 <miragebot> mirage/master 9978641 Thomas Leonard: Merge pull request #829 from talex5/profile-0.8...

15:44 <miragebot> mirage/master 299773b Thomas Leonard: Update for mirage-profile 0.8...

15:44 <miragebot> [mirage] talex5 pushed 2 new commits to master: https://git.io/vH9Z4

15:57 <dstolfa> kensan: I put you in a security presentation I have to give on Wednesday in the context of separation kernels and formal verification

15:57 <dstolfa> :P

15:57 <dstolfa> Well, MuenSK to be precise

16:00 <dstolfa> MirageOS found it's way in as well in the context of unikernels

16:02 <kensan> dstolfa: Oh ok, thanks :)

16:02 <kensan> dstolfa: Are the slides available somewhere?

16:03 <dstolfa> kensan: Not yet, but I'll happily send them over after I've refined them a bit :)

16:03 <kensan> dstolfa: and its "Muen SK" or "Muen Separation Kernel" ;)

16:03 <dstolfa> It's for interested students

16:03 <dstolfa> kensan: Ah right, sorry. I'll correct that

16:03 <kensan> dstolfa: no problem :)

16:33 <kensan> dstolfa: What is the topic and context of your presentation?

16:34 <dstolfa> kensan: Just an introduction to some security topics for 2nd year students after taking operating systems

16:37 <kensan> dstolfa: Ah cool.

16:37 <dstolfa> kensan: I put Muen in the conetxt of TCBs and their trustworthiness

16:38 <dstolfa> In the sense that formal verification through processor models and L4/Separation kernels can help verify a TCB

16:39 <kensan> dstolfa: Right, well thanks for mentioning Muen :)

16:40 <dstolfa> kensan: Well, AFAIK, it's been formally verified, hasn't it? :)

16:40 <kensan> dstolfa: Yeah, but it is not an "end-to-end" proof. "Just" that it has no runtime errors at the source code level.

16:41 <dstolfa> Oh yeah, but it demonstrates the concept well IMO

16:41 <dstolfa> I know that some folks in Texas(?) I think? have a model of amd64 and can help verify a TCB as well

17:03 <kensan> The current benchmark in formal verification of kernels is seL4. They have a/several proof(s) from the model/specification down to binary.

17:04 <kensan> in combination with the ARM ISA HOL4 spec.

17:07 <kensan> dstolfa: This is a much stronger proof than what we currently have for Muen.

17:43 <dstolfa> kensan: Yeah, I've added seL4 too

18:46 <kensan> dstolfa: I think what is interesting about Muen is the effort required to achieve the proof of absence of runtime errors.

18:46 <kensan> dstolfa: We wrote the initial implementation in 6 months.

18:46 <kensan> dstolfa: see also https://twitter.com/Kensan42/status/865113415907409920 :)

18:47 <dstolfa> kensan: Nice :)

18:47 <dstolfa> I'll make sure to mention that

18:48 <kensan> dstolfa: That includes the kernel implementation & proofs, toolchain and documentation.

18:49 <kensan> dstolfa: So to some extent it illustrates that projects applying formal methods are not necessarily hopelessly expensive.

18:50 <dstolfa> kensan: Yep, makes sense :)

18:51 <dstolfa> kensan: Btw, did you see what I posted on Slack yesterday?

18:51 <dstolfa> I've dumped a tracing session of VMs on twitter, it's pretty cool to see

18:51 <dstolfa> kensan: https://twitter.com/d_stolfa/status/873994924169068544

18:52 <dstolfa> .. I wonder if we could have something like that on a L4-like kernel

18:52 <dstolfa> And have it be efficient

18:53 <kensan> dstolfa: Sorry, was busy with other stuff over the weekend (Haskell conf/hackathon).

18:53 <dstolfa> kensan: Ah yes, saw the tweets, was that fun?

18:55 <kensan> dstolfa: Yeah, except I do/did not know Haskell before so quite the learning curve for me *heh* Interesting talks plus great weather so \@/

18:55 <dstolfa> Nice! Good to hear it was fun

18:58 <kensan> Has further convinced me that I should really learn functional programming.

18:59 <kensan> Plus, I learned that HalVM 3.0 is apparently moving to Solo5 as a base platform (to bring the discussion a bit back on topic ;)

18:59 <dstolfa> kensan: I've been going about that for a while, but never got around to it properly :<

18:59 <kensan> dstolfa: Its why I went to the event to give me a real incentive to start digging in.

19:00 <kensan> mato: Do you know the state of thing of HalVM wrt. Solo5?

19:01 <dstolfa> kensan: Sounds like a good idea to attend one of those then :)