Skip to Content.
Sympa Menu

coq-club - [Coq-Club] postdoc in formal methods for system-level security

coq-club AT inria.fr

Subject: The Coq mailing list

List archive

[Coq-Club] postdoc in formal methods for system-level security


Chronological Thread 
  • From: David Nowak <david7nowak AT gmail.com>
  • To: coq-club AT inria.fr
  • Subject: [Coq-Club] postdoc in formal methods for system-level security
  • Date: Wed, 8 Jun 2016 12:35:01 +0200
  • Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=david7nowak AT gmail.com; spf=Pass smtp.mailfrom=david7nowak AT gmail.com; spf=None smtp.helo=postmaster AT mail-wm0-f52.google.com
  • Ironport-phdr: 9a23:CgTa/xJ5tqzi1Bpiv9mcpTZWNBhigK39O0sv0rFitYgUKfrxwZ3uMQTl6Ol3ixeRBMOAu6MC1LGd6f6ocFdDyKjCmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBybrysXNWC3oLojKvopdX6WEZhunmUWftKNhK4rAHc5IE9oLBJDeIP8CbPuWZCYO9MxGlldhq5lhf44dqsrtY4q3wD86Fpy8kVWqLjOq88ULZwDTI8Mmlz6te4mwPESF6j72UdXi0wlQVBAECR4BjkX5uutCzlv+lV1yyTPMmwRrcxD2fxp5x3QQPl3X9UfwUy93va35R9
The 2XS team at Univ. Lille & CNRS, France
(http://cristal.univ-lille.fr/2XS/) is proposing a funded postdoctoral
position in the area of formal methods for system-level security. The
duration of the post is 18 months, starting as soon as possible and no
later than January 2017. The gross salary is about 2600 euros/month.
Standard social benefits (e.g., health insurance) are included.
Knowledge of French is not required.

Scientific context:

Within the ODSI project (https://www.celticplus.eu/project-odsi/) we
are developing a microkernel called Pip whose main role is to ensure
memory isolation properties between different system components. A
reference implementation of Pip has been written in the language of
the Coq proof assistant. A C version of Pip is automatically generated
by translating the Coq implementation into a subset of C. The question
that naturally arises is whether the memory-isolation properties,
which are being proved to hold on the Coq version, still hold in the
translated C version. That is the question that the postdoc will be in
charge of investigating.

More specifically, the Coq version of Pip is written in an imperative
style, using a state monad. A Hoare logic has been developed on top of
the monad. The memory-isolation properties are thus written in Hoare
logic. In order to prove the correctness of the translation one may
proceed as follows: 1. define a way of formalising properties of code
written in the considered subset of C; 2. define a translation of
properties from the Coq level to the C level; and 3. prove that
translated formulas holds on translated C code whenever the
corresponding original formulas hold on the original Coq code.

The candidate is expected to develop a general, sound theory, possibly
(but not necessarily) along the lines sketched above. He/she is also
expected to implement the theory in tools and to apply the tools on
case studies - in particular (but not exclusively) on our Pip case
study.

Qualifications: PhD in Computer Science, either already defended or to
be defended soon. Experience in formal methods (program verification
and proof assistants) is essential for the successful candidate.

Contact:
David.Nowak AT univ-lille1.fr,

Vlad.Rusu AT inria.fr

  • [Coq-Club] postdoc in formal methods for system-level security, David Nowak, 06/08/2016

Archive powered by MHonArc 2.6.18.

Top of Page