Correct-by-construction Attack-tolerant Systems
To create correct-by-construction code we:
- Write the secification in EventML
- Automatically generate and prove an Inductive Logical Form of the specification
- Synthesize code
- Diversify and deploy code
We introduce diversity at multiple steps in the process:
- EventML specification
- Code synthesis
Example with Consensus
In this example we will look at Paxos consensus, focusing on specifying the Scout protocol.
Step 1 - We write the specification in EventML
Step 2 - Generate the Inductive Logical Form (ILF)
Using EventML's interface with Nuprl, we generate the ILF. If there are any issues with the proof we revise the specification and reiterate the process with the ILF.
Step 3 - Synthesize code
Using EventML's correct-by-construction synthesizer we generate code from the specification.
Step 4 - Diversify & Deploy
Example Deployment: ShadowDB
ShadowDB is a replicated database we created on top of a synthesized consensus core. The primary defines the order in which transaction updates are applied. When crashes occur, consensus is used to reconfigure the set of replicas and agree on a prefix of executed transactions.
