AWS formally verifies Nitro Isolation Engine with 330K lines of math

Amazon Web Services announced the general availability of M9g and M9gd EC2 instances powered by Graviton5—doubling cores from 96 to 192—and introduced the Nitro Isolation Engine, the first formally verified hypervisor component in a commercial cloud environment. The engine is a minimal separation kernel (concept from John Rushby, 1981) that enforces VM isolation, extracted from the larger Nitro Hypervisor to enable verification. AWS used the Isabelle/HOL proof assistant and a core subset of Rust (μRust) to produce 330,000 lines of machine-checked mathematics, comparable in scale to the seL4 project.

The verification covers confidentiality (noninterference), integrity, functional correctness, memory safety, and absence of runtime errors. Writing the engine in Rust—specifically a formally specified subset—allowed rigorous weakest-precondition reasoning. The result is an always-on feature for Graviton5 users, providing unprecedented mathematical proof that VMs cannot interfere with each other. This surpasses typical cloud security guarantees, which rely on testing and audit, by offering formal verification directly on production hardware.