Verification of trusted threat-aware microvisor

What is claimed is: 1 . A method comprising: verifying a security property for an operational model of a microvisor adapted for deployment in a node of a network, wherein the operational model is created in a functional programming language; generating an executable of the operational model; initiating a state dump of the executable operational model; initiating a corresponding state dump of the microvisor; iteratively comparing the states of the executable operational model and the microvisor; and continuing iterative comparison of the states of the executable operational model and the microvisor until a predetermined number of the states match, wherein the predetermined number of matched states correspond to a predetermined level of confidence that the security property is implemented by the microvisor. 2 . The method of claim 1 wherein the microvisor is configured to enable rapid compliance testing. 3 . The method of claim 1 wherein initiating the state dump of the executable operational model and initiating the corresponding state dump of the microvisor occur without human intervention. 4 . The method of claim 1 wherein conformance of the microvisor to the security property is verified when the predetermined number of matched states form a sufficient test coverage between the executable operational model and the microvisor. 5 . The method of claim 1 wherein verifying the security property is performed on a theorem prover. 6 . The method of claim 3 wherein the executable operational model initiates on-demand the state dump of the operational model and the corresponding state dump of the microvisor. 7 . The method of claim 1 wherein the microvisor includes a function to enable capture each respective state of the microvisor. 8 . The method of claim 1 wherein a theorem prover verifies a plurality of security properties of the operational model using Hoare logic. 9 . The method of claim 1 wherein trustedness of the microvisor increases monotonically with an amount of compliance testing. 10 . The method claim 1 wherein the predetermined level of confidence is appropriate for the deployment of the microvisor in the network. 11 . A system comprising: a central processing unit (CPU) adapted to execute a trusted microvisor for deployment in a network; a memory configured to store the trusted microvisor as a trusted computing base, the trusted computing base having a security property verified by a test computing environment configured to: verify the security property for an operational model of the microvisor, wherein the operational model is created in a functional programming language; generate an executable of the operational model; initiate a state dump of the executable operational model; initiate a corresponding state dump of the microvisor; iteratively compare the states of the operational model and the microvisor; and continue iterative comparison of the states of the executable operational model and the microvisor until a predetermined number of the states match, wherein the predetermined number of matched states correspond to a predetermined level of confidence that the security property is implemented by the microvisor. 12 . The system of claim 11 wherein the microvisor is configured to enable rapid compliance testing. 13 . The system of claim 11 wherein initiating the state dump of the executable operational model and initiating the corresponding state dump of the microvisor occur without human intervention. 14 . The system of claim 11 wherein conformance of the microvisor to the security property is verified when the predetermined number of matched states form a sufficient test coverage between the executable operational model and the microvisor. 15 . The system of claim 11 wherein verifying the security property is performed on a theorem prover. 16 . The system of claim 13 wherein the executable operational model initiates on-demand the state dump of the operational model and the corresponding state dump of the microvisor. 17 . The system of claim 11 wherein the microvisor includes a function to enable capture of each respective state of the microvisor. 18 . The system of claim 11 wherein a theorem prover verifies a plurality of security properties of the operational model using Hoare logic. 19 . The system of claim 11 wherein the predetermined level of confidence is appropriate for the deployment of the microvisor in the network. 20 . A non-transitory computer readable medium including program instructions for execution on a processor of a node on a network, the program instructions when executed operable to: enforce a security property of a trusted microvisor of the node, the trusted microvisor having a security property verified by a test computing environment configured to: verify the security property for an operational model of the microvisor, wherein the operational model is created in a functional programming language; generate an executable of the operational model; initiate a state dump of the executable operational model; initiate a corresponding state dump of the microvisor; iteratively compare the states of the executable operational model and the microvisor; and continue iterative comparison of the states of the executable operational model and the microvisor until a predetermined number of the states match, wherein the predetermined number of matched states correspond to a predetermined level of confidence that the security property is implemented by the microvisor.