A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2013; you can also visit the original URL.
The file type is application/pdf.
Filters
Noninterference for Operating System Kernels
[chapter]
2012
Lecture Notes in Computer Science
Preserved Fulltext
While intransitive noninterference is a natural property for any secure OS kernel to enforce, proving that the implementation of any particular general-purpose kernel enforces this property is yet to be ...
In this paper we take a significant step towards this vision by presenting a machine-checked formulation of intransitive noninterference for OS kernels, and its associated sound and complete unwinding ...
Acknowledgements We thank Kai Engelhardt, Sean Seefried, and Timothy Bourke for their comments on earlier drafts of this paper. ...
doi:10.1007/978-3-642-35308-6_12
fatcat:6ungrww2brhyfephpjgptbfm5a
Modeling Information Routing With Noninterference
2016
International Conference on High Performance Embedded Architectures and Compilers
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
These extensions enable the reasoning at an abstract level built on top of noninterference, at a much finer level than allowed by base noninterference. ...
To achieve the highest levels of assurance, systems based on the MILS architecture need to be formally analysed. ...
That is, an operating system can be considered a separation kernel if, for a given information flow policy , it can guarantee that the system as a whole satisfies the noninterference property no matter ...
doi:10.5281/zenodo.47980
dblp:conf/hipeac/KoolenS16
fatcat:nanskixuezeuxlowxctw4pot2q
Nickel: A Framework for Design and Verification of Information Flow Control Systems
2018
USENIX Symposium on Operating Systems Design and Implementation
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Our experience shows that Nickel is effective in identifying and ruling out covert channels, and that it can verify noninterference for systems with a low proof burden. ...
Using Nickel, we have designed, implemented, and verified NiStar, the first OS kernel for decentralized information flow control that provides (1) a precise specification for its interface, (2) a formal ...
We thank Nickolai Zeldovich and Ronghui Gu for answering our questions on HiStar and mCertiKOS, respectively. ...
dblp:conf/osdi/Sigurbjarnarson18
fatcat:hcsjyy2ijfc6zjibtohvyisreq
Typing illegal information flows as program effects
2012
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security - PLAS '12
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Our type and effect system provides a mechanism for deriving the flow kernel that characterizes the illegal flows that occur within a program, and which can be used to support runtime decisions of compliance ...
To this end, sets of illegal information flows are represented as downward closure operators (here referred to as flow kernels) on a given lattice of security levels. ...
Acknowledgments The authors would like to thank the Indes team at INRIA and all anonymous reviewers for discussions and comments that have improved the final outcome of the paper. ...
doi:10.1145/2336717.2336718
dblp:conf/pldi/MatosS12
fatcat:l7gnpj6yzvgo5iuimyd54a2tnq
High-Assurance Separation Kernels: A Survey on Formal Methods
[article]
2017
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Finally, four challenges and their possible technical directions for future research are identified, e.g. specification bottleneck, multicore and concurrency, and automation of full formal verification ...
On the other hand, high-assurance separation kernels by formal methods still face big challenges. ...
Reference Architecture of Separation Kernels. 1:4
Operating System
Application
Software
Operating System
Operating System
Partition1
Partitionn
...... ...
arXiv:1701.01535v1
fatcat:wivlgaqkmffc5nb2kalmpy77sy
Formal Framework For Mils Integration
2016
Zenodo
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
As an illustration of our approach, we formally model and analyse an example system inspired by the GWV Firewall. ...
These extensions enable the reasoning at an abstract level built on top of noninterference, at a much finer level than allowed by base noninterference. ...
That is, an operating system can be considered a separation kernel if, for a given information flow policy , it can guarantee that the system as a whole satisfies the noninterference property no matter ...
doi:10.5281/zenodo.57413
fatcat:mvqqomtiafcfxmyb3fkaagor6q
Noninterference for a Practical DIFC-Based Operating System
2009
2009 30th IEEE Symposium on Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2013; you can also visit the original URL.
The file type is application/pdf.
The Flume system is an implementation of decentralized information flow control (DIFC) at the operating system level. ...
means of a noninterference proof in the Communicating Sequential Processes formalism. ...
We thank them all for ...
doi:10.1109/sp.2009.23
dblp:conf/sp/KrohnT09
fatcat:fzhg7p7hqjf7hifqh4xxz3fmsa
A verified information-flow architecture
2016
Journal of Computer Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. ...
The operating system virtualizes these generic facilities to present an information-flow abstract machine that allows user programs to label sensitive data with rich confidentiality policies. ...
Smith, Deian Stefan, and Greg Sullivan for useful discussions and helpful feedback on early drafts. We also thank the anonymous reviewers for their insightful comments. ...
doi:10.3233/jcs-15784
fatcat:2gzaehcyhvbknd36qivbp3dtym
A verified information-flow architecture
2014
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages - POPL '14
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. ...
The operating system virtualizes these generic facilities to present an information-flow abstract machine that allows user programs to label sensitive data with rich confidentiality policies. ...
Smith, Deian Stefan, and Greg Sullivan for useful discussions and helpful feedback on early drafts. We also thank the anonymous reviewers for their insightful comments. ...
doi:10.1145/2535838.2535839
dblp:conf/popl/AmorimCDDHPPPT14
fatcat:caghr7pxirdnfhhgs7seyz7jgu
A survey on formal specification and verification of separation kernels
[article]
2016
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Separation kernels are fundamental software of safety and security-critical systems, which provide to their hosted applications spatial and temporal separation as well as controlled information flows among ...
The application of separation kernels in critical domain demands the correctness of the kernel by formal verification. To the best of our knowledge, there is no survey paper on this topic. ...
Therefore, the concept of separation kernel is adopted in avionics as the kernel of partitioning operating systems for IMA. ...
arXiv:1508.07066v3
fatcat:o6rltzjp4vf4jeifjddfbtmuv4
Reasoning About Information Flow Security of Separation Kernels with Channel-based Communication
[article]
2015
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
As an industrial standard for separation kernels, ARINC 653 has been complied with by mainstream separation kernels. ...
We provide a reusable formal specification and security proofs for separation kernels in Isabelle/HOL. ...
State-event based noninterference [27] is usually chosen for verifying general purpose operating systems and separation kernels [20] . ...
arXiv:1510.05091v1
fatcat:dafdhql3rrc7rhxmmjj4gpxtrq
A Design and Verification Methodology for a TrustZone Trusted Execution Environment
2020
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
ACKNOWLEDGMENT We thank to the paper reviewers for their many valuable comments. We also thank to AJE for its linguistic assistance during the preparation of this manuscript. ...
At the kernel level, the Linux kernel provides more complete system services, such as memory management, process management, network communication, and file system management, while the trusted kernel ...
We define operational semantics for in Fig. 9 and use standard semantics for the remaining statements. ...
doi:10.1109/access.2020.2974487
fatcat:efkxklgmlbah5jbp4nxpegfyau
Automatic Derivation of Platform Noninterference Properties
[chapter]
2016
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
The analysis is represented in HOL4 using a direct semantical embedding of noninterference, and does not use an explicit type system, in order to (i) minimize the trusted computing base, and to (ii) support ...
For the verication of system software, information ow properties of the instruction set architecture (ISA) are essential. ...
Fox, Roberto Guanciale, Nicolae Paladi, and the anonymous reviewers for their helpful comments. ...
doi:10.1007/978-3-319-41591-8_3
fatcat:c2m6q5xl3rhbvpsjkilo4dmjqm
A Verified Information-Flow Architecture
[article]
2016
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. ...
The operating system virtualizes these generic facilities to present an information-flow abstract machine that allows user programs to label sensitive data with rich confidentiality policies. ...
Similarly, operating systems with information-flow tracking have been a staple of the OS literature for over a decade [36, 54, 55, 66, 97, 97] . ...
arXiv:1509.06503v2
fatcat:ajryc67ilzhqbg2l435lpazaki
seL4: From General Purpose to a Proof of Information Flow Enforcement
2013
2013 IEEE Symposium on Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
Unlike previous proofs of information flow security for operating system kernels, ours applies to the actual 8,830 lines of C code that implement seL4, and so rules out the possibility of invalidation ...
This proof is strong evidence of seL4's utility as a separation kernel, and describes precisely how the general purpose kernel should be configured to enforce isolation and mandatory information flow control ...
Chris North, the anonymous reviewers, Cȃtȃlin Hriţcu and Gernot Heiser for their feedback on earlier drafts of this paper. ...
doi:10.1109/sp.2013.35
dblp:conf/sp/MurrayMBGBSLGK13
fatcat:ixjwu5pzzncsjczh5rhptkwytu
« Previous
Showing results 1 — 15 out of 541 results