Filters








9,327 Hits in 6.0 sec

Reflections on the verification of the security of an operating system kernel

Jonathan M. Silverman
1983 ACM SIGOPS Operating Systems Review  
This paper discusses the formal verification of the design of an operating system kernel's conformance to the multilevel security property.  ...  The kernel implements multiple protection structures to support both discretionary and nondiscretionary security policies. The design of the kernel was formally specified.  ...  The total number of false formulas is a measure of the complexity of an operating system gate and not a reflection on the security of a gate.  ... 
doi:10.1145/773379.806623 fatcat:ztlv4o26rvdenfp7fkhmuwyxxu

Reflections on the verification of the security of an operating system kernel

Jonathan M. Silverman
1983 Proceedings of the ninth ACM symposium on Operating systems principles - SOSP '83  
This paper discusses the formal verification of the design of an operating system kernel's conformance to the multilevel security property.  ...  The kernel implements multiple protection structures to support both discretionary and nondiscretionary security policies. The design of the kernel was formally specified.  ...  The total number of false formulas is a measure of the complexity of an operating system gate and not a reflection on the security of a gate.  ... 
doi:10.1145/800217.806623 dblp:conf/sosp/Silverman83 fatcat:vdjp2feqdfanrfy4syvuprbl7i

Object oriented verification kernels for secure Java applications

H. Grandy, K. Stenzel, W. Reif
2005 Third IEEE International Conference on Software Engineering and Formal Methods (SEFM'05)  
The correctness of the verification kernel approach is proved on the level of the Java language semantics.  ...  This paper presents an approach to the verification of large Java programs. The focus lies on programs that implement a distributed communicating system e.g. in a Mor E-Commerce scenario.  ...  on the Java code starting at the system operations defined in the kernel interface.  ... 
doi:10.1109/sefm.2005.28 dblp:conf/sefm/GrandySR05 fatcat:nqgrtkq54fegfnwum5aab3myli

Reasoning About Concurrency in High-Assurance, High-Performance Software Systems [chapter]

June Andronick
2017 Lecture Notes in Computer Science  
This shift was possible thanks to highly successful verified artifacts, such as the CompCert compiler [16] and the seL4 operating system (OS) kernel [14, 15] .  ...  The strength of a mathematical proof to guarantee the correctness, security and safety of programs deployed in high-assurance systems has made its way from utopia to reality, and the absence of such strong  ...  The author would like to thank the people that have worked on the research presented in this paper: Sidney  ... 
doi:10.1007/978-3-319-63046-5_1 fatcat:etyhrw4auradbptcsixj6zeq4y

seL4

Gerwin Klein, Michael Norrish, Thomas Sewell, Harvey Tuch, Simon Winwood, June Andronick, Kevin Elphinstone, Gernot Heiser, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt (+1 others)
2010 Communications of the ACM  
We report on the formal, machine-checked verification of the seL4 microkernel from an abstract specification down to its C implementation.  ...  This encompasses traditional design and implementation safety properties such as that the kernel will never crash, and it will never perform an unsafe operation.  ...  Acknowledgements We would like to acknowledge the contribution of the former team members on this verification project: Timothy Bourke, Jeremy Dawson, Jia Meng, Catherine Menon, and David Tsai.  ... 
doi:10.1145/1743546.1743574 fatcat:cuqv3av3ojfm3os7u2mv5cf2oi

Verifying security invariants in ExpressOS

Haohui Mai, Edgar Pek, Hui Xue, Samuel Talmadge King, Parthasarathy Madhusudan
2013 Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems - ASPLOS '13  
effort while still proving the security relevant aspects of our system.  ...  We built ExpressOS, analyzed its security, and tested its performance. Our evaluation shows that the performance of ExpressOS is comparable to an Android-based system.  ...  We also thank Shuo Tang for implementing an earlier version of the system.  ... 
doi:10.1145/2451116.2451148 dblp:conf/asplos/MaiPXKM13 fatcat:e6sxytmbrbd2dmgs2aq4qb53py

Applying source-code verification to a microkernel

Michael Hohmuth, Hendrik Tews, Shane G. Stephens
2002 Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC - EW10  
We present the VFiasco project, in which we apply source-code verification to a complete operating-system kernel written in C++.  ...  The aim of the VFiasco project is to establish security-relevant properties of the Fiasco microkernel.  ...  The main challenge in this project is to enable high-level reasoning in terms of typed objects during the verification, yet assume only low level hardware properties.  ... 
doi:10.1145/1133373.1133405 dblp:conf/sigopsE/HohmuthTS02 fatcat:7s3rvxyaf5asvjrcwg556nvfee

Data-Provenance Verification For Secure Hosts

Kui Xu, Huijun Xiong, Chehai Wu, Deian Stefan, Danfeng Yao
2012 IEEE Transactions on Dependable and Secure Computing  
We describe a cryptographic provenance verification approach for ensuring system properties and system-data integrity at kernel-level.  ...  We define dataprovenance integrity as the security property stating that the source where a piece of data is generated cannot be spoofed or tampered with.  ...  The purpose of these restrictions on the malware behaviors is to accurately reflect our security guarantees offered. We write and evaluate several such malware in our work. Security assumptions.  ... 
doi:10.1109/tdsc.2011.50 fatcat:6udb5iwqzjfg3c7osddz5tftlq

Verifying security invariants in ExpressOS

Haohui Mai, Edgar Pek, Hui Xue, Samuel Talmadge King, Parthasarathy Madhusudan
2013 SIGPLAN notices  
effort while still proving the security relevant aspects of our system.  ...  We built ExpressOS, analyzed its security, and tested its performance. Our evaluation shows that the performance of ExpressOS is comparable to an Android-based system.  ...  We also thank Shuo Tang for implementing an earlier version of the system.  ... 
doi:10.1145/2499368.2451148 fatcat:e3kqzgbohrf2bbtuirtb6nmngy

Singularity

Galen C. Hunt, James R. Larus
2007 ACM SIGOPS Operating Systems Review  
Operating systems form the foundation of almost every software stack, so inadequacies in present systems have a pervasive impact.  ...  programs for verification of system properties.  ...  The Singularity operating system incorporates a new software architecture based on software isolation of processes.  ... 
doi:10.1145/1243418.1243424 fatcat:tlfndzvvireb7lfond4axhyydm

Modular Verification for Computer Security

Andrew W. Appel
2016 2016 IEEE 29th Computer Security Foundations Symposium (CSF)  
This can be done by an analysis of the software itself, or by isolating the software behind a protection mechanism such as an operating system kernel (virtual-memory protection) or cryptographic authentication  ...  Here I explain some of the modularity principles that make these verifications possible.  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA  ... 
doi:10.1109/csf.2016.8 dblp:conf/csfw/Appel16 fatcat:7667qxql2ne5dapggwi76wrryq

Engineering a security kernel for Multics

Michael D. Schroeder
1975 ACM SIGOPS Operating Systems Review  
to make verification of correctness by auditing possible, and to demonstrate by test'implementation that the security kernel so developed is capable of supporting the functionality of Multics completely  ...  This paper describes a research project to engineer a security kernel for Multics, a general-purpose, remotely accessed, multiuser computer system.  ...  Acknowledgements In describing a group project of the Computer Systems Research Division of Project MAC at M.I.T., this paper discusses the work of several faculty members, graduate students, and staff  ... 
doi:10.1145/1067629.806518 fatcat:l7rwu3onirf75h7flcjhglppku

Engineering a security kernel for Multics

Michael D. Schroeder
1975 Proceedings of the fifth symposium on Operating systems principles - SOSP '75  
to make verification of correctness by auditing possible, and to demonstrate by test'implementation that the security kernel so developed is capable of supporting the functionality of Multics completely  ...  This paper describes a research project to engineer a security kernel for Multics, a general-purpose, remotely accessed, multiuser computer system.  ...  Acknowledgements In describing a group project of the Computer Systems Research Division of Project MAC at M.I.T., this paper discusses the work of several faculty members, graduate students, and staff  ... 
doi:10.1145/800213.806518 dblp:conf/sosp/Schroeder75 fatcat:nbceukdiarhnxkojlzk5v2hcqm

Operating system verification—An overview

Gerwin Klein
2009 Sadhana (Bangalore)  
This paper gives a high-level introduction to the topic of formal, interactive, machine-checked software verification in general, and the verification of operating systems code in particular.  ...  We survey the state of the art, the advantages and limitations of machinechecked code proofs, and describe two specific ongoing larger-scale verification projects in more detail.  ...  Acknowledgements The author would like to thank Elisabeth Meister, Timothy Bourke, Mark Hillebrand, Tom in der Rieden, Norbert Schirmer, and Hendrik Tews for their feedback and for reading drafts of this  ... 
doi:10.1007/s12046-009-0002-4 fatcat:pl7j3msbsncnhmwg5w34r2uee4

Comprehensive formal verification of an OS microkernel

Gerwin Klein, June Andronick, Kevin Elphinstone, Toby Murray, Thomas Sewell, Rafal Kolanski, Gernot Heiser
2014 ACM Transactions on Computer Systems  
We present an in-depth coverage of the comprehensive machine-checked formal verification of seL4, a general-purpose operating system microkernel.  ...  worst-case execution time analysis of the binary, and an automatic initialiser for user-level systems that connects kernel-level access-control enforcement with reasoning about system behaviour.  ...  ACKNOWLEDGMENTS We would like to acknowledge the contribution of the following people in the different parts of this work, spanning multiple years and projects.  ... 
doi:10.1145/2560537 fatcat:wgaqjtqacfen3nd2apj4z4eldm
« Previous Showing results 1 — 15 out of 9,327 results