Internet Archive Scholar

Reflections on the verification of the security of an operating system kernel

Jonathan M. Silverman
1983 ACM SIGOPS Operating Systems Review  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.1 MB)
https://web.archive.org/web/20040521035923/http://www.cse.unsw.edu.au:80/~czhang/kernel_docs/reflection.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2004; you can also visit the original URL. The file type is application/pdf.

This paper discusses the formal verification of the design of an operating system kernel's conformance to the multilevel security property. The kernel implements multiple protection structures to support both discretionary and nondiscretionary security policies. The design of the kernel was formally specified. Mechanical techniques were used to check that the design conformed to the multilevel security property. All discovered security flaws were then either closed or minimized. This paper
more » ... ders the multilevel security model, the verification methodology, and the verification tools used. This work is significant for two reasons. First, it is for a complete implementation of a commercially available secure computer system. Second, the verification used off-the-shelf tools and was not done by the verification environment researchers.
doi:10.1145/773379.806623 fatcat:ztlv4o26rvdenfp7fkhmuwyxxu
Citation

Jonathan M. Silverman. "Reflections on the verification of the security of an operating system kernel." ACM SIGOPS Operating Systems Review 17.5 (1983) 143-154