On the criteria to be used in decomposing systems into modules
Communications of the ACM
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Elements of Software Science (Operating and programming systems series)
Elements of Software Science (Operating and programming systems series)
The modular structure of complex systems
ICSE '84 Proceedings of the 7th international conference on Software engineering
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
IEEE Transactions on Software Engineering
Documenting Software Architectures: Views and Beyond
Documenting Software Architectures: Views and Beyond
A formal security policy for xenon
Proceedings of the 6th ACM workshop on Formal methods in security engineering
Using formal methods for security in the Xenon project
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Separation virtual machine monitors
Proceedings of the 28th Annual Computer Security Applications Conference
Hi-index | 0.00 |
The Xenon project is investigating the construction of a higher-assurance open source separation kernel based on the Xen open source hypervisor. Just as the Xen open source hypervisor was initially developed from the open source Linux operating system, by simplifying Linux and modifying its design, the Xenon separation kernel is being developed from Xen. The primary goal of the Xenon project is to investigate issues in creating an open source software product with higher security assurance than conventional open source software. The Xenon project is also focused on (1) problems relating to separation kernels that support unmodified uninterpreted commercial off the shelf (COTS) guests and (2) distinctions between these kinds of separation kernels and hypervisors. This paper explains the Xenon project's approach to re-engineering Xen's internal structure into a higher-assurance form. If conventional open source software cannot be brought into this form with moderate amounts of re-engineering then higher-assurance open source software is probably not practical. Our results indicate that moderate amounts of re-engineering will be sufficient for all but a small part of the code. The remaining code is small enough to be addressed in a reasonable time, even though more effort is required.