An Assessment of Techniques for Proving Program Correctness
ACM Computing Surveys (CSUR)
Protection and the control of information sharing in multics
Communications of the ACM
A technique for software module specification with examples
Communications of the ACM
On the criteria to be used in decomposing systems into modules
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
POPL '73 Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Implications of a virtual memory mechanism for implementing protection in a family of operating systems
Protection in programmed systems.
Protection in programmed systems.
AFIPS '69 (Fall) Proceedings of the November 18-20, 1969, fall joint computer conference
A summary of progress toward proving program correctness
AFIPS '72 (Fall, part I) Proceedings of the December 5-7, 1972, fall joint computer conference, part I
AFIPS '72 (Fall, part II) Proceedings of the December 5-7, 1972, fall joint computer conference, part II
Verifiable secure operating system software
AFIPS '74 Proceedings of the May 6-10, 1974, national computer conference and exposition
A security policy for a profile-oriented operating system
AFIPS '81 Proceedings of the May 4-7, 1981, national computer conference
Hi-index | 0.00 |
Recent experience in computer security has illustrated the susceptibility of numerous operating systems to hostile penetration. Successful penetrations have been directed at manufacturers' conventional operating systems as well as special "secure" versions that have been the subjects of exhaustive efforts to find and fix all potential security problems. While formal reports are understandably hard to come by, it appears that the effort required to "break" any operating system and obtain access to any information it stores (at any time and without detection) is in the range two to four man-months. In contrast, the effort expended in futile attempts to prevent such penetration may be as much as two orders of magnitude greater (several man-years or more).