Separation virtual machine monitors
Proceedings of the 28th Annual Computer Security Applications Conference
UVHM: model checking based formal analysis scheme for hypervisors
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
Safety-critical Java programs from Circus models
Real-Time Systems
Hi-index | 0.00 |
This paper reports on the Xenon project’s use of formal methods. Xenon is a higher-assurance secure hypervisor based on re-engineering the Xen open-source hypervisor. The Xenon project used formal specifications both for assurance and as guides for security re-engineering. We formally modelled the fundamental definition of security, the hypercall interface behaviour, and the internal modular design. We used three formalisms: CSP, Z, and Circus for this work. Circus is a combination of Standard Z, CSP with its semantics given in Hoare and He’s unifying theories of programming. Circus is suited for both event-based and state-based modelling. Here, we report our experiences to date with using these formalisms for assurance.