Extending the Noninterference Version of MLS for SAT
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Simple relational correctness proofs for static analyses and program transformations
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Verification condition generation for conditional information flow
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Information Flow in Systems with Schedulers
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Secure Microkernels, State Monads and Scalable Refinement
TPHOLs '08 Proceedings of the 21st International Conference on Theorem Proving in Higher Order Logics
Data Refinement: Model-Oriented Proof Methods and their Comparison
Data Refinement: Model-Oriented Proof Methods and their Comparison
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Isabelle/HOL: a proof assistant for higher-order logic
Isabelle/HOL: a proof assistant for higher-order logic
Provable Security: how feasible is it?
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Formally verifying isolation and availability in an idealized model of virtualization
FM'11 Proceedings of the 17th international conference on Formal methods
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
Secure information flow as a safety problem
SAS'05 Proceedings of the 12th international conference on Static Analysis
What, indeed, is intransitive noninterference?
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Extensible specifications for automatic re-use of specifications and proofs
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Formal verification of information flow security for a simple arm-based separation kernel
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Practical probability: applying pGCL to lattice scheduling
ITP'13 Proceedings of the 4th international conference on Interactive Theorem Proving
A verified information-flow architecture
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
| Hi-index | 0.00 |
While intransitive noninterference is a natural property for any secure OS kernel to enforce, proving that the implementation of any particular general-purpose kernel enforces this property is yet to be achieved. In this paper we take a significant step towards this vision by presenting a machine-checked formulation of intransitive noninterference for OS kernels, and its associated sound and complete unwinding conditions, as well as a scalable proof calculus over nondeterministic state monads for discharging these unwinding conditions across a kernel's implementation. Our ongoing experience applying this noninterference framework and proof calculus to the seL4 microkernel validates their utility and real-world applicability.