Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
Applying Formal Methods to a Certifiably Secure Software System
IEEE Transactions on Software Engineering
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Declassification: Dimensions and principles
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Verifying the Microsoft Hyper-V Hypervisor with VCC
FM '09 Proceedings of the 2nd World Congress on Formal Methods
A decision procedure for bit-vectors and arrays
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Automated verification of a small hypervisor
VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Formally verifying isolation and availability in an idealized model of virtualization
FM'11 Proceedings of the 17th international conference on Formal methods
BAP: a binary analysis platform
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Introduction to Bisimulation and Coinduction
Introduction to Bisimulation and Coinduction
A trustworthy monadic formalization of the ARMv7 instruction set architecture
ITP'10 Proceedings of the First international conference on Interactive Theorem Proving
Cache-Leakage Resilient OS Isolation in an Idealized Model of Virtualization
CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
Cross-VM side channels and their use to extract private keys
Proceedings of the 2012 ACM conference on Computer and communications security
Completing the automated verification of a small hypervisor - assembler code verification
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Separation virtual machine monitors
Proceedings of the 28th Annual Computer Security Applications Conference
Noninterference for operating system kernels
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
Translation validation for a verified OS kernel
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
seL4: From General Purpose to a Proof of Information Flow Enforcement
SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
Machine code verification of a tiny ARM hypervisor
Proceedings of the 3rd international workshop on Trustworthy embedded devices
A verified information-flow architecture
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
| Hi-index | 0.00 |
A separation kernel simulates a distributed environment using a single physical machine by executing partitions in isolation and appropriately controlling communication among them. We present a formal verification of information flow security for a simple separation kernel for ARMv7. Previous work on information flow kernel security leaves communication to be handled by model-external means, and cannot be used to draw conclusions when there is explicit interaction between partitions. We propose a different approach where communication between partitions is made explicit and the information flow is analyzed in the presence of such a channel. Limiting the kernel functionality as much as meaningfully possible, we accomplish a detailed analysis and verification of the system, proving its correctness at the level of the ARMv7 assembly. As a sanity check we show how the security condition is reduced to noninterference in the special case where no communication takes place. The verification is done in HOL4 taking the Cambridge model of ARM as basis, transferring verification tasks on the actual assembly code to an adaptation of the BAP binary analysis tool developed at CMU.