A Retrospective on the VAX VMM Security Kernel
IEEE Transactions on Software Engineering
A lattice model of secure information flow
Communications of the ACM
Guarded commands, nondeterminacy and formal derivation of programs
Communications of the ACM
Lattice Scheduling and Covert Channels
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Abstraction, Refinement And Proof For Probabilistic Systems (Monographs in Computer Science)
Abstraction, Refinement And Proof For Probabilistic Systems (Monographs in Computer Science)
Probabilistic guarded commands mechanized in HOL
Theoretical Computer Science - Quantitative aspects of programming languages (QAPL 2004)
Quantitative analysis of leakage for multi-threaded programs
Proceedings of the 2007 workshop on Programming languages and analysis for security
Lottery scheduling: flexible proportional-share resource management
OSDI '94 Proceedings of the 1st USENIX conference on Operating Systems Design and Implementation
Secure Microkernels, State Monads and Scalable Refinement
TPHOLs '08 Proceedings of the 21st International Conference on Theorem Proving in Higher Order Logics
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Cache-Leakage Resilient OS Isolation in an Idealized Model of Virtualization
CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
Scheduler-specific confidentiality for multi-threaded programs and its logic-based verification
FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software
Extensible specifications for automatic re-use of specifications and proofs
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Noninterference for operating system kernels
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
| Hi-index | 0.00 |
Building on our published mechanisation of the probabilistic program logic pGCL we present a verified lattice scheduler, a standard covert-channel mitigation technique, employing randomisation as an elegant means of ensuring starvation-freeness. We show that this scheduler enforces probabilistic non-leakage, in addition to non-starvation. The refinement framework employed is compatible with that used in the L4.verified project, supporting our argument that full-scale verification of probabilistic security properties for realistic systems software is feasible.