Handbook of theoretical computer science (vol. B)
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
A lattice model of secure information flow
Communications of the ACM
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Trusting trusted hardware: towards a formal model for programmable secure coprocessors
WOEC'98 Proceedings of the 3rd conference on USENIX Workshop on Electronic Commerce - Volume 3
Formal Security Analysis with Interacting State Machines
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Integrating hardware and software information flow analyses
Proceedings of the 2009 ACM SIGPLAN/SIGBED conference on Languages, compilers, and tools for embedded systems
Idea: simulation based security requirement verification for transaction level models
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Hi-index | 0.01 |
The paper introduces a formal security model for a microprocessor hardware system. The model has been developed as part of the evaluation process of the processor product according to ITSEC assurance level E4. Novel aspects of the model are the need for defining integrity and confidentiality objectives on the hardware level without the operating system or application specification and security policy being given, and the utilization of an abstract function and data space. The security model consists of a system model given as a state transition automaton on infinite structures and the formalization of security objectives by means of properties of automaton behaviors. Validity of the security properties is proved. The paper compares the model with published ones and summarizes the lessons learned throughout the modeling process.