Specification and verification of the UCLA Unix security kernel
Communications of the ACM
A model for verification of data security in operating systems
Communications of the ACM
Certification of programs for secure information flow
Communications of the ACM
Security Kernel validation in practice
Communications of the ACM
A note on the confinement problem
Communications of the ACM
A comment on the confinement problem
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
Proving multilevel security of a system design
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
Software development and proofs of multi-level security
ICSE '76 Proceedings of the 2nd international conference on Software engineering
A verifiable protection system
Proceedings of the international conference on Reliable software
A Uniform Presentation of Confidentiality Properties
IEEE Transactions on Software Engineering
A logic for reasoning about security
ACM Transactions on Computer Systems (TOCS)
An entropy conservation law for testing the completeness of covert channel analysis
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
A General Theory of Composition for a Class of "Possibilistic" Properties
IEEE Transactions on Software Engineering
Defending against denial of service attacks in Scout
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
An Application of Formal Analysis to Software in a Fault-Tolerant Environment
IEEE Transactions on Computers
FMSP '00 Proceedings of the third workshop on Formal methods in software practice
Computational paradigms and protection
Proceedings of the 2001 workshop on New security paradigms
Creating High Confidence in a Separation Kernel
Automated Software Engineering
An Overview of Formal Verification for the Time-Triggered Architecture
FTRTFT '02 Proceedings of the 7th International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems: Co-sponsored by IFIP WG 2.2
Formal Methods for Industrial Products
ZB '00 Proceedings of the First International Conference of B and Z Users on Formal Specification and Development in Z and B
Segregation with Communication
ZB '00 Proceedings of the First International Conference of B and Z Users on Formal Specification and Development in Z and B
Scale and performance in the Denali isolation kernel
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
Implementing an untrusted operating system on trusted hardware
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Lessons learned using alloy to formally specify MLS-PCA trusted security architecture
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Scale and performance in the Denali isolation kernel
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Object Oriented Verification Kernels for Secure Java Applications
SEFM '05 Proceedings of the Third IEEE International Conference on Software Engineering and Formal Methods
TCX project: high assurance for secure embedded systems
ACM SIGBED Review - Special issue: IEEE RTAS 2005 work-in-progress
System and network trustworthiness in perspective
Proceedings of the 13th ACM conference on Computer and communications security
Proceedings of the 13th ACM conference on Computer and communications security
A high assurance MLS file server
ACM SIGOPS Operating Systems Review
An open-source cryptographic coprocessor
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Analysis of three multilevel security architectures
Proceedings of the 2007 ACM workshop on Computer security architecture
Specification and Checking of Software Contracts for Conditional Information Flow
FM '08 Proceedings of the 15th international symposium on Formal Methods
Kernel design for isolation and assurance of physical memory
Proceedings of the 1st workshop on Isolation and integration in embedded systems
Flexible security configuration for virtual machines
Proceedings of the 2nd ACM workshop on Computer security architectures
ICFEM '08 Proceedings of the 10th International Conference on Formal Methods and Software Engineering
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Validating Safety and Security Requirements for Partitioned Architectures
Ada-Europe '09 Proceedings of the 14th Ada-Europe International Conference on Reliable Software Technologies
On the Role of Formal Methods in Software Certification: An Experience Report
Electronic Notes in Theoretical Computer Science (ENTCS)
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
High level specification of non-interference security policies in partitioned MLS systems
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
Achieving information flow security through monadic control of effects
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Managing Complexity in Software Development with Formally Based Tools
Electronic Notes in Theoretical Computer Science (ENTCS)
Security Primitives for Reconfigurable Hardware-Based Systems
ACM Transactions on Reconfigurable Technology and Systems (TRETS)
Hardware enforcement of application security policies using tagged memory
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Device driver safety through a reference validation mechanism
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
The road to trustworthy systems
Proceedings of the fifth ACM workshop on Scalable trusted computing
Formal modelling of separation kernel components
ICTAC'10 Proceedings of the 7th International colloquium conference on Theoretical aspects of computing
Java security: from hotjava to netscape and beyond
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Bakar Kiasan: flexible contract checking for critical systems using symbolic execution
NFM'11 Proceedings of the Third international conference on NASA Formal methods
Extending the GWV security policy and its modular application to a separation kernel
NFM'11 Proceedings of the Third international conference on NASA Formal methods
Automated information flow analysis of virtualized infrastructures
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Practical and lightweight domain isolation on Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Enhancing spark's contract checking facilities using symbolic execution
SIGAda '11 Proceedings of the 2011 ACM annual international conference on Special interest group on the ada programming language
Policy-driven memory protection for reconfigurable hardware
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Dependable and Historic Computing
Carrying goals to newcastle: a tribute to brian randell
Dependable and Historic Computing
Design, Implementation and Verification of MILS Systems
Software—Practice & Experience
Parametric verification of address space separation
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Efficient symbolic execution of value-based data structures for critical systems
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
An approach to model checking ada programs
Ada-Europe'12 Proceedings of the 17th Ada-Europe international conference on Reliable Software Technologies
SmartTokens: delegable access control with NFC-Enabled smartphones
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Intransitive noninterference in nondeterministic systems
Proceedings of the 2012 ACM conference on Computer and communications security
Enforcing user-space privilege separation with declarative architectures
Proceedings of the seventh ACM workshop on Scalable trusted computing
Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems
Proceedings of the 2012 workshop on New security paradigms
Information flow in systems with schedulers, Part I: Definitions
Theoretical Computer Science
Separation virtual machine monitors
Proceedings of the 28th Annual Computer Security Applications Conference
XtratuM/PPC: a hypervisor for partitioned system on PowerPC processors
The Journal of Supercomputing
Formal verification of information flow security for a simple arm-based separation kernel
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Towards a verified component platform
Proceedings of the Seventh Workshop on Programming Languages and Operating Systems
Secure RPC in embedded systems: evaluation of some GlobalPlatform implementation alternatives
Proceedings of the Workshop on Embedded Systems Security
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
A virtualized separation kernel for mixed criticality systems
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Hi-index | 0.00 |
This paper reviews some of the difficulties that arise in the verification of kernelized secure systems and suggests new techniques for their resolution. It is proposed that secure systems should be conceived as distributed systems in which security is achieved partly through the physical separation of its individual components and partly through the mediation of trusted functions performed within some of those components. The purpose of a security kernel is simply to allow such a 'distributed' system to actually run within a single processor; policy enforcement is not the concern of a security kernel. This approach decouples verification of components which perform trusted functions from verification of the security kernel. This latter task may be accomplished by a new verification technique called 'proof of separability' which explicitly addresses the security relevant aspects of interrupt handling and other issues ignored by present methods.