Formal Models for Computer Security
ACM Computing Surveys (CSUR)
ACM Computing Surveys (CSUR)
Specification and verification of the UCLA Unix security kernel
Communications of the ACM
A model for verification of data security in operating systems
Communications of the ACM
Communications of the ACM
A note on the confinement problem
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
Proving multilevel security of a system design
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
The multics system: an examination of its structure
The multics system: an examination of its structure
Program confinement in KVM/370
ACM '77 Proceedings of the 1977 annual conference
Computer system reliability and nuclear war
Communications of the ACM
Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Hi-index | 0.02 |
This paper discusses the formal verification of the design of an operating system kernel's conformance to the multilevel security property. The kernel implements multiple protection structures to support both discretionary and nondiscretionary security policies. The design of the kernel was formally specified. Mechanical techniques were used to check that the design conformed to the multilevel security property. All discovered security flaws were then either closed or minimized. This paper considers the multilevel security model, the verification methodology, and the verification tools used. This work is significant for two reasons. First, it is for a complete implementation of a commercially available secure computer system. Second, the verification used off-the-shelf tools and was not done by the verification environment researchers.