Structured specification of a Security Kernel

Authors:
K. G. Walter;S. I. Schaen;W. F. Ogden;W. C. Rounds;D. G. Shumway;D. D. Schaeffer;K. J. Biba;F. T. Bradshaw;S. R. Ames;J. M. Gilligan
Affiliations:
Case western Reserve University,,Cleveland, Ohio;Case western Reserve University,,Cleveland, Ohio;Case western Reserve University,,Cleveland, Ohio;Case western Reserve University,,Cleveland, Ohio;Case western Reserve University,,Cleveland, Ohio;Case western Reserve University,,Cleveland, Ohio;Case western Reserve University,,Cleveland, Ohio;Case western Reserve University,,Cleveland, Ohio;Case western Reserve University,,Cleveland, Ohio;Case western Reserve University,,Cleveland, Ohio
Venue:
Proceedings of the international conference on Reliable software
Year:
1975

Citing 5
Cited 10

Protection and the control of information sharing in multics

Communications of the ACM
Computer programming as an art

Communications of the ACM
Operating system principles

Operating system principles
On synchronization primitive systems

On synchronization primitive systems
The multics system: an examination of its structure

The multics system: an examination of its structure

Operating System Structures to Support Security and Reliable Software

ACM Computing Surveys (CSUR)
Data Security

ACM Computing Surveys (CSUR)
Formal Models for Computer Security

ACM Computing Surveys (CSUR)
Certification of programs for secure information flow

Communications of the ACM
Survey of recent operating systems research, designs and implementations

ACM SIGOPS Operating Systems Review
Information transmission in computational systems

SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
Current research in computer networks: a personal view

ACM SIGCOMM Computer Communication Review
Strum: Structured Microprogram Development System for Correct Firmware

IEEE Transactions on Computers
A security policy for a profile-oriented operating system

AFIPS '81 Proceedings of the May 4-7, 1981, national computer conference
Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels

Trust '09 Proceedings of the 2nd International Conference on Trusted Computing

Quantified Score

Hi-index	0.03

Visualization

Abstract

Certifying an entire operating system to be reliable is too large a task to be practicable. Instead, we are designing a Security Kernel which will provide information security. The kernel's job is to monitor information flow in order to prevent compromise of security. Sound design is encouraged by using a technique called Structured Specification, in which successively more detailed models of the Security Kernel are developed. The initial model, M0, is an abstract description which formalizes governmental security applied to computer systems. Subsequent levels of modeling provide increasingly more detail, and gradually the models begin to resemble a particular system (Multics in this case). The second model, M1, defines a tree-structured file system, and an interagent communication system while M2 adds details concerning segmentation in a dynamic environment. It is intended that the final level of modeling will specify the primitive commands for the kernel of a Multics-like system and will enumerate precisely those assertions which must be proved about the implementation in order to establish correctness.