A security model for military message systems
ACM Transactions on Computer Systems (TOCS)
Mechanical proofs about computer programs
Proc. of a discussion meeting of the Royal Society of London on Mathematical logic and programming languages
Secure office management system: the first commodity application on a trusted system
ACM '87 Proceedings of the 1987 Fall Joint Computer Conference on Exploring technology: today and tomorrow
IEEE Transactions on Software Engineering
The existence of refinement mappings
Theoretical Computer Science
A formally verified algorithm for clock synchronization under a hybrid fault model
PODC '94 Proceedings of the thirteenth annual ACM symposium on Principles of distributed computing
Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS
IEEE Transactions on Software Engineering
Automated consistency checking of requirements specifications
ACM Transactions on Software Engineering and Methodology (TOSEM)
A Mechanically Checked Proof of the AMD5K86TM Floating-Point Division Program
IEEE Transactions on Computers
Cost profile of a highly assured, secure operating system
ACM Transactions on Information and System Security (TISSEC)
TAME: Using PVS strategies for special-purpose theorem proving
Annals of Mathematics and Artificial Intelligence
Proving Invariants of I/O Automata with TAME
Automated Software Engineering
Computer
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
High Integrity Software: The SPARK Approach to Safety and Security
High Integrity Software: The SPARK Approach to Safety and Security
Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
Generating optimized code from SCR specifications
Proceedings of the 2006 ACM SIGPLAN/SIGBED conference on Language, compilers, and tool support for embedded systems
Formal specifications on industrial-strength code—from myth to reality
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Specification and Checking of Software Contracts for Conditional Information Flow
FM '08 Proceedings of the 15th international symposium on Formal Methods
ICFEM '08 Proceedings of the 10th International Conference on Formal Methods and Software Engineering
Certification of smart-card applications in common criteria
Proceedings of the 2009 ACM symposium on Applied Computing
Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Certification of Smart-Card Applications in Common Criteria
FASE '09 Proceedings of the 12th International Conference on Fundamental Approaches to Software Engineering: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Automated Security Verification for Crypto Protocol Implementations: Verifying the Jessie Project
Electronic Notes in Theoretical Computer Science (ENTCS)
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
High level specification of non-interference security policies in partitioned MLS systems
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
Achieving information flow security through monadic control of effects
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
On the utility of formal methods in the development and certification of software
TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
Formally verifying isolation and availability in an idealized model of virtualization
FM'11 Proceedings of the 17th international conference on Formal methods
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Parametric verification of address space separation
POST'12 Proceedings of the First international conference on Principles of Security and Trust
A certificate infrastructure for machine-checked proofs of conditional information flow
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Separation virtual machine monitors
Proceedings of the 28th Annual Computer Security Applications Conference
Idea: writing secure c programs with secprove
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows
ACM Transactions on Information and System Security (TISSEC)
Code optimizations using formally verified properties
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
Hi-index | 0.00 |
Although many algorithms, hardware designs, and security protocols have been formally verified, formal verification of the security of software is still rare. This is due in large part to the large size of software, which results in huge costs for verification. This paper describes a novel and practical approach to formally establishing the security of code. The approach begins with a well-defined set of security properties and, based on the properties, constructs a compact security model containing only information needed to rea-son about the properties. Our approach was formulated to provide evidence for a Common Criteria evaluation of an embedded soft-ware system which uses a separation kernel to enforce data separation. The paper describes 1) our approach to verifying the kernel code and 2) the artifacts used in the evaluation: a Top Level Specification (TLS) of the kernel behavior, a formal definition of dataseparation, a mechanized proof that the TLS enforces data separation, code annotated with pre- and postconditions and partitioned into three categories, and a formal demonstration that each category of code enforces data separation. Also presented is the formal argument that the code satisfies the TLS.