Detection of the Operating System Configuration Vulnerabilities with Safety Evaluation Facility

In this paper, we address to formal verification methodologies and the system analyzing facility to verify property of the operating systems safety. Using our technique it becomes possible to discover security drawbacks in any IT-system based on access control model of 'state machine' style. Through our case study of model checking in Sample Vulnerability Checking (SVC), we show how the evaluation tool can be applied in Microsoft Windows 2000 to specify and verify safety problem of system security.

[1]  Karl N. Levitt,et al.  Security Policy Specification Using a Graphical Approach , 1998, ArXiv.

[2]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[3]  Len LaPadula,et al.  Secure Computer Systems: A Mathematical Model , 1996 .

[4]  Maxim O. Kalinin,et al.  Logical Resolving for Security Evaluation , 2003, MMM-ACNS.

[5]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[6]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[7]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[8]  Lawrence Snyder,et al.  The transfer of information and authority in a protection system , 1979, SOSP '79.