Modeling and Security Analysis of a Commercial Real-Time Operating System Kernel

This chapter summarizes the modeling and formal analysis effort that led to an EAL6+ certification for a commercial real-time operating system kernel. We begin by describing the INTEGRITY-178B kernel, as well as the approach taken for the Common Criteria evaluation effort. We present a generalization of the GWV theorem, formulated in order to capture the meaning of separation in a dynamic system. We detail how the INTEGRITY-178B kernel was modeled, including System State, Behavior, and Information Flow. We discuss the proof architecture used to demonstrate correspondence and conclude with a description of the informal analysis of the hardware abstraction layer.

[1]  David A. Greve,et al.  Information Security Modeling and Analysis , 2010, Design and Verification of Microprocessor Systems for High-Assurance Applications.

[2]  Matthew Wilding,et al.  Formal Verification of Partition Management for the AAMP7G Microprocessor , 2010, Design and Verification of Microprocessor Systems for High-Assurance Applications.

[3]  David S. Hardin Design and Verification of Microprocessor Systems for High-Assurance Applications , 2010 .

[4]  John M. Rushby,et al.  Design and verification of secure systems , 1981, SOSP.

[5]  Panagiotis Manolios,et al.  Computer-Aided Reasoning: An Approach , 2011 .