论文信息 - Towards Proving Security in the Presence of Large Untrusted Components

Towards Proving Security in the Presence of Large Untrusted Components

This paper proposes a generalized framework to build large, complex systems where security guarantees can be given for the overall system's implementation. The work builds on the formally proven correct seL4 micro-kernel and on its fine-grained access control. This access control mechanism allows large untrusted components to be isolated in a way that prevents them from violating a defined security property, leaving only the trusted components to be formally verified. The first steps of the approach are illustrated by the formalisation of a multi-level secure access device and a proof in Isabelle/HOL that information cannot flow from one back-end network to another.

Kevin Elphinstone | June Andronick | David Greenaway

[1] Kevin Elphinstone,et al. Verified Protection Model of the seL4 Microkernel , 2008, VSTTE.

[2] Michael Norrish,et al. seL4: formal verification of an OS kernel , 2009, SOSP '09.

[3] Jack B. Dennis,et al. Programming semantics for multiprogrammed computations , 1966, CACM.

[4] Jim Alves-Foss,et al. The MILS architecture for high-assurance embedded systems , 2006, Int. J. Embed. Syst..

[5] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.

[6] Fred Spiessens,et al. Patterns of safe collaboration , 2007 .

[7] Gerard J. Holzmann,et al. The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[8] Toby C. Murray. Analysing the security properties of object-capability patterns , 2010 .

[9] Gerwin Klein,et al. capDL: a language for describing capability-based systems , 2010, APSys '10.

[10] Andrew Boyton. A Verified Shared Capability Model , 2009, Electron. Notes Theor. Comput. Sci..