Skip to main content
SpringerLink
Log in

Extending the GWV Security Policy and Its Modular Application to a Separation Kernel

  • Conference paper
Book cover NASA Formal Methods (NFM 2011)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6617))

Included in the following conference series:

Abstract

Nowadays formal methods are required for high assurance security and safety systems. Formal methods allow a precise specification and a deep analysis of system designs. However, usage of formal methods in a certification process can be very expensive. In this context, we analyse the security policy proposed by Greve et al in the theorem prover Isabelle/HOL. We show how this policy with some extensions can be applied in a modular way, and hence, reduce the number of formal models and artifacts to certify. Thus, we show how the security policy for a separation kernel is derived from the security policy of the micro-kernel that forms the basis of the separation kernel. We apply our approach to an example derived from an industrial real-time operating system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alves-Foss, J., Taylor, C.: An analysis of the GWV security policy. In: ACL2 Workshop (2004)

    Google Scholar 

  2. Amtoft, T., Hatcliff, J., Rodrguez, E., Robby, Hoag, J., Greve, D.: Specification and checking of software contracts for conditional information flow. In: Design and Verification of Microprocessor Systems for High-Assurance Applications, pp. 341–380 (2010)

    Google Scholar 

  3. Bill Hart, G.H.S.: SDR security threats in an open source world (2009), http://groups.winnforum.org/p/cm/ld/fid=60

  4. CENELEC: DIN EN50128:2001: Railway applications. Communications, signalling and processing systems. Software for railway control and protection systems (2001)

    Google Scholar 

  5. Common Criteria Sponsoring Organizations: Common criteria for information technology security evaluation. version 3.1, revision 1 (September 2006), http://www.commoncriteriaportal.org/thecc.html

  6. Ganssle, J.: Code: Getting it Right. A new OS has been proven to be correct using mathematical proofs. The cost: astronomical (2009), http://www.embedded.com/design/220900551

  7. Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy (1982)

    Google Scholar 

  8. Green Hills Software: INTEGRITY-178B Separation kernel security target (2008), http://www.niap-ccevs.org/cc-scheme/st/vid10119/

  9. Greve, D.: Information security modeling and analysis. In: Design and Verification of Microprocessor Systems for High-Assurance Applications, pp. 249–300 (2010)

    Google Scholar 

  10. Greve, D., Richards, R., Wilding, M.: A Summary of Intrinsic Partitioning Verification. In: Proceedings of the Fifth International Workshop on the ACL2 Theorem Prover and Its Applications, ACL2 (2004)

    Google Scholar 

  11. Greve, D., Wilding, M., Vanfleet, W.M.: A separation kernel formal security policy. In: Fourth International Workshop on the ACL2 Prover and its Applications, ACL2-2003 (2003), http://www.cs.utexas.edu/users/moore/acl2/books/books/workshops/2003/greve-wilding-vanfleet/security-policy.pdf.gz

  12. Information Assurance Directorate: U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness. Version 1.03 (SKPP) (June 2007), http://www.niap-ccevs.org/cc-scheme/pp/pp_skpp_hr_v1.03/

  13. Kaiser, R., Wagner, S.: Evolution of the PikeOS microkernel. In: Kuz, I., Petters, S.M. (eds.) MIKES: 1st International Workshop on Microkernels for Embedded Systems (2007), http://ertos.nicta.com.au/publications/papers/Kuz_Petters_07.pdf

  14. Liedtke, J.: On micro-kernel construction. In: Proceedings of the 15th ACM Symposium on Operating Systems Principles, pp. 237–250. ACM Press, New York (1995)

    Google Scholar 

  15. Miller, S.P.: Will this be formal? In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs 2008. LNCS, vol. 5170, pp. 6–11. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. NICTA: L4.verified: Numbers (2009), http://ertos.nicta.com.au/research/l4.verified/numbers.pml

  17. Paulson, L.C.: Isabelle: a generic theorem prover. LNCS, vol. 828. Springer, New York (1994)

    Book  MATH  Google Scholar 

  18. RTCA SC-167 / EUROCAE WG-12: DO-178B: Software Considerations in Airborne Systems and Equipment Certification. Radio Technical Commission for Aeronautics (RTCA), Inc., 1828 L St. NW., Suite 805, Washington, D.C. 20036 (December 1992)

    Google Scholar 

  19. RTCA SC-205/EUROCAE WG-71: Discussion and development site for Software Considerations in Airborne Systems: Discussion forum for DO-178C (2009), http://forum.pr.erau.edu/SCAS/

  20. Rushby, J.: Design and verification of secure systems. In: Eighth ACM Symposium on Operating System Principles, pp. 12–21 (1981)

    Google Scholar 

  21. Rushby, J.: A Separation Kernel Formal Security Policy in PVS. SRI International (2004), http://www.sri.com

  22. SYSGO AG: PikeOS RTOS technology embedded system software for safety critical real-time systems (2008), http://www.sysgo.com

  23. TECOM Consortium: TECOM Project: Trusted Embedded Computing (2008), http://www.tecom-project.eu

  24. Tverdyshev, S.: Formalisation and Modular Usage of GWV Security Policy in Isabelle/HOL: Source files (2010), ftp://ftp.sysgo.com/FormalMethods/Modular-GWV-Policy/

  25. Vanfleet, W.M., Luke, J.A., Beckwith, R.W., Taylor, C., Calloni, B., Uchenick, G.: MILS: Architecture for high-assurance embedded computing. Crosstalk (August 2005), http://www.stsc.hill.af.mil/crosstalk/2005/08/0508Vanfleet_etal.html

  26. Wind River: New Capability for the Warfighter Multilevel Secure Systems Based on a MILS Architecture (2009), http://ftp.windriver.speedera.net/ftp.windriver/2009-rc-presentations/arlington/breakouts/Wind_River_Presents_MILS.pdf

Download references

Author information

Authors and Affiliations

  1. SYSGO AG, Germany

    Sergey Tverdyshev

Authors
  1. Sergey Tverdyshev
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. NASA Jet Propulsion Laboratory, 4800 Oak Grove Drive, M/S 301-285, 91109, Pasadena, CA, USA

    Mihaela Bobaru , Klaus Havelund , Gerard J. Holzmann  & Rajeev Joshi , ,  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tverdyshev, S. (2011). Extending the GWV Security Policy and Its Modular Application to a Separation Kernel. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds) NASA Formal Methods. NFM 2011. Lecture Notes in Computer Science, vol 6617. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20398-5_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-20398-5_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-20397-8

  • Online ISBN: 978-3-642-20398-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation