Abstract
Nowadays formal methods are required for high assurance security and safety systems. Formal methods allow a precise specification and a deep analysis of system designs. However, usage of formal methods in a certification process can be very expensive. In this context, we analyse the security policy proposed by Greve et al in the theorem prover Isabelle/HOL. We show how this policy with some extensions can be applied in a modular way, and hence, reduce the number of formal models and artifacts to certify. Thus, we show how the security policy for a separation kernel is derived from the security policy of the micro-kernel that forms the basis of the separation kernel. We apply our approach to an example derived from an industrial real-time operating system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alves-Foss, J., Taylor, C.: An analysis of the GWV security policy. In: ACL2 Workshop (2004)
Amtoft, T., Hatcliff, J., Rodrguez, E., Robby, Hoag, J., Greve, D.: Specification and checking of software contracts for conditional information flow. In: Design and Verification of Microprocessor Systems for High-Assurance Applications, pp. 341–380 (2010)
Bill Hart, G.H.S.: SDR security threats in an open source world (2009), http://groups.winnforum.org/p/cm/ld/fid=60
CENELEC: DIN EN50128:2001: Railway applications. Communications, signalling and processing systems. Software for railway control and protection systems (2001)
Common Criteria Sponsoring Organizations: Common criteria for information technology security evaluation. version 3.1, revision 1 (September 2006), http://www.commoncriteriaportal.org/thecc.html
Ganssle, J.: Code: Getting it Right. A new OS has been proven to be correct using mathematical proofs. The cost: astronomical (2009), http://www.embedded.com/design/220900551
Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy (1982)
Green Hills Software: INTEGRITY-178B Separation kernel security target (2008), http://www.niap-ccevs.org/cc-scheme/st/vid10119/
Greve, D.: Information security modeling and analysis. In: Design and Verification of Microprocessor Systems for High-Assurance Applications, pp. 249–300 (2010)
Greve, D., Richards, R., Wilding, M.: A Summary of Intrinsic Partitioning Verification. In: Proceedings of the Fifth International Workshop on the ACL2 Theorem Prover and Its Applications, ACL2 (2004)
Greve, D., Wilding, M., Vanfleet, W.M.: A separation kernel formal security policy. In: Fourth International Workshop on the ACL2 Prover and its Applications, ACL2-2003 (2003), http://www.cs.utexas.edu/users/moore/acl2/books/books/workshops/2003/greve-wilding-vanfleet/security-policy.pdf.gz
Information Assurance Directorate: U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness. Version 1.03 (SKPP) (June 2007), http://www.niap-ccevs.org/cc-scheme/pp/pp_skpp_hr_v1.03/
Kaiser, R., Wagner, S.: Evolution of the PikeOS microkernel. In: Kuz, I., Petters, S.M. (eds.) MIKES: 1st International Workshop on Microkernels for Embedded Systems (2007), http://ertos.nicta.com.au/publications/papers/Kuz_Petters_07.pdf
Liedtke, J.: On micro-kernel construction. In: Proceedings of the 15th ACM Symposium on Operating Systems Principles, pp. 237–250. ACM Press, New York (1995)
Miller, S.P.: Will this be formal? In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs 2008. LNCS, vol. 5170, pp. 6–11. Springer, Heidelberg (2008)
NICTA: L4.verified: Numbers (2009), http://ertos.nicta.com.au/research/l4.verified/numbers.pml
Paulson, L.C.: Isabelle: a generic theorem prover. LNCS, vol. 828. Springer, New York (1994)
RTCA SC-167 / EUROCAE WG-12: DO-178B: Software Considerations in Airborne Systems and Equipment Certification. Radio Technical Commission for Aeronautics (RTCA), Inc., 1828 L St. NW., Suite 805, Washington, D.C. 20036 (December 1992)
RTCA SC-205/EUROCAE WG-71: Discussion and development site for Software Considerations in Airborne Systems: Discussion forum for DO-178C (2009), http://forum.pr.erau.edu/SCAS/
Rushby, J.: Design and verification of secure systems. In: Eighth ACM Symposium on Operating System Principles, pp. 12–21 (1981)
Rushby, J.: A Separation Kernel Formal Security Policy in PVS. SRI International (2004), http://www.sri.com
SYSGO AG: PikeOS RTOS technology embedded system software for safety critical real-time systems (2008), http://www.sysgo.com
TECOM Consortium: TECOM Project: Trusted Embedded Computing (2008), http://www.tecom-project.eu
Tverdyshev, S.: Formalisation and Modular Usage of GWV Security Policy in Isabelle/HOL: Source files (2010), ftp://ftp.sysgo.com/FormalMethods/Modular-GWV-Policy/
Vanfleet, W.M., Luke, J.A., Beckwith, R.W., Taylor, C., Calloni, B., Uchenick, G.: MILS: Architecture for high-assurance embedded computing. Crosstalk (August 2005), http://www.stsc.hill.af.mil/crosstalk/2005/08/0508Vanfleet_etal.html
Wind River: New Capability for the Warfighter Multilevel Secure Systems Based on a MILS Architecture (2009), http://ftp.windriver.speedera.net/ftp.windriver/2009-rc-presentations/arlington/breakouts/Wind_River_Presents_MILS.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tverdyshev, S. (2011). Extending the GWV Security Policy and Its Modular Application to a Separation Kernel. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds) NASA Formal Methods. NFM 2011. Lecture Notes in Computer Science, vol 6617. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20398-5_28
Download citation
DOI: https://doi.org/10.1007/978-3-642-20398-5_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20397-8
Online ISBN: 978-3-642-20398-5
eBook Packages: Computer ScienceComputer Science (R0)