MetaCart Sign in to MyCiteSeerX

Include Citations | Advanced Search | Help

Disambiguated Search | Include Citations | Advanced Search | Help

Verifying Operating System Security (1997) [11 citations — 6 self]

Abstract:

A confined program is one which is unable to leak information to an unauthorized party or modify unauthorized resources. Confinement is an essential feature of any secure component-based system. This paper presents a proof of correctness of the EROS operating system architecture with respect to confinement. We give a formal statement of the requirements, construct a model of the architecture's security policy and operational semantics, and show that the architecture enforces the confinement requirements if a small number of initial static checks on the confined subsystem are satisfied. The mechanism does not rely on the run-time values of user state or analysis of the programs' algorithm(s). Our verification methodology borrows heavily from techniques developed in the programming languages community. We view the operating system as a programming language whose operations are the kernel calls. This has the advantage that the security requirements of concern can be stated in forms analog...

Citations

204 Programming semantics for multiprogrammed computations – Dennis, Horn - 1966
133 Capability-Based Computer Systems – Levy - 1984
36 Improving Security and Performance for Capability Systems – Karger - 1988
21 On the design of a provably secure operating system – Neumann, Fabry, et al. - 1974
7 The KeyKOS Architecture" Operating Systems Review – Hardy - 1985
4 The KeyKOS Architecture” Operating Systems Review – Hardy - 1985
1 A Note on the Confinement Problem." Communications of the ACM Vol 16, No 10, [Lan93 – Lampson - 1993
1 A Note on the Confinement Problem.” Communications of the ACM Vol 16, No 10, [Lan93 – Lampson - 1993
View or Download | Add to My Collection | Correct Errors