Secure systems are often built around a “security kernel”—a relatively small and simple component that guarantees the security of the overall system. In this paper we ask whether this approach can be used to ensure system properties other than security—in particular, we are interested in whether “safety ” properties can be handled in this way. Our conclusion is that kernelized system structures can provide rigorous guarantees that certain faults of commission will not occur. We give a more precise characterization in terms of the formal statement that can be asserted for a kernelized system and we outline an approach to system design that uses these insights and draws on experience with secure systems in order guarantee certain safety prope...
This dissertation suggests and partially demonstrates that it is feasible to retrofit real privilege...
This paper presents a formal framework that provides construction principles for well-behaved scalab...
Small kernels are a promising approach to secure and reliable system construction. These systems red...
Computing systems in which the consequences of failure are very serious are termed safety-critical....
Security is a problem of trust. Having a system that offers services to Internet and that can be tru...
As part of the general goal of providing secure computer systems, the design of verifiably secure o...
Although many algorithms, hardware designs, and security protocols have been formally verified, form...
textOperating system kernels present a difficult security challenge. Despite their millions of lines...
Cooperation between independent agents depends upon establishing adegree of security. Each of the ...
International audienceIn recent years, the disclosure of several significant security vulnerabilitie...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
While safety and security at a high-level are white-board concepts, once it comes to implementation ...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
A good way to obtain secure systems is to build applications in a systematic way where security is a...
Computer security is an important issue in determining the dependability of computer systems. It bec...
This dissertation suggests and partially demonstrates that it is feasible to retrofit real privilege...
This paper presents a formal framework that provides construction principles for well-behaved scalab...
Small kernels are a promising approach to secure and reliable system construction. These systems red...
Computing systems in which the consequences of failure are very serious are termed safety-critical....
Security is a problem of trust. Having a system that offers services to Internet and that can be tru...
As part of the general goal of providing secure computer systems, the design of verifiably secure o...
Although many algorithms, hardware designs, and security protocols have been formally verified, form...
textOperating system kernels present a difficult security challenge. Despite their millions of lines...
Cooperation between independent agents depends upon establishing adegree of security. Each of the ...
International audienceIn recent years, the disclosure of several significant security vulnerabilitie...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
While safety and security at a high-level are white-board concepts, once it comes to implementation ...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
A good way to obtain secure systems is to build applications in a systematic way where security is a...
Computer security is an important issue in determining the dependability of computer systems. It bec...
This dissertation suggests and partially demonstrates that it is feasible to retrofit real privilege...
This paper presents a formal framework that provides construction principles for well-behaved scalab...
Small kernels are a promising approach to secure and reliable system construction. These systems red...