A separation kernel simulates a distributed environment using a single physical machine by executing partitions in isolation and appropriately controlling communication among them. We present a formal verification of information flow security for a simple separation kernel for ARMv7. Previous work on information flow kernel security leaves communication to be handled by model-external means, and cannot be used to draw conclusions when there is explicit interaction between partitions. We propose a different approach where communication between partitions is made explicit and the information flow is analyzed in the presence of such a channel. Limiting the kernel functionality as much as meaning-fully possible, we accomplish a detailed analys...
This paper presents the first results from the ongoing research project HASPOC, developing a high as...
Assurance of information-flow security by formal methods is mandated in security certification of se...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
A separation kernel simulates a distributed environment using a single physical machine by executing...
Separation between processes on top of an operating system or between guests in a virtualized enviro...
Although many algorithms, hardware designs, and security protocols have been formally verified, form...
In this paper, we formally verify security properties of the ARMv7 Instruction Set Architecture (ISA...
peer-reviewedThe best approach to verifying an IMA separation kernel is to use a (fixed) time-space...
The security of embedded systems can be dramatically improved through the use of formally verified i...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
The development of provably secure OS kernels represents a fundamental step in the creation of safe ...
Abstract — Separation kernels are the holy grail of secure systems, remaining elusive despite years ...
The security of embedded systems can be dramatically improved through the use of formally verified i...
A separation-kernel-based operating system (OS) has been designed for use in secure embedded systems...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
This paper presents the first results from the ongoing research project HASPOC, developing a high as...
Assurance of information-flow security by formal methods is mandated in security certification of se...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
A separation kernel simulates a distributed environment using a single physical machine by executing...
Separation between processes on top of an operating system or between guests in a virtualized enviro...
Although many algorithms, hardware designs, and security protocols have been formally verified, form...
In this paper, we formally verify security properties of the ARMv7 Instruction Set Architecture (ISA...
peer-reviewedThe best approach to verifying an IMA separation kernel is to use a (fixed) time-space...
The security of embedded systems can be dramatically improved through the use of formally verified i...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
The development of provably secure OS kernels represents a fundamental step in the creation of safe ...
Abstract — Separation kernels are the holy grail of secure systems, remaining elusive despite years ...
The security of embedded systems can be dramatically improved through the use of formally verified i...
A separation-kernel-based operating system (OS) has been designed for use in secure embedded systems...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
This paper presents the first results from the ongoing research project HASPOC, developing a high as...
Assurance of information-flow security by formal methods is mandated in security certification of se...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...