A separation kernel simulates a distributed environment using a single physical machine by executing partitions in isolation and appropriately controlling communication among them. We present a formal verification of information flow security for a simple separation kernel for ARMv7. Previous work on information flow kernel security leaves communication to be handled by model-external means, and cannot be used to draw conclusions when there is explicit interaction between partitions. We propose a different approach where communication between partitions is made explicit and the information flow is analyzed in the presence of such a channel. Limiting the kernel functionality as much as meaning-fully possible, we accomplish a detailed analysi...
A separation kernel provides temporal and spatial separation among applications or partitions. This ...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
For the verification of system software, information flow properties of the instruction set architec...
A separation kernel simulates a distributed environment using a single physical machine by executing...
Although many algorithms, hardware designs, and security protocols have been formally verified, form...
In this paper, we formally verify security properties of the ARMv7 Instruction Set Architecture (ISA...
The security of embedded systems can be dramatically improved through the use of formally verified i...
Abstract — Separation kernels are the holy grail of secure systems, remaining elusive despite years ...
Separation between processes on top of an operating system or between guests in a virtualized enviro...
The security of embedded systems can be dramatically improved through the use of formally verified i...
Assurance of information-flow security by formal methods is mandated in security certification of se...
peer-reviewedThe best approach to verifying an IMA separation kernel is to use a (fixed) time-space...
A separation-kernel-based operating system (OS) has been designed for use in secure embedded systems...
Hardware-based mechanisms for software isolation are becoming increasingly popular, but implementin...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
A separation kernel provides temporal and spatial separation among applications or partitions. This ...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
For the verification of system software, information flow properties of the instruction set architec...
A separation kernel simulates a distributed environment using a single physical machine by executing...
Although many algorithms, hardware designs, and security protocols have been formally verified, form...
In this paper, we formally verify security properties of the ARMv7 Instruction Set Architecture (ISA...
The security of embedded systems can be dramatically improved through the use of formally verified i...
Abstract — Separation kernels are the holy grail of secure systems, remaining elusive despite years ...
Separation between processes on top of an operating system or between guests in a virtualized enviro...
The security of embedded systems can be dramatically improved through the use of formally verified i...
Assurance of information-flow security by formal methods is mandated in security certification of se...
peer-reviewedThe best approach to verifying an IMA separation kernel is to use a (fixed) time-space...
A separation-kernel-based operating system (OS) has been designed for use in secure embedded systems...
Hardware-based mechanisms for software isolation are becoming increasingly popular, but implementin...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
A separation kernel provides temporal and spatial separation among applications or partitions. This ...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
For the verification of system software, information flow properties of the instruction set architec...