Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Formal Verification of Information Flow Security for a Simple ARM-Based Separation Kernel
KTH Royal Institute of Technology, Sweden.
KTH Royal Institute of Technology, Sweden.
KTH Royal Institute of Technology, Sweden.
KTH Royal Institute of Technology, Sweden.
Show others and affiliations
2013 (English)Conference paper, Published paper (Refereed)
Abstract [en]

A separation kernel simulates a distributed environment using a single physical machine by executing partitions in isolation and appropriately controlling communication among them. We present a formal verification of information flow security for a simple separation kernel for ARMv7. Previous work on information flow kernel security leaves communication to be handled by model-external means, and cannot be used to draw conclusions when there is explicit interaction between partitions. We propose a different approach where communication between partitions is made explicit and the information flow is analyzed in the presence of such a channel. Limiting the kernel functionality as much as meaning-fully possible, we accomplish a detailed analysis and verification of the system, proving its correctness at the level of the ARMv7 assembly. As a sanity check we show how the security condition is reduced to noninterference in the special case where no communication takes place. The verification is done in HOL4 taking the Cambridge model of ARM as basis, transferring verification tasks on the actual assembly code to an adaptation of the BAP binary analysis tool developed at CMU.

Place, publisher, year, edition, pages
2013, 10. p. 223-234
Keywords [en]
Formal verification, Information Flow Security, Separation Kernel, Hypervisor
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:ri:diva-24266DOI: 10.1145/2508859.2516702Scopus ID: 2-s2.0-84889040001OAI: oai:DiVA.org:ri-24266DiVA, id: diva2:1043346
Conference
2013 ACM SIGSAC conference on computer & communications security
Projects
PROSPERAvailable from: 2016-10-31 Created: 2016-10-31 Last updated: 2020-12-01Bibliographically approved

Open Access in DiVA

fulltext(417 kB)670 downloads
File information
File name FULLTEXT01.pdfFile size 417 kBChecksum SHA-512
dcbd84b702236c0bdb1c4ebf63102bc46e3aaf9bb9913512c33c9d40610d62888c451057204fcefc3547d45461ba3887839ae3e0eada16a9a2b935ddec92360e
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Schwarz, Oliver

Search in DiVA

By author/editor
Schwarz, Oliver
By organisation
Security Lab
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 670 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 209 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf