Comprehensive formal verification of an OS microkernel
We present an in-depth coverage of the comprehensive machine-checked formal verification
of seL4, a general-purpose operating system microkernel. We discuss the kernel design we …
of seL4, a general-purpose operating system microkernel. We discuss the kernel design we …
Noninterference for operating system kernels
While intransitive noninterference is a natural property for any secure OS kernel to enforce,
proving that the implementation of any particular general-purpose kernel enforces this …
proving that the implementation of any particular general-purpose kernel enforces this …
Can we prove time protection?
Timing channels are a significant and growing security threat in computer systems, with no
established solution. We have recently argued that the OS must provide time protection, in …
established solution. We have recently argued that the OS must provide time protection, in …
BP: Formal proofs, the fine print and side effects
T Murray, P van Oorschot - 2018 IEEE Cybersecurity …, 2018 - ieeexplore.ieee.org
Given recent high-profile successes in formal verification of security-related properties (eg,
for seL4), and the rising popularity of applying formal methods to cryptographic libraries and …
for seL4), and the rising popularity of applying formal methods to cryptographic libraries and …
Towards provable timing-channel prevention
We describe our ongoing research that aims to eliminate microarchitectural timing channels
through time protection, which eliminates the root cause of these channels, competition for …
through time protection, which eliminates the root cause of these channels, competition for …
[图书][B] Foundations of web script security
A Bohannon - 2012 - search.proquest.com
A web browser works with data and scripts from different sources, and these sources are not
all trusted equally by the user of the browser. This fact requires web browser designers to …
all trusted equally by the user of the browser. This fact requires web browser designers to …
Proving the Absence of Microarchitectural Timing Channels
Microarchitectural timing channels are a major threat to computer security. A set of OS
mechanisms called time protection was recently proposed as a principled way of preventing …
mechanisms called time protection was recently proposed as a principled way of preventing …
In guards we trust: Security and privacy in operating systems revisited
M Hanspach, J Keller - 2013 International Conference on Social …, 2013 - ieeexplore.ieee.org
With the rise of formally verified micro kernels, we finally have a trusted platform for secure
IPC and rigorous enforcement of our mandatory access control policy. But, not every …
IPC and rigorous enforcement of our mandatory access control policy. But, not every …
A study on inappropriately partitioned commits: How much and what kinds of ip commits in java projects?
R Arima, Y Higo, S Kusumoto - … of the 15th International Conference on …, 2018 - dl.acm.org
When we use code repositories, each commit should include code changes for only a single
task and code changes for a single task should not be scattered over multiple commits …
task and code changes for a single task should not be scattered over multiple commits …
[PDF][PDF] The clustered multikernel: an approach to formal verification of multiprocessor operating-system kernels.
M von Tessin - 2013 - trustworthy.systems
The key software component of a computer system is the operating-system kernel. It always
needs to be trusted because it runs in the CPU's privileged mode and therefore has access …
needs to be trusted because it runs in the CPU's privileged mode and therefore has access …