Operating system verification—an overview
G Klein - Sadhana, 2009 - Springer
This paper gives a high-level introduction to the topic of formal, interactive, machine-
checked software verification in general, and the verification of operating systems code in …
checked software verification in general, and the verification of operating systems code in …
seL4: Formal verification of an OS kernel
Complete formal verification is the only known way to guarantee that a system is free of
programming errors. We present our experience in performing the formal, machine-checked …
programming errors. We present our experience in performing the formal, machine-checked …
Comprehensive formal verification of an OS microkernel
We present an in-depth coverage of the comprehensive machine-checked formal verification
of seL4, a general-purpose operating system microkernel. We discuss the kernel design we …
of seL4, a general-purpose operating system microkernel. We discuss the kernel design we …
[PDF][PDF] Security enhanced (se) android: bringing flexible mac to android.
S Smalley, R Craig - Ndss, 2013 - cs.columbia.edu
The Android software stack for mobile devices defines and enforces its own security model
for apps through its application-layer permissions model. However, at its foundation, Android …
for apps through its application-layer permissions model. However, at its foundation, Android …
Flexible and fine-grained mandatory access control on android for diverse security and privacy policies
In this paper we tackle the challenge of providing a generic security architecture for the
Android OS that can serve as a flexible and effective ecosystem to instantiate different …
Android OS that can serve as a flexible and effective ecosystem to instantiate different …
Linux security modules: General security support for the linux kernel
The access control mechanisms of existing mainstream operating systems are inadequate to
provide strong system security. Enhanced access control mechanisms have failed to win …
provide strong system security. Enhanced access control mechanisms have failed to win …
Integrating flexible support for security policies into the Linux operating system
P Loscocco, S Smalley - … Annual Technical Conference (USENIX ATC 01 …, 2001 - usenix.org
The protection mechanisms of current mainstream operating systems are inadequate to
support confidentiality and integrity requirements for end systems. Mandatory access control …
support confidentiality and integrity requirements for end systems. Mandatory access control …
Improving Host Security with System Call Policies.
N Provos - USENIX Security Symposium, 2003 - usenix.org
We introduce a system that eliminates the need to run programs in privileged process
contexts. Using our system, programs run unprivileged but may execute certain operations …
contexts. Using our system, programs run unprivileged but may execute certain operations …
EROS: a fast capability system
JS Shapiro, JM Smith, DJ Farber - Proceedings of the seventeenth ACM …, 1999 - dl.acm.org
EROS is a capability-based operating system for commodity processors which uses a single
level storage model. The single level store's persistence is transparent to applications. The …
level storage model. The single level store's persistence is transparent to applications. The …
[PDF][PDF] Implementing SELinux as a Linux security module
S Smalley, C Vance, W Salamon - NAI Labs Report, 2001 - cs.unibo.it
In March 2001, the National Security Agency (NSA) gave a presentation about Security-
Enhanced Linux (SELinux) at the 2.5 Linux Kernel Summit. SELinux is an implementation of …
Enhanced Linux (SELinux) at the 2.5 Linux Kernel Summit. SELinux is an implementation of …