Towards proving security in the presence of large untrusted components

Select |




Print


Andronick, June; Greenaway, David; Elphinstone, Kevin

Andronick, June; Greenaway, David; Elphinstone, Kevin


2010-10-07


Conference Material


5th International Workshop on Systems Software Verification (SSV '10)


Vancouver, Canada


9


This paper proposes a generalized framework to build large, complex systems where security guarantees can be given for the overall system's implementation. The work builds on the formally proven correct seL4 microkernel and on its fine-grained mandatory access control. This access control mechanism allows large untrusted components to be isolated in a way that prevents them from violating a defined security property, leaving only the trusted components to be formally verified. The first steps of the approach are illustrated by the formalisation of a multilevel secure access device and a proof in Isabelle/HOL that information cannot flow from one back-end network to another.


USENIX


http://www.usenix.org/events/ssv10/


nicta:3997


Andronick, June; Greenaway, David; Elphinstone, Kevin. Towards proving security in the presence of large untrusted components. In: Ralf Huuck, Gerwin Klein, Bastian Schlich Editor, editor/s. 5th International Workshop on Systems Software Verification (SSV '10); Vancouver, Canada. USENIX; 2010-10-07. 9.



Loading citation data...

Citation counts
(Requires subscription to view)