Reasoning About Information Flow Security of Separation Kernels with Channel-based Communication
Assurance of information flow security by formal methods is mandated in security certification of separation kernels. As an industrial standard for separation kernels, ARINC 653 has been complied with by mainstream separation kernels. Security of functionalities defined in ARINC 653 is thus very imp...
Saved in:
| Published in | arXiv.org |
|---|---|
| Main Authors | , , , |
| Format | Paper |
| Language | English |
| Published |
Ithaca
Cornell University Library, arXiv.org
17.10.2015
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Assurance of information flow security by formal methods is mandated in security certification of separation kernels. As an industrial standard for separation kernels, ARINC 653 has been complied with by mainstream separation kernels. Security of functionalities defined in ARINC 653 is thus very important for the development and certification of separation kernels. This paper presents the first effort to formally specify and verify separation kernels with ARINC 653 channel-based communication. We provide a reusable formal specification and security proofs for separation kernels in Isabelle/HOL. During reasoning about information flow security, we find some security flaws in the ARINC 653 standard, which can cause information leakage, and fix them in our specification. We also validate the existence of the security flaws in two open-source ARINC 653 compliant separation kernels. |
|---|---|
| AbstractList | Assurance of information flow security by formal methods is mandated in security certification of separation kernels. As an industrial standard for separation kernels, ARINC 653 has been complied with by mainstream separation kernels. Security of functionalities defined in ARINC 653 is thus very important for the development and certification of separation kernels. This paper presents the first effort to formally specify and verify separation kernels with ARINC 653 channel-based communication. We provide a reusable formal specification and security proofs for separation kernels in Isabelle/HOL. During reasoning about information flow security, we find some security flaws in the ARINC 653 standard, which can cause information leakage, and fix them in our specification. We also validate the existence of the security flaws in two open-source ARINC 653 compliant separation kernels. |
| Author | Zhang, Fuyuan Liu, Yang Zhao, Yongwang Sann, David |
| Author_xml | – sequence: 1 givenname: Yongwang surname: Zhao fullname: Zhao, Yongwang – sequence: 2 givenname: David surname: Sann fullname: Sann, David – sequence: 3 givenname: Fuyuan surname: Zhang fullname: Zhang, Fuyuan – sequence: 4 givenname: Yang surname: Liu fullname: Liu, Yang |
| BookMark | eNqNiskKwjAURYMoOPUfHrguxKR1WEpRFHfqXmNNbaR9TzMg_r1F_QBX91zO6bM2EuoW6wkpx_EsEaLLIudunHMxmYo0lT122mnlCA1eYXGm4GGDBdlaeUMIq4qesNd5sMa_gIqG78p-3VZb1JWDp_ElZKXC5sVn5fQFMqrrgCb_hEPWKVTldPTbARutlodsHd8tPYJ2_nijYLFRR8FnMuFiPk_kf9UbnTtHAg |
| ContentType | Paper |
| Copyright | 2015. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. |
| Copyright_xml | – notice: 2015. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. |
| DBID | 8FE 8FG ABJCF ABUWG AFKRA AZQEC BENPR BGLVJ CCPQU DWQXO HCIFZ L6V M7S PIMPY PQEST PQQKQ PQUKI PRINS PTHSS |
| DatabaseName | ProQuest SciTech Collection ProQuest Technology Collection Materials Science & Engineering Collection ProQuest Central (Alumni) ProQuest Central ProQuest Central Essentials ProQuest Central Technology Collection ProQuest One Community College ProQuest Central SciTech Premium Collection ProQuest Engineering Collection Engineering Database Publicly Available Content Database ProQuest One Academic Eastern Edition (DO NOT USE) ProQuest One Academic ProQuest One Academic UKI Edition ProQuest Central China Engineering Collection |
| DatabaseTitle | Publicly Available Content Database Engineering Database Technology Collection ProQuest Central Essentials ProQuest One Academic Eastern Edition ProQuest Central (Alumni Edition) SciTech Premium Collection ProQuest One Community College ProQuest Technology Collection ProQuest SciTech Collection ProQuest Central China ProQuest Central ProQuest Engineering Collection ProQuest One Academic UKI Edition ProQuest Central Korea Materials Science & Engineering Collection ProQuest One Academic Engineering Collection |
| DatabaseTitleList | Publicly Available Content Database |
| Database_xml | – sequence: 1 dbid: 8FG name: ProQuest Technology Collection url: https://search.proquest.com/technologycollection1 sourceTypes: Aggregation Database |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Physics |
| EISSN | 2331-8422 |
| Genre | Working Paper/Pre-Print |
| GroupedDBID | 8FE 8FG ABJCF ABUWG AFKRA ALMA_UNASSIGNED_HOLDINGS AZQEC BENPR BGLVJ CCPQU DWQXO FRJ HCIFZ L6V M7S M~E PIMPY PQEST PQQKQ PQUKI PRINS PTHSS |
| ID | FETCH-proquest_journals_20834029943 |
| IEDL.DBID | BENPR |
| IngestDate | Thu Oct 10 18:54:33 EDT 2024 |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-proquest_journals_20834029943 |
| OpenAccessLink | https://www.proquest.com/docview/2083402994?pq-origsite=%requestingapplication% |
| PQID | 2083402994 |
| PQPubID | 2050157 |
| ParticipantIDs | proquest_journals_2083402994 |
| PublicationCentury | 2000 |
| PublicationDate | 20151017 |
| PublicationDateYYYYMMDD | 2015-10-17 |
| PublicationDate_xml | – month: 10 year: 2015 text: 20151017 day: 17 |
| PublicationDecade | 2010 |
| PublicationPlace | Ithaca |
| PublicationPlace_xml | – name: Ithaca |
| PublicationTitle | arXiv.org |
| PublicationYear | 2015 |
| Publisher | Cornell University Library, arXiv.org |
| Publisher_xml | – name: Cornell University Library, arXiv.org |
| SSID | ssj0002672553 |
| Score | 3.0016296 |
| SecondaryResourceType | preprint |
| Snippet | Assurance of information flow security by formal methods is mandated in security certification of separation kernels. As an industrial standard for separation... |
| SourceID | proquest |
| SourceType | Aggregation Database |
| SubjectTerms | Certification Cybersecurity Formal specifications Information flow Kernels Reasoning Separation |
| Title | Reasoning About Information Flow Security of Separation Kernels with Channel-based Communication |
| URI | https://www.proquest.com/docview/2083402994 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV3dS8MwED9ci-Cbn_gxR0BfA2uTps2ToKwOZWNMhb3NNB9P0m5txTf_dpOaKSLsLcdBSEK4390vuTuAa8aN1Ckx2IgowRavGRY0yXDKYxVTIhVRjhqYTNn4hT4skoUn3Br_rXJjEztDrSrpOHIbpGfExjqc05vVGruuUe511bfQ6EEY20hhGEB4O5rO5j8sS8xS6zOTf4a2Q498H8KZWOn6AHZ0eQi73adL2RzB61yLpqNDkXt9aZHPDXJnhfK36gM9-e5yqDJ2_F2m2-oedV1aTEOOREUuP8BK2OGRQn8SPo7hKh89343xZllLf3Wa5e9GyQkEZVXqU0CMDLnJJDEJlbSI4kKkXBXGgbciTIkz6G-b6Xy7-gL2rB_QVSSN0j4Ebf2uLy3WtsUAell-P_DHaqXJ5-gLGIWLBw |
| link.rule.ids | 783,787,12777,21400,33385,33756,43612,43817 |
| linkProvider | ProQuest |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1LS8QwEB50F9GbT3ysGtBrwDZp2pw8iHV1H4iusLea5nGSdm0r_n2TmFVE2FvCQEhCmC_5Jt8MwCXjRuqUGGxElGCL1wwLmmQ45bGKKZGKKEcNTKZs-EIf5sk8EG5t-Fa59IneUataOo7cPtIzYt86nNPrxTt2VaNcdDWU0FiHPiUWq51SPL_74VhiltobM_nnZj125NvQfxQL3ezAmq52YcN_uZTtHrw-adF6MhS52EuHgjLI7RTK3-pP9Bxqy6Ha2PZ3km5rG-mmsoiGHIWKnDrA9rBDI4X-yD324SK_nd0M8XJaRTg4bfG7THIAvaqu9CEgRq64ySQxCZW0jOJSpFyVxkG3IkyJIxisGul4tfkcNoezybgY309HJ7BlbwQ-N2mUDqDXNR_61KJuV575rf0C5haKew |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Reasoning+About+Information+Flow+Security+of+Separation+Kernels+with+Channel-based+Communication&rft.jtitle=arXiv.org&rft.au=Zhao%2C+Yongwang&rft.au=Sann%2C+David&rft.au=Zhang%2C+Fuyuan&rft.au=Liu%2C+Yang&rft.date=2015-10-17&rft.pub=Cornell+University+Library%2C+arXiv.org&rft.eissn=2331-8422 |