Using Refinement in Formal Development of OS Security Model

被引：1

作者：

Devyanin, Petr N. ^{[1
]}

Khoroshilov, Alexey V. ^{[2
]}

Kuliamin, Victor V. ^{[2
]}

Petrenko, Alexander K. ^{[2
]}

Shchepetkov, Ilya V. ^{[2
]}

机构：

[1] Educ & Method Community Informat Secur, Moscow, Russia

[2] Russian Acad Sci, Inst Syst Programming, Moscow, Russia

来源：

PERSPECTIVES OF SYSTEM INFORMATICS, PSI 2015 | 2016年 / 9609卷

关键词：

Security model; Formal verification; Refinement; Event-B;

D O I：

10.1007/978-3-319-41579-6_9

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

The paper presents work in progress on formal development of an operating system security model for the purpose of its deductive verification. We consider two approaches to formalize the security model. The first one is to build a monolithic model, another one is to build a hierarchical model using the refinement technique. The main criteria for comparison are costs of development, simplicity of maintenance and confidence in the quality of the formal model. The results are twofold. On the one hand, refinement helped us to deal with complexity of the formal model, to improve its readability and to simplify automatic proofs. However, deep understanding of the security model details and careful planning were absolutely necessary to build a reasonable hierarchical model. The monolithic approach allowed to quickly start formalization and helped to study the details of the security model, but the resulting formal model became hard to maintain and explore.

引用

页码：107 / 115

页数：9

共 50 条

[31] A formal model for data storage security evaluation
Bilski, Tomasz
[J]. ICCSA 2007: Proceedings of the Fifth International Conference on Computational Science and Applications, 2007, : 253 - 257
[32] A Security Formal Model for Multiple Channels Communication
Fu, Yulong
Yuan, Xinyi
Wang, Ke
Yan, Zheng
Li, Hui
[J]. 2019 IEEE SMARTWORLD, UBIQUITOUS INTELLIGENCE & COMPUTING, ADVANCED & TRUSTED COMPUTING, SCALABLE COMPUTING & COMMUNICATIONS, CLOUD & BIG DATA COMPUTING, INTERNET OF PEOPLE AND SMART CITY INNOVATION (SMARTWORLD/SCALCOM/UIC/ATC/CBDCOM/IOP/SCI 2019), 2019, : 1425 - 1430
[33] A Formal Model for the Security of Proxy Signature Schemes
GU Chun-xiang
[J]. Wuhan University Journal of Natural Sciences, 2005, (01) : 275 - 278
[34] A formal specification of the MIDP 2.0 security model
Beguelin, Santiago Zanella
Betarte, Gustavo
Luna, Carlos
[J]. FORMAL ASPECTS IN SECURITY AND TRUST, 2007, 4691 : 220 - +
[35] Formal Refinement in SysML
Miyazawa, Alvaro
Cavalcanti, Ana
[J]. INTEGRATED FORMAL METHODS, IFM 2014, 2014, 8739 : 155 - 170
[36] A Formal Approach in Robot Development Process using a UML Model
Wongwirat, Olarn
Hanidthikul, Tanachai
Vuthikulvanich, Natee
[J]. 2008 10TH INTERNATIONAL CONFERENCE ON CONTROL AUTOMATION ROBOTICS & VISION: ICARV 2008, VOLS 1-4, 2008, : 1888 - 1893
[37] Formal Verification of Security Protocols Using Spin
Chen, Shengbo
Fu, Hao
Miao, Huaikou
[J]. 2016 IEEE/ACIS 15TH INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATION SCIENCE (ICIS), 2016, : 637 - 642
[38] Using interface refinement to integrate formal verification into the design cycle
Chang, J
Berezin, S
Dill, DL
[J]. COMPUTER AIDED VERIFICATION, 2004, 3114 : 122 - 134
[39] Formal verification of an OS submodule
Pendharkar, NS
Gopinath, K
[J]. FOUNDATIONS OF SOFTWARE TECHNOLOGY AND THEORETICAL COMPUTER SCIENCE, 1998, 1530 : 197 - 208
[40] Formal Development of Critical Multi-Agent Systems: A Refinement Approach
Pereverzeva, Inna
Troubitsyna, Elena
Laibinis, Linas
[J]. 2012 NINTH EUROPEAN DEPENDABLE COMPUTING CONFERENCE (EDCC 2012), 2012, : 156 - 161

← 1 2 3 4 5 →