Using Refinement in Formal Development of OS Security Model

被引：1

作者：

Devyanin, Petr N. ^{[1
]}

Khoroshilov, Alexey V. ^{[2
]}

Kuliamin, Victor V. ^{[2
]}

Petrenko, Alexander K. ^{[2
]}

Shchepetkov, Ilya V. ^{[2
]}

机构：

[1] Educ & Method Community Informat Secur, Moscow, Russia

[2] Russian Acad Sci, Inst Syst Programming, Moscow, Russia

来源：

PERSPECTIVES OF SYSTEM INFORMATICS, PSI 2015 | 2016年 / 9609卷

关键词：

Security model; Formal verification; Refinement; Event-B;

D O I：

10.1007/978-3-319-41579-6_9

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

The paper presents work in progress on formal development of an operating system security model for the purpose of its deductive verification. We consider two approaches to formalize the security model. The first one is to build a monolithic model, another one is to build a hierarchical model using the refinement technique. The main criteria for comparison are costs of development, simplicity of maintenance and confidence in the quality of the formal model. The results are twofold. On the one hand, refinement helped us to deal with complexity of the formal model, to improve its readability and to simplify automatic proofs. However, deep understanding of the security model details and careful planning were absolutely necessary to build a reasonable hierarchical model. The monolithic approach allowed to quickly start formalization and helped to study the details of the security model, but the resulting formal model became hard to maintain and explore.

引用

页码：107 / 115

页数：9

共 50 条

[41] Formal Development of Critical Multi-Agent Systems: A Refinement Approach
Pereverzeva, Inna
Troubitsyna, Elena
Laibinis, Linas
[J]. 2012 NINTH EUROPEAN DEPENDABLE COMPUTING CONFERENCE (EDCC 2012), 2012, : 156 - 161
[42] Formal Analysis on an Extended Security Model for Database Systems
ZHU Hong
[J]. Wuhan University Journal of Natural Sciences, 2008, (05) : 519 - 522
[43] A Formal Model for Security Analysis of Trust and Reputation systems
Ghasempouri, Seyed Asgary
Ladani, Behrouz Tork
[J]. 2017 14TH INTERNATIONAL ISC (IRANIAN SOCIETY OF CRYPTOLOGY) CONFERENCE ON INFORMATION SECURITY AND CRYPTOLOGY (ISCISC), 2017, : 13 - 18
[44] Toward a Formal Traceability Model for Efficient Security Validation
Ebert, Christof
Ray, Ruschil
[J]. COMPUTER, 2021, 54 (11) : 68 - 78
[45] Verification of a formal security model for multiapplicative smart cards
Schellhorn, G
Reif, W
Schairer, A
Karger, P
Austel, V
Toll, D
[J]. COMPUTER SECURITY - ESORICS 2000, PROCEEDINGS, 2000, 1895 : 17 - 36
[46] A formal model for network-wide security analysis
Matousek, Petr
Rab, Jaroslav
Rysavy, Ondrej
Sveda, Miroslav
[J]. FIFTEENTH IEEE INTERNATIONAL CONFERENCE AND WORKSHOPS ON THE ENGINEERING OF COMPUTER-BASED SYSTEMS, PROCEEDINGS, 2008, : 171 - 181
[47] A Unified Formal Model for Proving Security and Reliability Properties
Hu, Wei
Wu, Lingjuan
Tai, Yu
Tan, Jing
Zhang, Jiliang
[J]. 2020 IEEE 29TH ASIAN TEST SYMPOSIUM (ATS), 2020, : 30 - 35
[48] Cryptography as a formal method and model for security in electronic payments
Tsiakis, T
Stephanides, G
Pekos, G
[J]. INTERNET SOCIETY: ADVANCES IN LEARNING, COMMERCE AND SOCIETY, 2004, 1 : 235 - 242
[49] A Reinforcement Model for Collaborative Security and Its Formal Analysis
Misra, Janardan
Saha, Indranil
[J]. NEW SECURITY PARADIGMS WORKSHOP 2009, PROCEEDINGS, 2009, : 101 - 114
[50] Provably secure multisignatures in formal security model and their optimality
Komano, Yuichi
Ohta, Kazuo
Shimbo, Atsushi
Kawamura, Shinichi
[J]. IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2008, E91A (01) : 107 - 118

← 1 2 3 4 5 →