Using Refinement in Formal Development of OS Security Model
The paper presents work in progress on formal development of an operating system security model for the purpose of its deductive verification. We consider two approaches to formalize the security model. The first one is to build a monolithic model, another one is to build a hierarchical model using the refinement technique. The main criteria for comparison are costs of development, simplicity of maintenance and confidence in the quality of the formal model. The results are twofold. On the one hand, refinement helped us to deal with complexity of the formal model, to improve its readability and to simplify automatic proofs. However, deep understanding of the security model details and careful planning were absolutely necessary to build a reasonable hierarchical model. The monolithic approach allowed to quickly start formalization and helped to study the details of the security model, but the resulting formal model became hard to maintain and explore.
KeywordsSecurity model Formal verification Refinement Event-B
- 5.Damchoom, K.: An incremental refinement approach to a development of a flash-based file system in Event-B. Ph.D. thesis, University of Southampton, School of Electronics and Computer Science (2010)Google Scholar
- 7.Devyanin, P.N.: Security models of computer systems: access control and information flows (in Russian). Hot line - Telecom (2013)Google Scholar
- 11.Yeganefard, S., Butler, M., Rezazadeh, A.: Evaluation of a guideline by formal modelling of cruise control system in Event-B. In: NFM 2010, pp. 182–191 (2010)Google Scholar