Using the B Method to Formalize Access Control Mechanism with TrustZone Hardware Isolation (Short Paper)

  • Lu Ren
  • Rui ChangEmail author
  • Qing Yin
  • Wei Wang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10701)


Successfully employed in the industry, hardware isolation environment enhances the access control of traditional operating systems and requires more rigorous analysis. This paper first applies the B method to the access control mechanism formalization and proposes an extensible formal model, which not only specifies the access control mechanism with process state transition in Linux, but also introduces the hardware isolation description. Consistent with program implementations, the B specifications can be animated and verified. The proposed B model constructs a mathematical framework for the security analysis, providing a theoretical support for mechanism enhancements. All the model components are type checked by Atelier B, with 547 proof obligations automatically generated. The current rate of model proof is 79%. The experimental results by ProB show that there is no invariant violation or deadlock. In conclusion, this paper presents a feasible solution for access control mechanism formalization and verification in the embedded system design. The access control model can be further extended and refined, with its specifications transformed into executable codes after proved.


Access control B method Formal model 


  1. 1.
    Sun, H., Sun, K., Wang, Y., Jing, J., Wang, H.: TrustICE: hardware-assisted isolated computing environments on mobile devices. In: 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 367–378. IEEE Press, New York (2015).
  2. 2.
    Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., et al.: seL4: formal verification of an OS kernel. In: ACM SIGOPS 22nd Symposium on Operating Systems Principles, pp. 207–220. ACM, New York (2009).
  3. 3.
    Hoffmann, S., Haugou, G., Gabriele, S., Burdy, L.: The B-method for the construction of microkernel-based systems. In: Julliand, J., Kouchnarenko, O. (eds.) B 2007. LNCS, vol. 4355, pp. 257–259. Springer, Heidelberg (2006). CrossRefGoogle Scholar
  4. 4.
    Bovet, D.P., Cesati, M.: Understanding the Linux Kernel. Oreilly Media, Sebastopol (2001)Google Scholar
  5. 5.
    ARM. ARM Security Technology Building a secure system using TrustZone technology (white paper). ARM Limited (2009)Google Scholar
  6. 6.
    Abrial, J.R.: The B-Book: Assigning Programs to Meanings. Cambridge University Press, Cambridge (1996)CrossRefzbMATHGoogle Scholar
  7. 7.
    Presentation of the B method | Méthode B. Accessed 1 July 2017
  8. 8.
    Atelier B. Accessed 1 July 2017
  9. 9.
    The ProB Animator and Modelchecker. Accessed 1 July 2017
  10. 10.
    Walker, B.J., Kemmerer, R.A., Popek, G.J.: Specification and verification of the UCLA Unix security kernel. Commun. ACM 23(23), 118–131 (1980). CrossRefzbMATHGoogle Scholar
  11. 11.
    Chen, D., Sun, Y., Chen, Z.: A formal specification in B of an operating system. Open Cybern. Syst. J. 9(1), 1125–1129 (2015). MathSciNetCrossRefGoogle Scholar
  12. 12.
    Kawamorita, K., Kasahara, R., Mochizuki, Y., Noguchi, K.: Application of formal methods for designing a separation kernel for embedded systems. World Acad. Sci. Eng. Technol. 68, 506–514 (2010)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.State Key Laboratory of Mathematical Engineering and Advanced ComputingZhengzhouChina

Personalised recommendations