Formal Verification of OS Security Model with Alloy and Event-B
The paper presents a work-in-progress on formal verification of operating system security model, which integrates control of confidentiality and integrity levels with role-based access control. The main goal is to formalize completely the security model and to prove its consistency and conformance to basic correctness requirements concerning keeping levels of integrity and confidentiality. Additional goal is to perform data flow analysis of the model to check whether it can preserve security in the face of certain attacks. Alloy and Event-B were used for formalization and verification of the model. Alloy was applied to provide quick constraint-based checking and uncover various issues concerning inconsistency or incompleteness of the model. Event-B was applied for full-scale deductive verification. Both tools worked well on first steps of model development, while after certain complexity was reached Alloy began to demonstrate some scalability issues.
Unable to display preview. Download preview PDF.
- 1.Devyanin, P.N.: The models of security of computer systems: access control and information flows. Hot line - Telecom, Moscow (2013) (in Russian)Google Scholar
- 2.Bishop, M.: Computer security: art and science. Pearson Education Inc., Boston (2002)Google Scholar
- 3.Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux Security Modules: General Security Support for the Linux Kernel. In: Proc. of the 11th USENIX Security Symposium, pp. 17–31 (2002)Google Scholar
- 4.Jackson, D.: Software Abstractions: Logic, Language, and Analysis. MIT Press (2006)Google Scholar
- 5.Abrial, J.-R.: Modeling in Event-B: System and Software Engineering. Cambridge University Press (2010)Google Scholar
- 8.Bobot, F., Filliâtre, J.-C., Marché, C., Paskevich, A.: Why3: Shepherd Your Herd of Provers. In: Proc. of Boogie 2011: 1st Intl Workshop on Intermediate Verification Languages, pp. 53–64 (2011)Google Scholar