Verification of a Generative Separation Kernel

<p class="Abstract">In the age of the Internet of Things and Industry 4.0, more and more embedded systems are connected through open networks, which also concerns measuring instruments under legal control (e.g. smart meters). Therefore, cyber-security for measuring instruments is becoming increasingly important. In this paper, possibilities to design secure measuring software running on general-purpose operating systems are analyzed according to legal requirements set up by European Directives, e.g., the Measuring Instruments Directive (2014/32/EU), which define the mandatory security level. Technical interpretations for the security concepts described in this paper are derived from these legal requirements with the aim to provide manufacturers the architectural guidance to construct systems which easily pass a conformity assessment at a Notified Body. In this paper security concepts, i.e., SELinux, AppArmor and Mandatory Integrity Control (MIC) are being described, which are based on Mandatory Access Control (MAC) strategies. Additionally, high-security methodologies and concepts, e.g., MILS and security kernels, are highlighted. In the examples given, software separation, which enhances overall security, is achieved by using SELinux mechanisms in the modules (virtual machines) atop a separation kernel.</p>

Download Full-text

Formal Modelling of Separation Kernel Components

Lecture Notes in Computer Science - Theoretical Aspects of Computing – ICTAC 2010 ◽

10.1007/978-3-642-14808-8_16 ◽

2010 ◽

pp. 230-244 ◽

Cited By ~ 3

Author(s):

Andrius Velykis ◽

Leo Freitas

Keyword(s):

Formal Modelling ◽

Separation Kernel

Download Full-text

A Survey on Formal Verification of Separation Kernels

Recent Advances in Computer Science and Communications ◽

10.2174/2666255813666201207154230 ◽

2020 ◽

Vol 13 ◽

Author(s):

Ram Chandra Bhushan ◽

Dharmendra K. Yadav

Keyword(s):

Formal Verification ◽

Intelligent Systems ◽

Formal Languages ◽

Critical Systems ◽

Temporal Separation ◽

Safety Certification ◽

Separation Kernel ◽

Flow Of Information

Introduction: In developing safety and security critical systems, separation kernel acts as a primary foundation, which provides spatial as well as temporal separation. Separation kernel offers highly assured partitions to the applications hosted on the fundamentally critical systems and can also control the flow of information between them. The industries, as well as academia, have developed several separation kernels that have been broadly applied in critical systems like military/defense secured applications, avionics/aerospace intelligent systems, healthcare units that deal with human lives and in many more areas. The increasing popularity of separation kernels demands the formal verification that assures the correctness of the functionalities in it. Further, formal verification of separation kernels has become mandatory by the security/safety certification authorities. Conclusion: This paper first presents the concept of separation kernel, and then it discusses the functionalities, design, and properties of it. The classification and analysis of the formal languages are being presented in this paper that has been used for writing the specifications of separation kernel and verifying it. The paper is an attempt towards the classification of formal languages being used for the verification of several separation kernels.

Download Full-text