High Robustness Requirements in a Common Criteria Protection Profile (original) (raw)
Related papers
Application Of Formal Methods For Designing A Separation Kernel For Embedded Systems
2010
A separation-kernel-based operating system (OS) has been designed for use in secure embedded systems by applying formal methods to the design of the separation-kernel part. The separation kernel is a small OS kernel that provides an abstract distributed environment on a single CPU. The design of the separation kernel was verified using two formal methods, the B method and the Spin model checker. A newly designed semi-formal method, the extended state transition method, was also applied. An OS comprising the separation-kernel part and additional OS services on top of the separation kernel was prototyped on the Intel IA-32 architecture. Developing and testing of a prototype embedded application, a point-of-sale application, on the prototype OS demonstrated that the proposed architecture and the use of formal methods to design its kernel part are effective for achieving a secure embedded system having a high-assurance separation kernel.
In this paper we provide an analysis of some potential vulne-rabilities, and security concerns including recommendations toward improving security for industrial control systems. We briefly describe the architecture of contemporary control devices. It appears to be a chal-lenge to most serious vulnerability researchers -real time operating systems are often plagued by the same sorts of vulnerabilities and ex-ploits as general purpose operating systems. In fact, the number of latent vulnerabilities in the typical microprocessor-based device can be surprisingly high. Then, we provide recommendations toward an en-hanced security for control systems software. We have shown that it is necessary to address not only the individual vulnerabilities, but the breadth of risks that can interfere with critical operations. We describe some requirements and features needed to improve the security of the control system. The one of effective ways to avoid expensive business losses or production disr...
2016
Number of words = 45327, as counted by detex <report.tex> | wc-w. This report consists of 98 pages in total. This includes the body of the report (without blank pages) and Appendix A, but not Appendices B, C, D, E and F. 1Updated transactional operation proofs, 21st September 2009. A separation kernel is an architecture for secure applications, which benefits from inherent security of distributed systems. Due to its small size and usage in high-integrity environments, it makes a good target for formal modelling and verification. This project presents results from mechanisation and modelling of separation kernel components: a process table, a process queue and a scheduler. The results have been developed as a part of the pilot project within the international Grand Challenge in Verified Software. This thesis covers full development life-cycle from project initiation through design and evaluation to successful completion. Important findings about kernel properties, formal modell...