The paper presents a work-in-progress on formal verification of operating system security model, which integrates control of confidentiality and integrity levels with role-based access control. The main goal is to formalize completely the security model and to prove its consistency and conformance to basic correctness requirements concerning keeping levels of integrity and confidentiality. Additional goal is to perform data flow analysis of the model to check whether it can preserve security in the face of certain attacks. Alloy and Event-B were used for formalization and verification of the model. Alloy was applied to provide quick constraint-based checking and uncover various issues concerning inconsistency or incompleteness of the model. Event-B was applied for full-scale deductive verification. Both tools worked well on first steps of model development, while after certain complexity was reached Alloy began to demonstrate some scalability issues. © 2014 Springer-Verlag.
CITATION STYLE
Devyanin, P. N., Khoroshilov, A. V., Kuliamin, V. V., Petrenko, A. K., & Shchepetkov, I. V. (2014). Formal verification of OS security model with alloy and Event-B. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8477 LNCS, pp. 309–313). Springer Verlag. https://doi.org/10.1007/978-3-662-43652-3_30
Mendeley helps you to discover research relevant for your work.