32 research outputs found
A Methodology For Micro-Policies
This thesis proposes a formal methodology for defining, specifying, and
reasoning about micro-policies — security policies based on fine-grained tagging
that include forms of access control, memory safety, compartmentalization, and
information-flow control. Our methodology is based on a symbolic machine that
extends a conventional RISC-like architecture with tags. Tags express security
properties of parts of the program state ( this is an instruction, this is
secret, etc.), and are checked and propagated on every instruction according to
flexible user-supplied rules. We apply this methodology to two widely studied
policies, information-flow control and heap memory safety, implementing them
with the symbolic machine and formally characterizing their security guarantees:
for information-flow control, we prove a classic notion of
termination-insensitive noninterference; for memory safety, a novel property
that protects memory regions that a program cannot validly reach through the
pointers it possesses — which, we believe, provides a useful criterion for
evaluating and comparing different flavors of memory safety. We show how the
symbolic machine can be realized with a more practical processor design, where a
software monitor takes advantage of a hardware cache to speed up its execution
while protecting itself from potentially malicious user-level code. Our
development has been formalized and verified in the Coq proof assistant,
attesting that our methodology can provide rigorous security guarantees
State of the art survey of technologies applicable to NASA's aeronautics, avionics and controls program
The state of the art survey (SOAS) covers six technology areas including flightpath management, aircraft control system, crew station technology, interface & integration technology, military technology, and fundamental technology. The SOAS included contributions from over 70 individuals in industry, government, and the universities
DECM, A User Oriented Formalism for High Level Discrete Event Specifications of Real- Time Systems
International audienceno abstrac
DECM, A User Oriented Formalism for High Level Discrete Event Specifications of Real- Time Systems
International audienceno abstrac
Naval Postgraduate School Catalog 2015
Approved for public release; distribution is unlimited