specifying and building a formal secure virtual monitor machine prototype

Abstract

Beijing University of Posts and Telecommunications (BUPT); IEEE Beijing Section; International Business Machines; Loughborough University; Natural Science Foundation of ChinaTo defend against growing security threats and attacks faced today, formal specification and verification of secure operating systems are important and almost a must for high assurance level certification. In this paper, we report the work of specifying and building a VMM-based security prototype SecBase, a system towards "verified design" level of security standards in China. SecBase's specification is formally defined, which can be used to guide high-performance C programs implementation, and support formal analysis and verification. Our experiments show that SecBase can quickly be developed and can provide well security separation, for the benefit of its formal specifications. © 2010 IEEE