To achieve the highest levels of assurance, MILS architectures need to be formally analysed. A key challenge is to reason about the interaction between the software applications running on top of MILS core components, such as the separation kernel. In this paper, we extend Rushby's model of noninterference with explicit information units and domain programs. These extensions enable the reasoning at an abstract level about systems built on top of noninterference. As an illustration of our approach, we formally model and analyse an example inspired by the GWV Firewall. <br/

Koolen, R.P.J.

Schmaltz, J.

English

To achieve the highest levels of assurance, MILS architectures need to be formally analysed. A key challenge is to reason about the interaction between the software applications running on top of MILS core components, such as the separation kernel. In this paper, we extend Rushby's model of noninterference with explicit information units and domain programs. These extensions enable the reasoning at an abstract level about systems built on top of noninterference. As an illustration of our approach, we formally model and analyse an example inspired by the GWV Firewall. \u3cbr/\u3e\u3cbr/\u3

Koolen, RPJ Ruud

Schmaltz, J Julien

Repository TU/e

Modelling information routing with noninterference

Pure OAI Repository

To achieve the highest levels of assurance, systems based on the MILS architecture need to be formally analysed. In this, a key challenge is reasoning about the inter-domain flow of information on a finer scale than the domain level. In this paper, we extend Rushby's model of noninterference with explicit between-domain information transfer, as well as programs that determine domain behavior. These extensions enable the reasoning at an abstract level built on top of noninterference, at a much finer level than allowed by base noninterference. As an illustration of our approach, we formally model and analyze an example system inspired by the GWV Firewall

Koolen, Ruud

Schmaltz, Julien

NEUROSURGERY ENTHUSIASTIC WOMEN SOCIETY

Modeling Information Routing with Noninterference

ZENODO

To achieve the highest levels of assurance, MILS architectures need to be formally analysed. A key challenge is to reason about the interaction between the software applications running on top of MILS core components, such as the separation kernel. In this paper, we extend Rushby's model of noninterference with explicit information units and domain programs. These extensions enable the reasoning at an abstract level about systems built on top of noninterference. As an illustration of our approach, we formally model and analyse an example inspired by the GWV Firewall

NARCIS 

https://pure.tue.nl/ws/files/128415425/10_modeling_information_routing_with_noninterference.pdf

Modelling information routing with noninterference

Abstract

Similar works

Full text

Available Versions

Repository TU/e

Pure OAI Repository

NEUROSURGERY ENTHUSIASTIC WOMEN SOCIETY

ZENODO

Pure OAI Repository

NARCIS