Corpus ID: 18130662

A Veriiable Secure Distributed System a Veriiable Secure Distributed System

  title={A Veriiable Secure Distributed System a Veriiable Secure Distributed System},
  author={Jim Alves-Foss},
This paper presents a design for a veriiable secure distributed system. Based on the secure distributed system of Rushby and Randell, the desgin is presented as a hierarchy of levels implementing a set of virtual machines, where each level can be separately veriied for correctness with respect to the speciication and security policy. The heart of the system is based on Bevier's veriied kernel, KIT, which is modiied to provide a base for a secure distributed computing system. We reason about… Expand


A Distributed Secure System
The design of a distributed general-purpose computing system that enforces a multilevel security policy through the use of the "Newcastle Connection", a software subsystem that links together multiple UNIX or UNIX-look-alike systems, without requiring any changes to the source code of either the operating system or any user programs. Expand
A secure distributed operating system
Some issues in distributed system security are discussed in the context of the design of a secure distributed operating system (SDOS), targeted for an A1 rating, and a security policy based on message-passing rather than reads and writes is described. Expand
The Secure Distributed Operating System Design Project
Some issues in distributed system security in the context of the design of a secure distributed operating system (SDOS) are discussed, and the design is targeted for an Al rating, as per DoD 5200.28-STD. Expand
Verification of secure distributed systems in higher order logic: A modular approach using generic components
  • J. Alves-Foss, K. Levitt
  • Computer Science
  • Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1991
A generalization of D. McCullough's restrictiveness model is given as the basis for providing security properties for distributed system designs and an example of how the proposed mechanized verification system can be used to verify such designs. Expand
Design and Implementation of Secure Xenix
The design features of Secure Xenix are presented, their integration within Xenix, and some of the lessons learned from this experiment to date are presented. Expand
Kit: A Study in Operating System Verification
The kernel is proved to implement on this shared computer a fixed number of conceptually distributed communicating processes and provides the following verified services: process scheduling, error handling, message passing, and an interface to asynchronous devices. Expand
Noninterference and the composability of security properties
  • D. McCullough
  • Computer Science
  • Proceedings. 1988 IEEE Symposium on Security and Privacy
  • 1988
The problem of composability of multilevel security properties, particularly the noninterference property and some of its generalizations, is discussed and a property called restrictiveness is introduced that is generally composable. Expand
Security Policies and Security Models
We assune that the reader is familiar with the ubiquity of information in the modern world and is sympathetic with the need for restricting rights to read, add, modify, or delete information inExpand
Proving multilevel security of a system design
Two nearly equivalent models of multilevel security are presented and the utility of the two models and their relationship to existing models is discussed and the proof of the security of one particular system design is illustrated. Expand
Unwinding and Inference Control
The main result in this paper is an unwinding theorem that gives a very simple necessary and sufficient condition for a system to satisfy the MLS security policy system. Expand