Verifying security invariants in ExpressOS

@inproceedings{Mai2013VerifyingSI,
  title={Verifying security invariants in ExpressOS},
  author={Haohui Mai and Edgar Pek and Hui Xue and Samuel T. King and P. Madhusudan},
  booktitle={ASPLOS},
  year={2013}
}

Haohui Mai, Edgar Pek, +2 authors P. Madhusudan
Published 2013 in ASPLOS
DOI:10.1145/2451116.2451148

Security for applications running on mobile devices is important. In this paper we present ExpressOS, a new OS for enabling high-assurance applications to run on commodity mobile devices securely. Our main contributions are a new OS architecture and our use of formal methods for proving key security invariants about our implementation. In our use of formal methods, we focus solely on proving that our OS implements our security invariants correctly, rather than striving for full functional correctness, requiring significantly less verification effort while still proving the security relevant aspects of our system. We built ExpressOS, analyzed its security, and tested its performance. Our evaluation shows that… CONTINUE READING

Highly Cited

This paper has 40 citations. REVIEW CITATIONS

11 Figures & Tables

Topics

Cited By

Sort by:

Pranav Garg Research Statement Motivation and Overview of Research

Pranav Garg
2014

Invariant Synthesis for Incomplete Verification Engines

Daniel Neider, Pranav Garg, P. Madhusudan, Shambwaditya Saha, Daejun Park
TACAS
2018

Hyperkernel: Push-Button Verification of an OS Kernel

Luke Nelson, Helgi Sigurbjarnarson, +4 authors Xi Wang
SOSP
2017

STO Verification

Hao Bai
2017

System-Level Non-interference of Constant-Time Cryptography. Part I: Model

Gilles Barthe, Gustavo Betarte, Juan Diego Campo, Carlos Luna
Journal of Automated Reasoning
2017

Towards Proving Optimistic Multicore Schedulers

Baptiste Lepers, Willy Zwaenepoel, +5 authors Gilles Muller
HotOS
2017

Towards Proving Optimistic Multicore Schedulers Baptiste Lepers

Willy Zwaenepoel, Jean-Pierre Lozi, +4 authors Gilles Muller
2017

Invariant Synthesis for Sound but Incomplete Verification Engines

D. Park, D. Neider, S. Saha, P. Garg, P. Mahdian, P. Madhusudan
2016

Learning Invariants for Incomplete Heap Verification Engines

2016

LockDown: an operating system for achieving service continuity by quarantining principals

Gedare Bloom, Gabriel Parmer, Rahul Simha
EUROSEC
2016

‹
1
2
3
›

References

Showing 1-8 of 8 references

L4Android: a generic operating system framework for secure smartphones

Matthias Lange, Steffen Liebergeld, Adam Lackorzynski, Alexander Warg, Michael Peter
SPSM@CCS
2011

Disconnected Operation in the Coda File System

James J. Kistler, Mahadev Satyanarayanan
SOSP
1991

seL4: formal verification of an OS kernel

Gerwin Klein, Kevin Elphinstone, +10 authors Simon Winwood
SOSP
2009

Singularity: rethinking the software stack

Galen C. Hunt, James R. Larus
Operating Systems Review
2007

Extensibility, Safety and Performance in the SPIN Operating System

Brian N. Bershad, Stefan Savage, +5 authors Susan J. Eggers
SOSP
1995

Specification and Verification of the UCLA Unix Security Kernel

Bruce J. Walker, Richard A. Kemmerer, Gerald J. Popek
Commun. ACM
1980

The foundations of a provably secure operating system ( PSOS )

Richard J. Feiertag, Peter G. Neumann
1979

Presentations referencing similar topics
- Marcus Völp Constructing and Verifying Cyber Physical Systems Differential Invariants
  Marcus Völp + 1 • Nov 02, 2017
- Verifying information security of dynamic, decentralized systems
  Andrew Myers • Aug 10, 2018
- Formal verification of security protocols
  Ansuman Banerjee • Oct 11, 2017
- Show More