PSOS revisited

Neumann, Peter G.; Feiertag, Richard J.

doi:10.1109/csac.2003.1254326

Cited by 30 publications

(24 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The assumption, based on the concepts articulated in the PSOS research [6], was that each layer would be verified to correctly implement a specification using code in its own layer that invoked services provided by lower layers. Verification of each layer would lead to verification of the entire system.…”

Section: Verification Of Assurancementioning

confidence: 99%

“…By 1981, several government-sponsored research projects had attempted to build highassurance operating systems [5,6,7]. Some had been cancelled while others continued to subsist on government research funding.…”

Section: Introductionmentioning

confidence: 99%

“…By 1981, Dijkstra's THE Multiprogramming System [9] and MITRE's Venus system had applied layering as a way to build a reliable system. The PSOS project at SRI [6] had proposed (but not implemented) a layered architecture that would support formal verification of the end system, and the USAF Multics Guardian project had intended to build a layered system before its cancellation. Several projects under Roger Schell (the leader of Project Guardian) at the Naval Postgraduate School (NPS) had successfully implemented layered security kernel prototypes.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Lessons from VAX/SVS for High Assurance VM Systems

Lipner

Jaeger

Zurko

2012

IEEE Secur. Privacy Mag.

View full text Add to dashboard Cite

VAX/SVS was a high assurance virtual machine monitor (VMM) project, documented in several published papers from the 1990's. We take a look back, extracting the most pertinent lessons from that work for today. These lessons cover reference monitor architectural principles, approaches to verifiable and tamperproof access control, the benefits of layering, the impacts of minimization and verification, and the business reasons behind its cancellation as a product.

show abstract

Section: Verification Of Assurancementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Lessons from VAX/SVS for High Assurance VM Systems

Lipner

Jaeger

Zurko

2012

IEEE Secur. Privacy Mag.

View full text Add to dashboard Cite

show abstract

“…The machines are records pm = (pc, dpc, gpr, spr, m) with the following components: (i) the normal pm.pc ∈ B 32 and the delayed pm.dpc ∈ B 32 program counters used to implement the delayed branch mechanism, (ii) the general purpose register file pm.gpr ∈ B 5 → B 32 , and the special purpose register file pm.spr ∈ SAP → B 32 , and (iii) the byte addressable physical memory pm.m ∈ PMA → B 8 . We demand SAP to contain the following addresses: (i) mode, for the mode register, and (ii) pto and ptl, for the page [11], and the protected bit p(pm, va) = pte(pm, va) [10]. Concatenation of the physical page index and the byte index yields the physical memory address pma(pm, va) = ppx(pm, va) • bx (va).…”

Section: Physical Machine Specificationmentioning

confidence: 99%

“…Hillebrand [7] presents paper and pencil formalisations and proofs for memory virtualisation. First attempts to use theorem provers to specify and even prove correct operating systems were made as early as the seventies in PSOS [11] and UCLA Secure Unix [16]. However a missing or to a large extend underdeveloped tool environment made mechanized verification futile.…”

Section: Introductionmentioning

confidence: 99%

Formal Pervasive Verification of a Paging Mechanism

Alkassar

Schirmer

Starostin

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

Abstract. Memory virtualization by means of demand paging is a crucial component of every modern operating system. The formal verification is challenging since reasoning about the page fault handler has to cover two concurrent computational sources: the processor and the hard disk. We accurately model the interleaved executions of devices and the page fault handler, which is written in a high-level programming language with inline assembler portions. We describe how to combine results from sequential Hoare logic style reasoning about the page fault handler on the low-level concurrent machine model. To the best of our knowledge this is the first example of pervasive formal verification of software communicating with devices.

show abstract

Securing Current and Future Process Control Systems

Cunningham

Cheung

Fong

et al.

IFIP International Federation for Information Processing

View full text Add to dashboard Cite

Process control systems (PCSs) are instrumental to the safe, reliable and efficient operation of many critical infrastructure components. However, PCSs increasingly employ commodity information technology (IT) elements and are being connected to the Internet. As a result, they have inherited IT cyber risks, threats and attacks that could affect the safe and reliable operation of infrastructure components, adversely affecting human safety and the economy. This paper focuses on the problem of securing current and future PCSs, and describes tools that automate the task. For current systems, we advocate specifying a policy that restricts control network access and verifying its implementation. We further advocate monitoring the control network to ensure policy implementation and verify that network use matches the design specifications. For future process control networks, we advocate hosting critical PCS software on platforms that tolerate malicious activity and protect PCS processes, and testing software with specialized tools to ensure that certain classes of vulnerabilities are absent prior to shipping.

show abstract

PSOS revisited

Cited by 30 publications

References 27 publications

Lessons from VAX/SVS for High Assurance VM Systems

Lessons from VAX/SVS for High Assurance VM Systems

Formal Pervasive Verification of a Paging Mechanism

Securing Current and Future Process Control Systems

Contact Info

Product

Resources

About