Software Separation in Measuring Instruments through Security Concepts and Separation Kernels

Refinement-based Specification and Security Analysis of Separation Kernels

Assurance of information-flow security by formal methods is mandated in security certification of separation kernels. As an industrial standard for improving safety, ARINC 653 has been complied with by mainstream separation kernels. Due to the new trend of integrating safe and secure functionalities into one separation kernel, security analysis of ARINC 653 as well as a formal specification wit...

Least Privilege in Separation Kernels

We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal, finer-grained flow control policy by extending the protection of elements to subjects and resources, as well as blocks, within a partitioned system. We...

Separation Kernels on Commodity Workstations

Achieving Software Security for Measuring Instruments under Legal Control

In recent years measuring instruments have adopted general-purpose operating systems to offer the user a broader functionality that is not necessarily restricted towards measurement alone. Additionally the trend to the internet of things from which measuring instruments are not immune, e.g. smart meters and traffic enforcement cameras just to name a few, brings forth security questions. In this...

Separation of Concerns for Security

Writing secure code is something most developers know little about. As a result, software vulnerabilities are quite common. We postulate that, by isolating security as a separate concern, this problem can be al-