Formal Verification of Information Flow Security for a Simple ARM-Based Separation Kernel

Dam, Mads and Guanciale, Roberto and Khakpour, Narges and Nemati, Hamed and Schwarz, Oliver (2013) Formal Verification of Information Flow Security for a Simple ARM-Based Separation Kernel. In: 2013 ACM SIGSAC conference on computer & communications security, Berlin, Germany.

PDF - Accepted Version

Official URL:


A separation kernel simulates a distributed environment using a single physical machine by executing partitions in isolation and appropriately controlling communication among them. We present a formal verification of information flow security for a simple separation kernel for ARMv7. Previous work on information flow kernel security leaves communication to be handled by model-external means, and cannot be used to draw conclusions when there is explicit interaction between partitions. We propose a different approach where communication between partitions is made explicit and the information flow is analyzed in the presence of such a channel. Limiting the kernel functionality as much as meaning-fully possible, we accomplish a detailed analysis and verification of the system, proving its correctness at the level of the ARMv7 assembly. As a sanity check we show how the security condition is reduced to noninterference in the special case where no communication takes place. The verification is done in HOL4 taking the Cambridge model of ARM as basis, transferring verification tasks on the actual assembly code to an adaptation of the BAP binary analysis tool developed at CMU.

Item Type:Conference or Workshop Item (Paper)
Uncontrolled Keywords:Formal verification; Information Flow Security; Separation Kernel; Hypervisor
ID Code:5602
Deposited By:Oliver Schwarz
Deposited On:19 Nov 2013 15:58
Last Modified:10 Dec 2013 14:32

Repository Staff Only: item control page