A Formal Approach to Design and Security Verification of Operating Systems for Intelligent Transportation Systems Based on Object Model
Pages 15459 - 15467
Abstract
Operating system in intelligent transportation systems (ITSs) is a complex software system whose correctness and security are not obvious. There are advances in formal description and verification of operating systems in ITSs recently and they mainly focus on bottom-up proofs in which the source codes satisfy certain expected properties expressed by logic formulae. In this paper, we propose a layered object model for operating systems in ITSs. This model includes functionality layer, refinement layer and concrete layer. We consider the operating system object model as a logic system (<inline-formula> <tex-math notation="LaTeX">$L$ </tex-math></inline-formula>) with variables representing the objects of <inline-formula> <tex-math notation="LaTeX">$L$ </tex-math></inline-formula>, and a series of logic formulae for security and functional configurations in security of ITSs. We establish a mathematical structure as a domain of discourse for operating system in ITSs and accordingly, construct a mapping from operating system objects to the domain. In this way, we propose a formal method to verify the operating system security properties and configurations in ITSs. We use the virtual memory management part of our self-designed operating system VSOS as an example to illustrate the model and show that the claimed security properties can be rigorously proven for ITSs. The evaluation and verification of VSOS indicate that the proposed model implementation is feasible and achieves the security goals.
References
[1]
W. Xu, J. Li, J. Shu, and W. Yang, “From collision to exploitation: Unleashing use-after-free vulnerabilities in Linux kernel,” in Proc. CCS, Denver, CO, USA, 2015, pp. 414–425.
[2]
Q. A. Chen, Z. Qian, Y. J. Jia, Y. Shao, and Z. M. Mao, “Static detection of packet injection vulnerabilities: A case for identifying attacker-controlled implicit information leaks,” in Proc. 22nd ACM SIGSAC Conf. Comput. Commun. Secur., Denver, CO, USA, Oct. 2015, pp. 388–400.
[3]
Y. Jang, S. Lee, and T. Kim, “Breaking kernel address space layout randomization with Intel TSX,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., Vienna, Austria, Oct. 2016, pp. 380–392.
[4]
Z. Tan, C. Wang, C. Yan, M. Zhou, and C. Jiang, “Protecting privacy of location-based services in road networks,” IEEE Trans. Intell. Transp. Syst., vol. 22, no. 10, pp. 6435–6448, Oct. 2021.
[5]
S. Ghane, A. Jolfaei, L. Kulik, K. Ramamohanarao, and D. Puthal, “Preserving privacy in the internet of connected vehicles,” IEEE Trans. Intell. Transp. Syst., vol. 22, no. 8, pp. 5018–5027, Aug. 2021.
[6]
W. F. Wuet al., “A survey of intrusion detection for in-vehicle networks,” IEEE Trans. Intell. Transp. Syst., vol. 21, no. 3, pp. 919–933, Mar. 2020.
[7]
B. J. Walker, R. A. Kemmerer, and G. J. Popek, “Specification and verification of the UCLA unix security kernel (extended abstract),” in Proc. 7th Symp. Operating Syst. Princ. (SOSP), New York, NY, USA, 1979, pp. 64–65.
[8]
W. R. Bevier, “A verified operating system kernel,” Computational Logic Inc., Austin, TX, USA, Tech. Rep. 11, Nov. 1987.
[9]
GNU. Coyotos Website. Accessed: Nov. 5, 2021. [Online]. Available: https://www.gnu.org/software/hurd/microkernel/coyotos.html
[10]
G. Heiser and K. Elphinstone, “L4 microkernels: The lessons from 20 years of research and deployment,” ACM Trans. Comput. Syst., vol. 34, no. 1, pp. 1–29, Apr. 2016.
[11]
K. Elphinstone and G. Heiser, “From L3 to seL4—What have we learnt in 20 years of L4 microkernels?” in Proc. SOSP, Farmington, PA, USA, 2013, pp. 133–150.
[12]
Yale University. Yale Flint Project. Accessed: Nov. 5, 2021. [Online]. Available: https://flint.cs.yale.edu/
[13]
B. F. Adiegoet al., “Applying model checking to industrial-sized PLC programs,” IEEE Trans. Ind. Informat., vol. 11, no. 6, pp. 1400–1410, Dec. 2015.
[14]
I. Buzhinsky and V. Vyatkin, “Automatic inference of finite-state plant models from traces and temporal properties,” IEEE Trans. Ind. Informat., vol. 13, no. 4, pp. 1521–1530, Aug. 2017.
[15]
Y. Zhao, D. Sanan, F. Zhang, and Y. Liu, “Formal specification and analysis of partitioning operating systems by integrating ontology and refinement,” IEEE Trans. Ind. Informat., vol. 12, no. 4, pp. 1321–1331, Aug. 2016.
[16]
J. Shapiro, M. S. Doerrie, E. Northup, and M. Miller, “Towards a verified, general-purpose operating system kernel,” in Proc. 1st NICTA Workshop Operating Syst. Verification, 2004, pp. 1–19.
[17]
J. S. Shapiro, J. M. Smith, and D. J. Farber, “EROS: A fast capability system,” Operating Syst. Rev., vol. 34, no. 5, pp. 170–185, Dec. 1999.
[18]
M. Dahlweid, M. Moskal, T. Santen, S. Tobies, and W. Schulte, “VCC: Contract-based modular verification of concurrent C,” in Proc. ICSE, Vancouver, BC, Canada, 2009, pp. 429–430.
[19]
D. Leinenbach and T. Santen, “Verifying the Microsoft hyper-V hypervisor with VCC,” in Proc. Int. Symp. Formal Methods, Eindhoven, The Netherlands, 2009, pp. 806–809.
[20]
M. Moskal, T. Santen, and W. Schulte, “VCC: A practical system for verifying concurrent C,” in Proc. Int. Conf. Theorem Proving Higher Order Logics, Munich, Germany, 2009, pp. 23–42.
[21]
G. Kleinet al., “Comprehensive formal verification of an OS microkernel,” ACM Trans. Comput. Syst., vol. 32, no. 1, pp. 1–70, Jan. 2014.
[22]
T. Nipkow, L. C. Paulson, and M. Wenzel, Isabelle/HOL: A Proof Assistant for Higher-Order Logic, vol. 2283. Berlin, Germany: Springer, 2002.
[23]
G. Heiser, G. Klein, and J. Andronick, “SeL4 in Australia: From research to real-world trustworthy systems,” Commun. ACM, vol. 63, no. 4, pp. 72–75, Apr. 2020.
[24]
G. Heiser, T. Murray, and G. Klein, “Towards provable timing-channel prevention,” ACM SIGOPS Operating Syst. Rev., vol. 54, no. 1, pp. 1–7, Aug. 2020.
[25]
G. Klein, J. Andronick, M. Fernandez, I. Kuz, T. Murray, and G. Heiser, “Formally verified software in the real world,” Commun. ACM, vol. 61, no. 10, pp. 68–77, Sep. 2018.
[26]
A. Stampoulis, “VeriML: A dependently-typed, user-extensible, and language-centric approach to proof assistant,” Ph.D. dissertation, Dept. Comput. Sci., Yale Univ., New Haven, CT, USA, 2012.
[27]
M. Liuet al., “Virtual timeline: A formal abstraction for verifying preemptive schedulers with temporal isolation,” in Proc. POPL, New Orleans, LA, USA, 2020, pp. 1–31.
[28]
J. Shinet al., “WormSpace: A modular foundation for simple, verifiable distributed systems,” in Proc. SOCC, Santa Cruz, CA, USA, 2019, pp. 299–311.
[29]
V. Sjöberg, Y. Sang, S. Weng, and Z. Shao, “DeepSEA: A language for certified system software,” in Proc. OOPSLA, Athens, Greece, 2019, pp. 1–27.
[30]
W. Honore, J. Kim, J. Y. Shin, and Z. Shao, “Much ADO about failures: A fault-aware model for compositional verification of strongly consistent distributed systems,” in Proc. OOPSLA, Chicago, IL, USA, 2021, pp. 1–31.
[31]
M. K. Yoon, M. Liu, H. Chen, J. E. Kim, and Z. Shao, “Blinder: Partition-oblivious hierarchical scheduling,” in Proc. 30th USENIX Secur., 2021, pp. 2417–2434.
[32]
J. Koenig and Z. Shao, “CompCertO: Compiling certified open C components,” in Proc. 42nd ACM SIGPLAN Int. Conf. Program. Lang. Design Implement., Jun. 2021, pp. 1095–1109.
[33]
X. Guo, M. Lesourd, M. Liu, L. Rieg, and Z. Shao, “Integrating formal schedulability analysis into a verified OS kernel,” in Proc. CAV, New York, NY, USA, 2019, pp. 496–514.
[34]
Y. Wang, P. Wilke, and Z. Shao, “An abstract stack based approach to verified compositional compilation to machine code,” in Proc. POPL, Lisbon, Portugal, 2019, pp. 1–30.
[35]
R. Guet al., “Building certified concurrent OS kernels,” Commun. ACM, vol. 62, no. 10, pp. 89–99, Oct. 2019.
[36]
R. Guet al., “Certified concurrent abstraction layers,” in Proc. PLDI, Philadelphia, PA, USA, 2018, pp. 646–661.
[37]
H. Jiang, H. Liang, S. Xiao, J. Zha, and X. Feng, “Towards certified separate compilation for concurrent programs,” in Proc. 40th ACM SIGPLAN Conf. Program. Lang. Design Implement., Phoenix, AZ, USA, Jun. 2019, pp. 111–125.
[38]
H. Liang and X. Feng, “Progress of concurrent objects with partial methods,” in Proc. POPL, Los Angeles, CA, USA, 2018, pp. 1–31.
[39]
H. Liang and X. Feng, “A program logic for concurrent objects under fair scheduling,” in Proc. 43rd Annu. ACM SIGPLAN-SIGACT Symp. Princ. Program. Lang., Petersburg, FL, USA, Jan. 2016, pp. 385–399.
[40]
F. Xu, M. Fu, X. Feng, X. Zhang, H. Zhang, and Z. Li, “A practical verification framework for preemptive OS kernels,” in Proc. CAV, Toronto, ON, Canada, 2016, pp. 59–79.
Index Terms
- A Formal Approach to Design and Security Verification of Operating Systems for Intelligent Transportation Systems Based on Object Model
Index terms have been assigned to the content through auto-classification.
Recommendations
Survey of the Formal Verification of Operating Systems in Power Monitoring System
PRIS '23: Proceedings of the 2023 5th International Conference on Pattern Recognition and Intelligent SystemsThe formal verification of the operating systems in power monitoring system is an important means to ensure the security of the operating system in power monitoring system. This paper introduces the verification principles and framework of formal ...
A model for verification of data security in operating systems
Program verification applied to kernel architectures forms a promising method for providing uncircumventably secure, shared computer systems. A precise definition of data security is developed here in terms of a general model for operating systems. This ...
Verification approach of metropolis design framework for embedded systems
In this paper, we focus on the verification approach of Metropolis, an integrated design framework for heterogeneous embedded systems. The verification approach is based on the formal properties specified in Linear Temporal Logic (LTL) or Logic of ...
Comments
Information & Contributors
Information
Published In
1558-0016 © 2022 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.
Publisher
IEEE Press
Publication History
Published: 29 November 2022
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 09 Nov 2024
Other Metrics
Citations
Cited By
View allView Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in