Isabelle and Security

Some aspects of Unix file-system security

Unix is a simple but powerful system where everything is either a process or a file. Access to system resources works mainly via the filesystem, including special files and devices. Most Unix security issues are reflected directly within the file-system. We give a mathematical model of the main aspects of the Unix file-system including its security model, but ignoring processes. Within this for...

Proposal for a Master ’ s thesis Formalizing Constructive Security Statements in Isabelle

Verifying Security Policies Using Host Attributes

For the formal verification of a network security policy, it is crucial to express the verification goals. These formal goals, called security invariants, should be easy to express for the end user. Focusing on access control and information flow security strategies, this work discovers and proves universal insights about security invariants. This enables secure and convenient auto-completion o...

More SPASS with Isabelle - Superposition with Hard Sorts and Configurable Simplification

Sledgehammer for Isabelle/HOL integrates automatic theorem provers to discharge interactive proof obligations. This paper considers a tighter integration of the superposition prover SPASS to increase Sledgehammer’s success rate. The main enhancements are native support for hard sorts (simple types) in SPASS, simplification that honors the orientation of Isabelle simp rules, and a pair of clause...

Integrating Automated and Interactive Protocol Verification

A number of current automated protocol verification tools are based on abstract interpretation techniques and other over-approximations of the set of reachable states or traces. The protocol models that these tools employ are shaped by the needs of automated verification and require subtle assumptions. Also, a complex verification tool may suffer from implementation bugs so that in the worst ca...