Rushby, J., "Kernels for Safety?," in Safe and Secure Computing Systems, T. Anderson Ed., Blackwell Scientific Publications, 1989, pp. 210-220.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....with the most critical component, the security kernel, occupying the lowest level. A safety hierarchy could also incorporate criticality with the most critical properties enforced at the lowest levels. Rushby has made the strongest theoretical argument for the development of a safety kernel [9]. In the process, he has more clearly defined the role of a safety kernel. Rushby considers whether the concept of a small component that guarantees the enforcement of some system policy (typically security) could be applied to safety critical software systems. He observes that kernel structures ....

Rushby, J., "Kernels for Safety?," in Safe and Secure Computing Systems, T. Anderson Ed., Blackwell Scientific Publications, 1989, pp. 210-220.

.... in the specification [20, 22] or by searching an abstraction that only contains information relevant to the property being checked [21, 35] Using compositional model checking methodologies [13, 29] one can verify that a property is a theorem of part of a specification (e.g. a safety kernel [24, 33]) and infer that the property is theorem of the entire specification. To test the feasibility of model checking non trivial specifications, we used McMillan s Symbolic Model Verifier (SMV) 6, 27] to model check the software requirements of the A 7E aircraft [1] The A 7E requirements were ....

J. Rushby. "Kernels for Safety?". In T. Anderson, editor, Safe and Secure Computing Systems, chapter 13, pages 210--220. Blackwell Scientific Publications, 1989.

....kernel, a concept directly analogous to the security kernel used in security applications. Security kernels have been covered extensively in the literature and have been implemented with a number of systems [2,15,22,45] Safety kernels, on the other hand, have been proposed by a number of groups [33,38,44], but the development of the safety kernel concept has been limited and to the best of our knowledge, none of the proposed systems has been implemented. Given the relative novelty of the idea, the goal of this research is to develop the safety kernel concept and evaluate its feasibility in four ....

....and safety concerns is considerable [4] Security kernels are used to enforce access control policies in classified information systems. The idea of trying to exploit this technique to implement safety rather than security, i.e. the concept of a more general safety kernel, was proposed by Rushby [33,44], among others. A security kernel (sometimes referred to as a reference monitor) is in a position to enforce security policies because it controls all access to secure information and it can therefore monitor all references to that information. A safety kernel will exercise similar control over ....

[Article contains additional citation context not shown here]

Rushby, J., "Kernels for Safety?," in Safe and Secure Computing Systems, T. Anderson Ed. (Blackwell Scientific Publications, 1989) pp. 210-220.

....fundamental system services such as scheduling, fault tolerance and handling hardware devices 1 . A safety policy is a requirement used to control particular functionality, normally for the purpose of policing certain hazards. The original concept of the safety kernel was introduced by Rushby [25]. Rushby states the benefit of the safety kernel philosophy, rather than embedding the functionality into the application, is that the kernel is small enough to be produced to a much more rigorous standard, for example using formal methods. The philosophy allows a powerful argument that can be ....

....complex systems as demonstrated in Chapter 8. This section presents a simulation based investigation considered appropriate and realistic, and the results obtained. Simulations have been performed with purely pseudo random task set characteristics with a realistic range for the iteration rate of [25, 1000]. Due to the typical sizes of the least common multiple (which can be as large as 1000 Number of Tasks ) the computational complexity did not allow any form of comparison to be carried out. Therefore, the analysis was rationalised to task set characteristics that could be expected and feasibly ....

J. Rushby, "Kernel for safety?," in Safe & Secure Computing Systems (A. T., ed.), 1989.

....since many applications can continue to operate and maintain status information during gaps in communications. It may seem that a security management system that manages a trusted application should go through the same rigorous testing and analysis as the primary security application. Rushby [10] indicates a security kernel must have access to and control over the vital security features of a system and must maintain secure attributes in spite of any possible sequence of operations. If the security management application enforces security, it and all related infrastructure would have to ....

John Rushby, "Kernels for Safety?", Safe and Secure Computing Systems, pp. 210-220, Blackwell Scientific Publications, 1989.

No context found.

J. Rushby, "Kernels for Safety?" in Safe and Secure Computing Systems, T. Anderson, ed., Blackwell Science Inc., Boston, 1989, pp. 210-220.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC