Xenon Formal Security Policy Model

Abstract: Standard Form 298 (Rev. 8-98)Prescribed by ANSI Std. Z39.18Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Xenon is a high-assurance virtual machine monitor based on the Xen open-source hypervisor. We model the Xenon high-assurance virtual machine monitor's security policy … Show more

“…For higher-assurance, the principle of least privilege is applied at the granularity of individual operations. Privilege for Xenon is defined with respect to the Xenon formal security policy model (McDermott et al, 2007). The policy is a two-part policy that defines both separation and allowable sharing.…”

“…For a more detailed explanation of the formal security policy model and its correspondence demonstration, see the NRL Memorandum Report (McDermott et al, 2007).…”

Re-engineering Xen internals for higher-assurance security

“…For higher-assurance, the principle of least privilege is applied at the granularity of individual operations. Privilege for Xenon is defined with respect to the Xenon formal security policy model (McDermott et al, 2007). The policy is a two-part policy that defines both separation and allowable sharing.…”

“…For a more detailed explanation of the formal security policy model and its correspondence demonstration, see the NRL Memorandum Report (McDermott et al, 2007).…”

Re-engineering Xen internals for higher-assurance security

“…In the Xenon project, we have defined a formal security policy [17] and we are constructing a formal specification of the hypervisor interface and its internal design. The formal security policy model uses the Circus formalism [18].…”

Fine-Grained Inspection for Higher-Assurance Software Security in Open Source

Formal Modelling of Separation Kernel Components