Kernels for Safety?

John Rushby

From Safe and Secure Computing Systems, Chapter 13. Edited by T. Anderson. Blackwell Scientific Publications. 1989. Pages 210-220.


Secure systems are often built around a "security kernel"--a relatively small and simple component that guarantees the security of the overall system. In this paper we ask whether this approach can be used to ensure system properties other than security---in particular, we are interested in whether "safety" properties can be handled in this way. Our conclusion is that kernelized system structures can provide rigorous guarantees that certain faults of commission will not occur. We give a more precise characterization in terms of the formal statement that can be asserted for a kernelized system and we outline an approach to system design that uses these insights and draws on experience with secure systems in order guarantee certain safety properties.

gzipped postscript, or plain postscript or pdf or crude ascii (for your Palm Pilot)

BibTeX Entry

	AUTHOR = {John Rushby},
	TITLE = {Kernels for Safety?},
	BOOKTITLE = {Safe and Secure Computing Systems},
	PUBLISHER = {Blackwell Scientific Publications},
	YEAR = 1989,
	EDITOR = {T. Anderson},
	CHAPTER = 13,
	PAGES = {210--220},
	NOTE = {(Proceedings of a Symposium held in Glasgow, October 1986)}

Having trouble reading our papers?
Return to the Formal Methods Program home page
Return to the Computer Science Laboratory home page