Operating system in intelligent transportation systems (ITSs) is a complex software system whose correctness and security are not obvious. There are advances in formal description and verification of operating systems in ITSs recently and they mainly focus on bottom-up proofs in which the source codes satisfy certain expected properties expressed by logic formulae. In this paper, we propose a layered object model for operating systems in ITSs. This model includes functionality layer, refinement layer and concrete layer. We consider the operating system object model as a logic system ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$L)$</tex-math> </inline-formula> with variables representing the objects of <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$L$</tex-math> </inline-formula> , and a series of logic formulae for security and functional configurations in security of ITSs. We establish a mathematical structure as a domain of discourse for operating system in ITSs and accordingly, construct a mapping from operating system objects to the domain. In this way, we propose a formal method to verify the operating system security properties and configurations in ITSs. We use the virtual memory management part of our self-designed operating system VSOS as an example to illustrate the model and show that the claimed security properties can be rigorously proven for ITSs. The evaluation and verification of VSOS indicate that the proposed model implementation is feasible and achieves the security goals.
Read full abstract