Verification of the IBOS Browser Security Properties in Reachability Logic
This work addresses security verification for browser operating systems, which is incremental as it applies existing formal methods to a specific system.
The paper tackles the formal verification of security properties, including the same-origin policy, for the Illinois Browser Operating System (IBOS) by specifying it in rewriting logic and using a constructor-based reachability logic theorem prover to deductively verify these properties, highlighting modularity principles that enabled scaling the verification effort.
This paper presents a rewriting logic specification of the Illinois Browser Operating System (IBOS) and defines several security properties, including the same-origin policy (SOP) in reachability logic. It shows how these properties can be deductively verified using our constructor-based reachability logic theorem prover. This paper also highlights the reasoning techniques used in the proof and three modularity principles that have been crucial to scale up and complete the verification effort.