A Formal Approach to Design and Security Verification of Operating Systems for Intelligent Transportation Systems Based on Object Model

Operating system in intelligent transportation systems (ITSs) is a complex software system whose correctness and security are not obvious. There are advances in formal description and verification of operating systems in ITSs recently and they mainly focus on bottom-up proofs in which the source codes satisfy certain expected properties expressed by logic formulae. In this paper, we propose a layered object model for operating systems in ITSs. This model includes functionality layer, refinement layer and concrete layer. We consider the operating system object model as a logic system ( $L)$ with variables representing the objects of $L$ , and a series of logic formulae for security and functional configurations in security of ITSs. We establish a mathematical structure as a domain of discourse for operating system in ITSs and accordingly, construct a mapping from operating system objects to the domain. In this way, we propose a formal method to verify the operating system security properties and configurations in ITSs. We use the virtual memory management part of our self-designed operating system VSOS as an example to illustrate the model and show that the claimed security properties can be rigorously proven for ITSs. The evaluation and verification of VSOS indicate that the proposed model implementation is feasible and achieves the security goals.