Verified Protection Model of the seL4 Microkernel

Authors:
Dhammika Elkaduwe;Gerwin Klein;Kevin Elphinstone
Affiliations:
NICTA and University of New South Wales, Sydney, Australia;NICTA and University of New South Wales, Sydney, Australia;NICTA and University of New South Wales, Sydney, Australia
Venue:
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
Year:
2008

Citing 11
Cited 8

On micro-kernel construction

SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
EROS: a fast capability system

Proceedings of the seventeenth ACM symposium on Operating systems principles
A Linear Time Algorithm for Deciding Subject Security

Journal of the ACM (JACM)
Conspiracy and information flow in the Take-Grant protection model

Journal of Computer Security
Protection in operating systems

Communications of the ACM
Programming semantics for multiprogrammed computations

Communications of the ACM
The transfer of information and authority in a protection system

SOSP '79 Proceedings of the seventh ACM symposium on Operating systems principles
KeyKOS architecture

ACM SIGOPS Operating Systems Review
Running the manual: an approach to high-assurance microkernel development

Proceedings of the 2006 ACM SIGPLAN workshop on Haskell
Towards a practical, verified kernel

HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Secure Microkernels, State Monads and Scalable Refinement

TPHOLs '08 Proceedings of the 21st International Conference on Theorem Proving in Higher Order Logics

Preemption Abstraction

FMICS '09 Proceedings of the 14th International Workshop on Formal Methods for Industrial Critical Systems
capDL: a language for describing capability-based systems

Proceedings of the first ACM asia-pacific workshop on Workshop on systems
Towards proving security in the presence of large untrusted components

SSV'10 Proceedings of the 5th international conference on Systems software verification
Formally verifying isolation and availability in an idealized model of virtualization

FM'11 Proceedings of the 17th international conference on Formal methods
seL4 enforces integrity

ITP'11 Proceedings of the Second international conference on Interactive theorem proving
Analysing the information flow properties of object-capability patterns

FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
A formally verified OS kernel. now what?

ITP'10 Proceedings of the First international conference on Interactive Theorem Proving
On Building Constructive Formal Theories of Computation Noting the Roles of Turing, Church, and Brouwer

LICS '12 Proceedings of the 2012 27th Annual IEEE/ACM Symposium on Logic in Computer Science

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a machine-checked high-level security analysis of seL4--an evolution of the L4 kernel series targeted to secure, embedded devices. We provide an abstract specification of the seL4 access control system together with a formal proof that shows how confined subsystems can be enforced. All proofs and specifications in this paper are developed in the interactive theorem prover Isabelle/HOL.