capDL: a language for describing capability-based systems

Authors:
Ihor Kuz;Gerwin Klein;Corey Lewis;Adam Walker
Affiliations:
NICTA and University of New South Wales, Sydney, Australia;NICTA and University of New South Wales, Sydney, Australia;NICTA and University of New South Wales, Sydney, Australia;NICTA and University of New South Wales, Sydney, Australia
Venue:
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
Year:
2010

Citing 7
Cited 6

A Linear Time Algorithm for Deciding Subject Security

Journal of the ACM (JACM)
Programming semantics for multiprogrammed computations

Communications of the ACM
KeyKOS architecture

ACM SIGOPS Operating Systems Review
Eros: a capability system

Eros: a capability system
Robust composition: towards a unified approach to access control and concurrency control

Robust composition: towards a unified approach to access control and concurrency control
Verified Protection Model of the seL4 Microkernel

VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
seL4: formal verification of an OS kernel

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles

The L4.verified project: next steps

VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Towards proving security in the presence of large untrusted components

SSV'10 Proceedings of the 5th international conference on Systems software verification
From a verified kernel towards verified systems

APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
From a proven correct microkernel to trustworthy large systems

FoVeOOS'10 Proceedings of the 2010 international conference on Formal verification of object-oriented software
Towards a verified component platform

Proceedings of the Seventh Workshop on Programming Languages and Operating Systems
Comprehensive formal verification of an OS microkernel

ACM Transactions on Computer Systems (TOCS)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Capabilities provide an access control model that can be used to construct systems where safety of protection can be precisely determined. However, in order to be certain of the security provided by such systems it is necessary to verify that their capability distributions do in fact fulfil requirements relating to isolation and information flow, and that there is a direct connection to the actual capability distribution in the system. We claim that, in order to do this effectively, systems need to have explicit descriptions of their capability distributions. In this paper we present the capDL capability distribution language for the capability-based seL4 microkernel. We present the capDL model, its main features and their motivations, and provide a small example to illustrate the language syntax and semantics. CapDL plays a key role in our approach to development, analysis, and verification of trustworthy systems.