A Linear Time Algorithm for Deciding Subject Security
Journal of the ACM (JACM)
Programming semantics for multiprogrammed computations
Communications of the ACM
ACM SIGOPS Operating Systems Review
Eros: a capability system
Robust composition: towards a unified approach to access control and concurrency control
Robust composition: towards a unified approach to access control and concurrency control
Verified Protection Model of the seL4 Microkernel
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
The L4.verified project: next steps
VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Towards proving security in the presence of large untrusted components
SSV'10 Proceedings of the 5th international conference on Systems software verification
From a verified kernel towards verified systems
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
From a proven correct microkernel to trustworthy large systems
FoVeOOS'10 Proceedings of the 2010 international conference on Formal verification of object-oriented software
Towards a verified component platform
Proceedings of the Seventh Workshop on Programming Languages and Operating Systems
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
Hi-index | 0.00 |
Capabilities provide an access control model that can be used to construct systems where safety of protection can be precisely determined. However, in order to be certain of the security provided by such systems it is necessary to verify that their capability distributions do in fact fulfil requirements relating to isolation and information flow, and that there is a direct connection to the actual capability distribution in the system. We claim that, in order to do this effectively, systems need to have explicit descriptions of their capability distributions. In this paper we present the capDL capability distribution language for the capability-based seL4 microkernel. We present the capDL model, its main features and their motivations, and provide a small example to illustrate the language syntax and semantics. CapDL plays a key role in our approach to development, analysis, and verification of trustworthy systems.