Towards proving security in the presence of large untrusted components

Authors:
June Andronick;David Greenaway;Kevin Elphinstone
Affiliations:
NICTA, UNSW;NICTA;NICTA, UNSW
Venue:
SSV'10 Proceedings of the 5th international conference on Systems software verification
Year:
2010

Citing 6
Cited 9

The Model Checker SPIN

IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Programming semantics for multiprogrammed computations

Communications of the ACM
Verified Protection Model of the seL4 Microkernel

VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
seL4: formal verification of an OS kernel

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
A Verified Shared Capability Model

Electronic Notes in Theoretical Computer Science (ENTCS)
capDL: a language for describing capability-based systems

Proceedings of the first ACM asia-pacific workshop on Workshop on systems

The road to trustworthy systems

Proceedings of the fifth ACM workshop on Scalable trusted computing
From a verified kernel towards verified systems

APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
From a proven correct microkernel to trustworthy large systems

FoVeOOS'10 Proceedings of the 2010 international conference on Formal verification of object-oriented software
What if you could actually trust your kernel?

HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Provable Security: how feasible is it?

HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
seL4 enforces integrity

ITP'11 Proceedings of the Second international conference on Interactive theorem proving
Verifying system integrity by proxy

TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Towards a verified component platform

Proceedings of the Seventh Workshop on Programming Languages and Operating Systems
Comprehensive formal verification of an OS microkernel

ACM Transactions on Computer Systems (TOCS)

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a generalized framework to build large, complex systems where security guarantees can be given for the overall system's implementation. The work builds on the formally proven correct seL4 micro-kernel and on its fine-grained access control. This access control mechanism allows large untrusted components to be isolated in a way that prevents them from violating a defined security property, leaving only the trusted components to be formally verified. The first steps of the approach are illustrated by the formalisation of a multi-level secure access device and a proof in Isabelle/HOL that information cannot flow from one back-end network to another.