Provable Security: how feasible is it?

Authors:
Gerwin Klein;Toby Murray;Peter Gammie;Thomas Sewell;Simon Winwood
Affiliations:
NICTA and University of New South Wales, Sydney, Australia;NICTA and University of New South Wales, Sydney, Australia;NICTA and University of New South Wales, Sydney, Australia;NICTA and University of New South Wales, Sydney, Australia;NICTA and University of New South Wales, Sydney, Australia
Venue:
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Year:
2011

Citing 8
Cited 4

Programming semantics for multiprogrammed computations

Communications of the ACM
Verifying the EROS Confinement Mechanism

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Putting it all together – Formal verification of the VAMP

International Journal on Software Tools for Technology Transfer (STTT) - A View from Formal Methods 2003 (pp 301-354); Special Section on Recent Advances in Hardware Verification (pp 355-447)
On Refinement-Closed Security Properties and Nondeterministic Compositions

Electronic Notes in Theoretical Computer Science (ENTCS)
seL4: formal verification of an OS kernel

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
A Verified Shared Capability Model

Electronic Notes in Theoretical Computer Science (ENTCS)
Towards proving security in the presence of large untrusted components

SSV'10 Proceedings of the 5th international conference on Systems software verification
What if you could actually trust your kernel?

HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems

What if you could actually trust your kernel?

HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Extensible specifications for automatic re-use of specifications and proofs

SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Noninterference for operating system kernels

CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
Comprehensive formal verification of an OS microkernel

ACM Transactions on Computer Systems (TOCS)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Strong, machine-checked security proofs of operating systems have been in the too hard basket long enough. They will still be too hard for large mainstream operating systems, but even for systems designed from the ground up for security they have been counted as infeasible. There are high-level formal models, nice security properties, ways of architecting and engineering secure systems, but no implementation level proofs yet, not even with the recent verification of the seL4 microkernel. This needs to change.