A Linear Time Algorithm for Deciding Subject Security
Journal of the ACM (JACM)
Specification and verification of the UCLA Unix security kernel
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
ACM SIGOPS Operating Systems Review
Verifying the EROS Confinement Mechanism
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Verifying information flow goals in security-enhanced Linux
Journal of Computer Security - Special issue on WITS'03
Verified Protection Model of the seL4 Microkernel
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
Secure Microkernels, State Monads and Scalable Refinement
TPHOLs '08 Proceedings of the 21st International Conference on Theorem Proving in Higher Order Logics
Operating System Security
Noninterference for a Practical DIFC-Based Operating System
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
A Verified Shared Capability Model
Electronic Notes in Theoretical Computer Science (ENTCS)
Towards proving security in the presence of large untrusted components
SSV'10 Proceedings of the 5th international conference on Systems software verification
Analysing the information flow properties of object-capability patterns
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Large-scale formal verification in practice: a process perspective
Proceedings of the 34th International Conference on Software Engineering
Extensible specifications for automatic re-use of specifications and proofs
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Noninterference for operating system kernels
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
Translation validation for a verified OS kernel
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
RapiLog: reducing system complexity through verification
Proceedings of the 8th ACM European Conference on Computer Systems
Building high assurance secure applications using security patterns for capability-based platforms
Proceedings of the 2013 International Conference on Software Engineering
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
From L3 to seL4 what have we learnt in 20 years of L4 microkernels?
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
Towards a verified component platform
Proceedings of the Seventh Workshop on Programming Languages and Operating Systems
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
| Hi-index | 0.00 |
We prove that the seL4 microkernel enforces two high-level access control properties: integrity and authority confinement. Integrity provides an upper bound on write operations. Authority confinement provides an upper bound on how authority may change. Apart from being a desirable security property in its own right, integrity can be used as a general framing property for the verification of user-level system composition. The proof is machine checked in Isabelle/HOL and the results hold via refinement for the C implementation of the kernel.