Communicating sequential processes
Communicating sequential processes
Extending the Noninterference Version of MLS for SAT
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Kit: A Study in Operating System Verification
IEEE Transactions on Software Engineering
Improving IPC by kernel design
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Communications of the ACM
Interface and execution models in the Fluke kernel
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Linux as a case study: its extracted software architecture
Proceedings of the 21st international conference on Software engineering
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
A Linear Time Algorithm for Deciding Subject Security
Journal of the ACM (JACM)
Specification and verification of the UCLA Unix security kernel
Communications of the ACM
The nucleus of a multiprogramming system
Communications of the ACM
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
Creating High Confidence in a Separation Kernel
Automated Software Engineering
Formal Construction of the Mathematically Analyzed Separation Kernel
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Analyzing Security-Enhanced Linux Policy Specifications
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Efficient microarchitecture modeling and path analysis for real-time software
RTSS '95 Proceedings of the 16th IEEE Real-Time Systems Symposium
Worst-Case Execution Time Analysis of the RTEMS Real-Time Operating System
ECRTS '01 Proceedings of the 13th Euromicro Conference on Real-Time Systems
Verifying the EROS Confinement Mechanism
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Scale and performance in the Denali isolation kernel
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Verifying information flow goals in security-enhanced Linux
Journal of Computer Security - Special issue on WITS'03
Formal certification of a compiler back-end or: programming a compiler with a proof assistant
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Running the manual: an approach to high-assurance microkernel development
Proceedings of the 2006 ACM SIGPLAN workshop on Haskell
Proceedings of the 13th ACM conference on Computer and communications security
Types, bytes, and separation logic
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proving that programs eventually do something good
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Language support for fast and reliable message-based communication in singularity OS
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
A robust machine code proof framework for highly secure applications
ACL2 '06 Proceedings of the sixth international workshop on the ACL2 theorem prover and its applications
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A logical specification and analysis for SELinux MLS policy
Proceedings of the 12th ACM symposium on Access control models and technologies
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Secure virtual architecture: a safe execution environment for commodity operating systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Chronos: A timing analyzer for embedded software
Science of Computer Programming
Applying Formal Methods to a Certifiably Secure Software System
IEEE Transactions on Software Engineering
The worst-case execution-time problem—overview of methods and survey of tools
ACM Transactions on Embedded Computing Systems (TECS)
Towards a practical, verified kernel
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
A Formal Model of Memory Peculiarities for the Verification of Low-Level Operating-System Code
Electronic Notes in Theoretical Computer Science (ENTCS)
Kernel design for isolation and assurance of physical memory
Proceedings of the 1st workshop on Isolation and integration in embedded systems
TPHOLs '08 Proceedings of the 21st International Conference on Theorem Proving in Higher Order Logics
Secure Microkernels, State Monads and Scalable Refinement
TPHOLs '08 Proceedings of the 21st International Conference on Theorem Proving in Higher Order Logics
Data Refinement: Model-Oriented Proof Methods and their Comparison
Data Refinement: Model-Oriented Proof Methods and their Comparison
Journal of Automated Reasoning
Formal Verification of C Systems Code
Journal of Automated Reasoning
A Survey of WCET Analysis of Real-Time Operating Systems
ICESS '09 Proceedings of the 2009 International Conference on Embedded Software and Systems
Experience report: seL4: formally verifying a high-performance microkernel
Proceedings of the 14th ACM SIGPLAN international conference on Functional programming
Noninterference for a Practical DIFC-Based Operating System
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Types, Maps and Separation Logic
TPHOLs '09 Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics
TPHOLs '09 Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
WCET Analysis of the mC/OS-II Real-Time Kernel
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 02
Verifying the Microsoft Hyper-V Hypervisor with VCC
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Hypervisors for consumer electronics
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
seL4: formal verification of an operating-system kernel
Communications of the ACM
NOVA: a microhypervisor-based secure virtualization architecture
Proceedings of the 5th European conference on Computer systems
Software verification with BLAST
SPIN'03 Proceedings of the 10th international conference on Model checking software
Isabelle/HOL: a proof assistant for higher-order logic
Isabelle/HOL: a proof assistant for higher-order logic
Using XCAP to certify realistic systems code: machine context management
TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
Formal pervasive verification of a paging mechanism
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Safe to the last instruction: automated verification of a type-safe operating system
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
capDL: a language for describing capability-based systems
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
Automated verification of a small hypervisor
VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Pervasive verification of an OS microkernel: inline assembly, memory consumption, concurrent devices
VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Towards proving security in the presence of large untrusted components
SSV'10 Proceedings of the 5th international conference on Systems software verification
Automated test case generation with SMT-solving and abstract interpretation
NFM'11 Proceedings of the Third international conference on NASA Formal methods
Provable Security: how feasible is it?
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Verifying shadow page table algorithms
Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design
Making information flow explicit in HiStar
Communications of the ACM
Formally verifying isolation and availability in an idealized model of virtualization
FM'11 Proceedings of the 17th international conference on Formal methods
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
Preliminary design of the SAFE platform
PLOS '11 Proceedings of the 6th Workshop on Programming Languages and Operating Systems
Static timing analysis of real-time operating system code
ISoLA'04 Proceedings of the First international conference on Leveraging Applications of Formal Methods
Timing Analysis of a Protected Operating System Kernel
RTSS '11 Proceedings of the 2011 IEEE 32nd Real-Time Systems Symposium
Improving interrupt response time in a verifiable protected microkernel
Proceedings of the 7th ACM european conference on Computer Systems
A trustworthy monadic formalization of the ARMv7 instruction set architecture
ITP'10 Proceedings of the First international conference on Interactive Theorem Proving
From total store order to sequential consistency: a practical reduction theorem
ITP'10 Proceedings of the First international conference on Interactive Theorem Proving
Large-scale formal verification in practice: a process perspective
Proceedings of the 34th International Conference on Software Engineering
To preempt or not to preempt, that is the question
Proceedings of the Asia-Pacific Workshop on Systems
Cache-Leakage Resilient OS Isolation in an Idealized Model of Virtualization
CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
Correct, fast, maintainable - choose any three!
APSys'12 Proceedings of the Third ACM SIGOPS Asia-Pacific conference on Systems
Extensible specifications for automatic re-use of specifications and proofs
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Noninterference for operating system kernels
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
Translation validation for a verified OS kernel
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Sequoll: A framework for model checking binaries
RTAS '13 Proceedings of the 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS)
All Your IFCException Are Belong to Us
SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
seL4: From General Purpose to a Proof of Information Flow Enforcement
SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
From L3 to seL4 what have we learnt in 20 years of L4 microkernels?
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
Hi-index | 0.00 |
We present an in-depth coverage of the comprehensive machine-checked formal verification of seL4, a general-purpose operating system microkernel. We discuss the kernel design we used to make its verification tractable. We then describe the functional correctness proof of the kernel's C implementation and we cover further steps that transform this result into a comprehensive formal verification of the kernel: a formally verified IPC fastpath, a proof that the binary code of the kernel correctly implements the C semantics, a proof of correct access-control enforcement, a proof of information-flow noninterference, a sound worst-case execution time analysis of the binary, and an automatic initialiser for user-level systems that connects kernel-level access-control enforcement with reasoning about system behaviour. We summarise these results and show how they integrate to form a coherent overall analysis, backed by machine-checked, end-to-end theorems. The seL4 microkernel is currently not just the only general-purpose operating system kernel that is fully formally verified to this degree. It is also the only example of formal proof of this scale that is kept current as the requirements, design and implementation of the system evolve over almost a decade. We report on our experience in maintaining this evolving formally verified code base.