Towards proving security in the presence of large untrusted components

Authors

June Andronick, David Greenaway and Kevin Elphinstone

School of Computer Science and Engineering
UNSW
Sydney
Australia

NICTA
Sydney
Australia

Abstract

This paper proposes a generalized framework to build large, complex systems where security guarantees can be given for the overall system's implementation. The work builds on the formally proven correct seL4 microkernel and on its fine-grained access control. This access control mechanism allows large untrusted components to be isolated in a way that prevents them from violating a defined security property, leaving only the trusted components to be formally verified. The first steps of the approach are illustrated by the formalisation of a multilevel secure access device and a proof in Isabelle/HOL that information cannot flow from one back-end network to another.

BibTeX Entry

  @inproceedings{Andronick_GE_10,
    publisher        = {USENIX},
    author           = {June Andronick and David Greenaway and Kevin Elphinstone},
    month            = {oct},
    editor           = {Gerwin Klein and Ralf Huuck and Bastian Schlich},
    year             = {2010},
    title            = {Towards proving security in the presence of large untrusted components},
    booktitle        = {Proceedings of the 5th Systems Software Verification},
    address          = {Vancouver, Canada}
  }

Download

Served by Apache on Linux on seL4