Verified protection model of the seL4 microkernel

Authors

Dhammika Elkaduwe, Gerwin Klein and Kevin Elphinstone

NICTA, Sydney, Australia
UNSW, Australia

Abstract

This paper presents a machine-checked high-level security analysis of seL4 --- an evolution of the L4 kernel series targeted to secure, embedded devices. We provide an abstract specification of the seL4 access control system in terms of a classical take-grant model together with a formal proof of its decidability. Using the decidability property we show how confined subsystems can be enforced. All proofs and specifications in this paper are machine-checked and developed in the interactive theorem prover Isabelle/HOL.

BibTeX Entry

  @techreport{Elkaduwe_GE_07,
    author           = {Dhammika Elkaduwe and Gerwin Klein and Kevin Elphinstone},
    number           = {NRL-1474},
    month            = {oct},
    note             = {Available from \url{http://ertos.nicta.com.au/publications/papers/Elkaduwe_GE_07.pdf}},
    year             = {2007},
    title            = {Verified Protection Model of the {seL4} Microkernel},
    institution      = {NICTA}
  }

Download

Served by Apache on Linux on seL4