Software Systems

Provable security: How feasible is it?


Gerwin Klein, Toby Murray, Peter Gammie, Thomas Sewell and Simon Winwood


Strong, machine-checked security proofs of operating systems have been in the too hard basket long enough.

They will still be too hard for large mainstream operating systems, but even for systems designed from the ground up for security they have been counted as infeasible. There are high-level formal models, nice security properties, ways of architecting and engineering secure systems, but no implementation level proofs yet, not even with the recent verification of the seL4 microkernel.

This needs to change.

BibTeX Entry

    publisher        = {USENIX},
    author           = {Gerwin Klein and Toby Murray and Peter Gammie and Thomas Sewell and Simon Winwood},
    title            = {Provable Security: How feasible is it?},
    month            = {may},
    year             = {2011},
    booktitle        = {Proceedings of the 13th Workshop on Hot Topics in Operating Systems},
    pages            = {28--32},
    address          = {Napa, CA, USA}