seL4 enforces integrity

Authors

Thomas Sewell, Simon Winwood, Peter Gammie, Toby Murray, June Andronick and Gerwin Klein

NICTA
Sydney
Australia

School Comp. Sci. & Engin.
University NSW
Sydney 2052
Australia

Abstract

We prove that the seL4 microkernel enforces two high-level access control properties: integrity and authority confinement. Integrity provides an upper bound on write operations. Authority confinement provides an upper bound on how authority may change. Apart from being a desirable security property in its own right, integrity can be used as a general framing property for the verification of user-level system composition. The proof is machine checked in Isabelle/HOL and the results hold via refinement for the C implementation of the kernel.

BibTeX Entry

  @inproceedings{Sewell_WGMAK_11,
    publisher        = {Springer},
    doi              = {http://dx.doi.org/10.1007/978-3-642-22863-6_24},
    title            = {{seL4} Enforces Integrity},
    series           = {LNCS},
    booktitle        = {2nd ITP},
    author           = {Thomas Sewell and Simon Winwood and Peter Gammie and Toby Murray and June Andronick and Gerwin Klein},
    year             = {2011},
    month            = {Aug},
    volume           = {6898},
    editor           = {Marko C. J. D. van Eekelen and Herman Geuvers and Julien Schmaltz and Freek Wiedijk},
    address          = {Nijmegen, The Netherlands},
    pages            = {325--340}
  }

Download

• Sewell_WGMAK_11.pdf