seL4 enforces integrity

Authors

Thomas Sewell, Simon Winwood, Peter Gammie, Toby Murray, June Andronick and Gerwin Klein

NICTA
Sydney
Australia

School of Computer Science and Engineering
UNSW
Sydney
Australia

Abstract

We prove that the seL4 microkernel enforces two high-level access control properties: integrity and authority confinement. Integrity provides an upper bound on write operations. Authority confinement provides an upper bound on how authority may change. Apart from being a desirable security property in its own right, integrity can be used as a general framing property for the verification of user-level system composition. The proof is machine checked in Isabelle/HOL and the results hold via refinement for the C implementation of the kernel.

BibTeX Entry

  @inproceedings{Sewell_WGMAK_11,
    publisher        = {Springer},
    doi              = {10.1007/978-3-642-22863-6_24},
    series           = {Lecture Notes in Computer Science},
    author           = {Thomas Sewell and Simon Winwood and Peter Gammie and Toby Murray and June Andronick and Gerwin Klein},
    month            = {aug},
    volume           = {6898},
    editor           = {Marko C. J. D. van Eekelen and Herman Geuvers and Julien Schmaltz and Freek Wiedijk},
    year             = {2011},
    title            = {{seL4} Enforces Integrity},
    booktitle        = {Proceedings of the 2nd International Conference on Interactive Theorem Proving},
    pages            = {325--340},
    address          = {Nijmegen, The Netherlands}
  }

Download

Served by Apache on Linux on seL4