seL4 enforces integrity
Authors
Thomas Sewell, Simon Winwood, Peter Gammie, Toby Murray, June Andronick and Gerwin Klein
NICTA
Sydney
Australia
School of Computer Science and Engineering
University of NSW
Sydney 2052
Australia
Abstract
We prove that the seL4 microkernel enforces two high-level access control properties: integrity and authority confinement. Integrity provides an upper bound on write operations. Authority confinement provides an upper bound on how authority may change. Apart from being a desirable security property in its own right, integrity can be used as a general framing property for the verification of user-level system composition. The proof is machine checked in Isabelle/HOL and the results hold via refinement for the C implementation of the kernel.
BibTeX Entry
@inproceedings{Sewell_WGMAK,
publisher = {Springer-Verlag},
doi = {http://dx.doi.org/10.1007/978-3-642-22863-6_24},
title = {{seL4} Enforces Integrity},
series = {Lecture Notes in Computer Science},
booktitle = {2nd International Conference on Interactive Theorem Proving},
author = {Thomas Sewell and Simon Winwood and Peter Gammie and Toby Murray and June Andronick and Gerwin Klein},
year = {2011},
month = {Aug},
volume = {6898},
editor = {Marko C. J. D. van Eekelen and Herman Geuvers and Julien Schmaltz and Freek Wiedijk},
address = {Nijmegen, The Netherlands},
pages = {325--340}
}