Skip to main content

TS

seL4 enforces integrity

Authors

Thomas Sewell, Simon Winwood, Peter Gammie, Toby Murray, June Andronick and Gerwin Klein

NICTA

UNSW

Abstract

We prove the enforcement of two high-level access control properties in the seL4 microkernel: integrity and authority confinement. Integrity provides an upper bound on write operations. Authority confinement provides an upper bound on how authority may change. Apart from being a desirable security property in its own right, integrity can be used as a general framing property for the verification of user-level system composition. The proof is machine checked in Isabelle/HOL and holds via refinement for the C implementation of the kernel.

BibTeX Entry

  @inproceedings{Sewell_WGMAK_11,
    publisher        = {Springer},
    doi              = {10.1007/978-3-642-22863-6_24},
    author           = {Sewell, Thomas and Winwood, Simon and Gammie, Peter and Murray, Toby and Andronick, June and Klein,
                        Gerwin},
    month            = {aug},
    editor           = {{Marko van Eekelen, Herman Geuvers, Julien Schmaltz, and Freek Wiedijk}},
    year             = {2011},
    keywords         = {sel4, isabelle/hol, integrity, access control, security},
    title            = {{seL4} Enforces Integrity},
    booktitle        = {International Conference on Interactive Theorem Proving},
    pages            = {325-340},
    address          = {Nijmegen, The Netherlands}
  }

Download