Filters








333 Hits in 4.5 sec

seL4

Gerwin Klein, Michael Norrish, Thomas Sewell, Harvey Tuch, Simon Winwood, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt (+1 others)
2009 Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles - SOSP '09  
We present our experience in performing the formal, machine-checked verification of the seL4 microkernel from an abstract specification down to its C implementation.  ...  Complete formal verification is the only known way to guarantee that a system is free of programming errors.  ...  We also would like to acknowledge the contribution of the former team members on this verification project: Jeremy Dawson, Jia Meng, Catherine Menon, and David Tsai.  ... 
doi:10.1145/1629575.1629596 dblp:conf/sosp/KleinEHACDEEKNSTW09 fatcat:cidf7z4awnhyfljpznijerhee4

seL4

Gerwin Klein, Michael Norrish, Thomas Sewell, Harvey Tuch, Simon Winwood, June Andronick, Kevin Elphinstone, Gernot Heiser, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt (+1 others)
2010 Communications of the ACM  
We report on the formal, machine-checked verification of the seL4 microkernel from an abstract specification down to its C implementation.  ...  We assume correctness of compiler, assembly code, hardware, and boot code. seL4 is a third-generation microkernel of L4 provenance, comprising 8,700 lines of C and 600 lines of assembler.  ...  Acknowledgements We would like to acknowledge the contribution of the former team members on this verification project: Timothy Bourke, Jeremy Dawson, Jia Meng, Catherine Menon, and David Tsai.  ... 
doi:10.1145/1743546.1743574 fatcat:cuqv3av3ojfm3os7u2mv5cf2oi

seL4 Enforces Integrity [chapter]

Thomas Sewell, Simon Winwood, Peter Gammie, Toby Murray, June Andronick, Gerwin Klein
2011 Lecture Notes in Computer Science  
The proof is machine checked in Isabelle/HOL and the results hold via refinement for the C implementation of the kernel.  ...  We prove that the seL4 microkernel enforces two high-level access control properties: integrity and authority confinement. Integrity provides an upper bound on write operations.  ...  Acknowledgements We thank Magnus Myreen for commenting on a draft of this paper.  ... 
doi:10.1007/978-3-642-22863-6_24 fatcat:onkuh7qo4raxrmucoeki6wvb3a

Refinement in the Formal Verification of the seL4 Microkernel [chapter]

Gerwin Klein, Thomas Sewell, Simon Winwood
2010 Design and Verification of Microprocessor Systems for High-Assurance Applications  
We present an overview of the different refinement frameworks used in the L4.verified project to formally prove the functional correctness of the seL4 microkernel.  ...  The verified version of the seL4 kernel runs on the ARMv6 architecture and the Freescale i.MX31 platform.  ...  Acknowledgements We thank the other current and former members of the L4.verified and seL4 teams:  ... 
doi:10.1007/978-1-4419-1539-9_11 fatcat:2ytrxjfjf5f7hfez7pk2653rei

seL4: From General Purpose to a Proof of Information Flow Enforcement

T. Murray, D. Matichuk, M. Brassil, P. Gammie, T. Bourke, S. Seefried, C. Lewis, Xin Gao, G. Klein
2013 2013 IEEE Symposium on Security and Privacy  
We present the, to our knowledge, first complete, formal, machine-checked verification of information flow security for the implementation of a general-purpose microkernel; namely seL4.  ...  In contrast to testing, mathematical reasoning and formal verification can show the absence of whole classes of security vulnerabilities.  ...  Citation of manufacturers or trade names does not constitute an official endorsement or approval of the use thereof.  ... 
doi:10.1109/sp.2013.35 dblp:conf/sp/MurrayMBGBSLGK13 fatcat:ixjwu5pzzncsjczh5rhptkwytu

Towards a user-mode approach to partitioned scheduling in the seL4 microkernel

Mikael Åsberg, Thomas Nolte
2013 ACM SIGBED Review  
This microkernel is the first operating system kernel ever to be formally proven for its functional correctness.  ...  The seL4 kernel implements isolation of components in terms of the memory resource and security. However, there is still a missing part when it comes to isolation and that is time partitioning.  ...  Still, the verification process of the seL4 kernel took 20 person years to perform and it revealed 144 software defects [2] .  ... 
doi:10.1145/2544350.2544352 fatcat:tfkde662gjcebbrbqiy76loxbm

A Performance Evaluation of Rump Kernels as a Multi-server OS Building Block on seL4

Kevin Elphinstone, Amirreza Zarrabi, Kent Mcleod, Gernot Heiser
2017 Proceedings of the 8th Asia-Pacific Workshop on Systems - APSys '17  
We present our initial efforts with a promising performance evaluation of a rump kernel running on seL4.  ...  We argue that recent formal verification of microkernels provides a compelling platform for constructing general purpose systems, and that existing systems are not appropriate to take advantage of a formally  ...  Verification The successful application of formal verification to the seL4 microkernel [Klein et al. 2009 ] has established a clear value proposition for basing a system on a microkernel. seL4 provides  ... 
doi:10.1145/3124680.3124727 dblp:conf/apsys/ElphinstoneZMH17 fatcat:reqzohc45rhmvkyd4ig3cq5wzu

OS Verification- A Survey as a Source of Future Challenges

Kushal Anjaria, Arun Mishra
2015 International Journal of Computer Science & Engineering Survey  
Formal verification of an operating system kernel manifests absence of errors in the kernel and establishes trust in it.  ...  This paper evaluates various projects on operating system kernel verification and presents indepth survey of them.  ...  Formal verification of an operating system kernel produces mathematical proofs of correctness of an operating system.  ... 
doi:10.5121/ijcses.2015.6401 fatcat:kmf3kdtarja7fduluaq5qxx4we

From a Verified Kernel towards Verified Systems [chapter]

Gerwin Klein
2010 Lecture Notes in Computer Science  
The L4.verified project has produced a formal, machinechecked Isabelle/HOL proof that the C code of the seL4 OS microkernel correctly implements its abstract implementation.  ...  verified kernel may be used for gaining formal, code-level assurance about safety and security properties of systems on the order of a million lines of code.  ...  of Excellence program.  ... 
doi:10.1007/978-3-642-17164-2_3 fatcat:askysutvofghzk2ajojawwmmgu

A Formally Verified OS Kernel. Now What? [chapter]

Gerwin Klein
2010 Lecture Notes in Computer Science  
Last year, the L4.verified project produced a formal, machinechecked Isabelle/HOL proof that the C code of the seL4 OS microkernel correctly implements its abstract implementation.  ...  on overall system security, and I will explore further future research directions that open up with a formally verified OS kernel.  ...  A Formally Verified OS Kernel Last year, we reported on the full formal verification of the seL4 microkernel from a high-level model down to very low-level C code [5] .  ... 
doi:10.1007/978-3-642-14052-5_1 fatcat:gb72mkwnnrd2hp3hiz3y2nukxq

Reasoning About Concurrency in High-Assurance, High-Performance Software Systems [chapter]

June Andronick
2017 Lecture Notes in Computer Science  
This shift was possible thanks to highly successful verified artifacts, such as the CompCert compiler [16] and the seL4 operating system (OS) kernel [14, 15] .  ...  Formal verification -mentality shift Recent years have seen a shift in the perception of formal software verification in the academic community and, to some more emerging extent, in the industrial community  ...  It has been used for the verification of seL4: the C-level formal specification of seL4 is in SIMPL, inside Isabelle/HOL.  ... 
doi:10.1007/978-3-319-63046-5_1 fatcat:etyhrw4auradbptcsixj6zeq4y

Proof Engineering Considered Essential [chapter]

Gerwin Klein
2014 Lecture Notes in Computer Science  
In this talk, I will give an overview of the various formal verification projects around the evolving seL4 microkernel, and discuss our experience in large-scale proof engineering and maintenance.  ...  Among these are a number of firsts: the first code-level functional correctness proof of a general-purpose OS kernel, the first non-interference proof for such a kernel at the code-level, the first binary-level  ...  For instance, it can be found for simpler separation kernels in the MILS setting [2] . For modern systems, some of the untrusted components will be an entire monolithic guest OS such as Linux.  ... 
doi:10.1007/978-3-319-06410-9_2 fatcat:fs4qvxrgmzhh5g4qnn2z6fcqpa

Comprehensive formal verification of an OS microkernel

Gerwin Klein, June Andronick, Kevin Elphinstone, Toby Murray, Thomas Sewell, Rafal Kolanski, Gernot Heiser
2014 ACM Transactions on Computer Systems  
We present an in-depth coverage of the comprehensive machine-checked formal verification of seL4, a general-purpose operating system microkernel.  ...  We then describe the functional correctness proof of the kernel's C implementation and we cover further steps that transform this result into a comprehensive formal verification of the kernel: a formally  ...  ACKNOWLEDGMENTS We would like to acknowledge the contribution of the following people in the different parts of this work, spanning multiple years and projects.  ... 
doi:10.1145/2560537 fatcat:wgaqjtqacfen3nd2apj4z4eldm

From a Proven Correct Microkernel to Trustworthy Large Systems [chapter]

June Andronick
2011 Lecture Notes in Computer Science  
The seL4 microkernel was the world's first general-purpose operating system kernel with a formal, machine-checked proof of correctness.  ...  This paper first gives an overview of seL4's correctness proof, together with its main implications and assumptions, and then describes our approach to provide formal security guarantees for large, complex  ...  Acknowledgments The proof of the SAC mentioned above was conducted almost entirely by David Greenaway with minor contributions from Xin Gao, Gerwin  ... 
doi:10.1007/978-3-642-18070-5_1 fatcat:yeoqx3v4tnf5pakxffeucoslfe

The L4.verified Project — Next Steps [chapter]

Gerwin Klein
2010 Lecture Notes in Computer Science  
Last year, the NICTA L4.verified project produced a formal machine-checked Isabelle/HOL proof that the C code of the seL4 OS microkernel correctly implements its abstract implementation.  ...  This papers gives a brief overview of the proof together with its main implications and assumptions, and paints a vision on how this verified kernel can be used for gaining assurance of overall system  ...  Acknowledgements The formal security model of the SAC was mostly created by June Andronick.  ... 
doi:10.1007/978-3-642-15057-9_6 fatcat:aablfaxfo5ct7lafrv5w74bbvy
« Previous Showing results 1 — 15 out of 333 results