Article

seL4: From General Purpose to a Proof of Information Flow Enforcement

Authors:

Xin Gao,

Gerwin KleinAuthors Info & Claims

SP '13: Proceedings of the 2013 IEEE Symposium on Security and Privacy

Pages 415 - 429

https://doi.org/10.1109/SP.2013.35

Published: 19 May 2013 Publication History

Abstract

In contrast to testing, mathematical reasoning and formal verification can show the absence of whole classes of security vulnerabilities. We present the, to our knowledge, first complete, formal, machine-checked verification of information flow security for the implementation of a general-purpose microkernel; namely seL4. Unlike previous proofs of information flow security for operating system kernels, ours applies to the actual 8, 830 lines of C code that implement seL4, and so rules out the possibility of invalidation by implementation errors in this code. We assume correctness of compiler, assembly code, hardware, and boot code. We prove everything else. This proof is strong evidence of seL4's utility as a separation kernel, and describes precisely how the general purpose kernel should be configured to enforce isolation and mandatory information flow control. We describe the information flow security statement we proved (a variant of intransitive noninterference), including the assumptions on which it rests, as well as the modifications that had to be made to seL4 to ensure it was enforced. We discuss the practical limitations and implications of this result, including covert channels not covered by the formal proof.

Cited By

View all

Athalye ACorrigan-Gibbs HKaashoek FTassarotti JZeldovich NWitchel EArpaci-Dusseau ARossbach CKeeton K(2024)Modular Verification of Secure and Leakage-Free Systems: From Application Specification to Circuit-Level ImplementationProceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles10.1145/3694715.3695956(655-672)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3694715.3695956
Mergendahl SFickas SNorris BSkowyra RLuo BLiao XXu JKirda ELie D(2024)Manipulative Interference AttacksProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690246(4569-4583)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690246
Misu MLopes CMa INoble J(2024)Towards AI-Assisted Synthesis of Verified Dafny MethodsProceedings of the ACM on Software Engineering10.1145/36437631:FSE(812-835)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643763
Show More Cited By

seL4: From General Purpose to a Proof of Information Flow Enforcement

Recommendations

seL4: formal verification of an OS kernel
SOSP '09: Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles

Complete formal verification is the only known way to guarantee that a system is free of programming errors.

We present our experience in performing the formal, machine-checked verification of the seL4 microkernel from an abstract specification down to ...
OpenBSD Formal Driver Verification with SeL4
Innovative Security Solutions for Information Technology and Communications
Abstract
The seL4 microkernel is currently the only kernel that has been fully formally verified. In general, the increased interest in ensuring the security of a kernel’s code results from its important role in the entire operating system. One of the ...
Formal verification of ASMs using MDGs

We present a framework for the formal verification of abstract state machine (ASM) designs using the multiway decision graphs (MDG) tool. ASM is a state based language for describing transition systems. MDG provides symbolic representation of transition ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SP '13: Proceedings of the 2013 IEEE Symposium on Security and Privacy

May 2013

571 pages

ISBN:9780769549774

Publisher

IEEE Computer Society

United States

Publication History

Published: 19 May 2013

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

79
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Athalye ACorrigan-Gibbs HKaashoek FTassarotti JZeldovich NWitchel EArpaci-Dusseau ARossbach CKeeton K(2024)Modular Verification of Secure and Leakage-Free Systems: From Application Specification to Circuit-Level ImplementationProceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles10.1145/3694715.3695956(655-672)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3694715.3695956
Mergendahl SFickas SNorris BSkowyra RLuo BLiao XXu JKirda ELie D(2024)Manipulative Interference AttacksProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690246(4569-4583)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690246
Misu MLopes CMa INoble J(2024)Towards AI-Assisted Synthesis of Verified Dafny MethodsProceedings of the ACM on Software Engineering10.1145/36437631:FSE(812-835)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643763
Andrici CCiobâcă ȘHriţcu CMartínez GRivas ETanter ÉWinterhalter T(2024)Securing Verified IO Programs Against Unverified Code in F*Proceedings of the ACM on Programming Languages10.1145/36329168:POPL(2226-2259)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632916
Zhang LZhao YLi J(2024)A Comprehensive Specification and Verification of the L4 Microkernel APITools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-031-57249-4_11(217-234)Online publication date: 6-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57249-4_11
Athalye AKaashoek FZeldovich NTassarotti J(2023)The K2 Architecture for Trustworthy Hardware Security ModulesProceedings of the 1st Workshop on Kernel Isolation, Safety and Verification10.1145/3625275.3625402(26-32)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3625275.3625402
Xu HZhao Y(2023)Isabelle/Cloud: Delivering Isabelle/HOL as a Cloud IDE for Theorem ProvingProceedings of the 14th Asia-Pacific Symposium on Internetware10.1145/3609437.3609460(313-322)Online publication date: 4-Aug-2023
https://dl.acm.org/doi/10.1145/3609437.3609460
Zheng NLiu MXiang YSong LLi DHan FWang NMa YLiang ZCai DZhai ELiu XJin XDruschel PKaufmann AMace JFlinn JSeltzer M(2023)Automated Verification of an In-Production DNS Authoritative EngineProceedings of the 29th Symposium on Operating Systems Principles10.1145/3600006.3613153(80-95)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3600006.3613153
Brun MAchermann RChajed THowell JZellweger GLattuada ABaumann ACrooks NSchwarzkopf M(2023)Beyond isolation: OS verification as a foundation for correct applicationsProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595899(158-165)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595899
Liu ZStepanenko SPichon-Pharabod JTimany AAskarov ABirkedal L(2023)VMSL: A Separation Logic for Mechanised Robust Safety of Virtual Machines Communicating above FF-AProceedings of the ACM on Programming Languages10.1145/35912797:PLDI(1438-1462)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591279
Show More Cited By

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

seL4: formal verification of an OS kernel

OpenBSD Formal Driver Verification with SeL4

Formal verification of ASMs using MDGs

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations