Gerwin Klein
Gernot Heiser
Dhammika Elkaduwe
Michael Norrish
- Alkassar, E., Schirmer, N., Starostin, A. Formal pervasive verification of a paging mechanism. TACAS. C.R. Ramakrishnan and J. Rehof, eds. Volume 4963 of LNCS (2008). Springer, 109--123. Google Scholar
Digital Library
- Dennis, J.B., Van Horn, E.C. Programming semantics for multiprogrammed computations. CACM 9 (1966), 143--155. Google ScholarDigital Library
- Elkaduwe, D., Klein, G., Elphinstone, K. Verified protection model of the seL4 microkernel. VSTTE 2008---Verified Software: Theories, Tools & Experiments. J. Woodcock and N. Shankar eds. Volume 5295 of LNCS (Toronto, Canada, Oct 2008), Springer, 99--114. Google ScholarDigital Library
- ISO/IEC. Programming languages---C. Technical Report 9899:TC2, ISO/IEC JTC1/SC22/WG14, May 2005.Google Scholar
- Leroy, X. Formal certification of a compiler back-end, or: Programming a compiler with a proof assistant. 33rd POPL. J.G. Morrisett and S.L.P. Jones, eds. (New York, NY, USA, 2006), ACM, 42--54. Google ScholarDigital Library
- Liedtke, J. Towards real microkernels. CACM 39, 9 (Sept 1996), 70--77. Google ScholarDigital Library
- Ni, Z., Yu, D., Shao. Z. Using XCAP to certify realistic system code: Machine context management. 20th TPHOLs, volume 4732 of LNCS (Kaiserslautern, Germany, Sept 2007), Springer, 189--206. Google ScholarDigital Library
- Nipkow, T., Paulson, L., Wenzel, M. Isabelle/HOL---A Proof Assistant for Higher-Order Logic. Volume 2283 of LNCS (2002), Springer. Google ScholarDigital Library
- Ormandy, T., Tinnes, J. Linux null pointer dereference due to incorrect proto_ops initializations. http://www.cr0.org/misc/CVE-2009-2692.txt, 2009.Google Scholar
- Saltzer, J.H., Schroeder, M.D. The protection of information in computer systems. Proc. IEEE 63 (1975), 1278--1308.Google ScholarCross Ref
- Shapiro, J.S., Smith, J.M., Farber, D.J. EROS: A fast capability system. 17th SOSP (Charleston, SC, USA, Dec 1999), 170--185. Google ScholarDigital Library
Index Terms
- seL4: formal verification of an operating-system kernel
Recommendations
From L3 to seL4 what have we learnt in 20 years of L4 microkernels?
SOSP '13: Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems PrinciplesThe L4 microkernel has undergone 20 years of use and evolution. It has an active user and developer community, and there are commercial versions which are deployed on a large scale and in safety-critical systems. In this paper we examine the lessons ...
seL4: formal verification of an OS kernel
SOSP '09: Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principlesComplete formal verification is the only known way to guarantee that a system is free of programming errors.
We present our experience in performing the formal, machine-checked verification of the seL4 microkernel from an abstract specification down to ...
OpenBSD Formal Driver Verification with SeL4
Innovative Security Solutions for Information Technology and CommunicationsAbstractThe seL4 microkernel is currently the only kernel that has been fully formally verified. In general, the increased interest in ensuring the security of a kernel’s code results from its important role in the entire operating system. One of the ...
Comments