Proof-Oriented Design of a Separation Kernel with Minimal Trusted Computing Base

Abstract : The development of provably secure OS kernels represents a fundamental step in the creation of safe and secure systems. To this aim, we propose the notion of protokernel and an implementation --- the Pip protokernel --- as a separation kernel whose trusted computing base is reduced to its bare bones, essentially providing separation of tasks in memory, on top of which non-influence can be proved. This proof-oriented design allows us to formally prove separation properties on a concrete executable model very close to its automatically extracted C implementation. Our design is shown to be realistic as it can execute isolated instances of a real-time embedded system that has moreover been modified to isolate its own processes through the Pip services.
Liste complète des métadonnées

Cited literature [10 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01816830
Contributor : David Nowak <>
Submitted on : Wednesday, October 3, 2018 - 12:00:46 PM
Last modification on : Saturday, March 23, 2019 - 1:24:24 AM
Document(s) archivé(s) le : Friday, January 4, 2019 - 1:56:58 PM

File

pip.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01816830, version 2

Collections

Citation

Narjes Jomaa, Paolo Torrini, David Nowak, Gilles Grimaud, Samuel Hym. Proof-Oriented Design of a Separation Kernel with Minimal Trusted Computing Base. 18th International Workshop on Automated Verification of Critical Systems (AVOCS 2018), Jul 2018, Oxford, United Kingdom. ⟨hal-01816830v2⟩

Share

Metrics

Record views

118

Files downloads

78