Skip to Main content Skip to Navigation
Conference papers

Proof-Oriented Design of a Separation Kernel with Minimal Trusted Computing Base

Narjes Jomaa 1 Paolo Torrini 1 David Nowak 1 Gilles Grimaud 1 Samuel Hym 1 
1 2XS - Extra Small Extra Safe
CRIStAL - Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189
Abstract : The development of provably secure OS kernels represents a fundamental step in the creation of safe and secure systems. To this aim, we propose the notion of protokernel and an implementation --- the Pip protokernel --- as a separation kernel whose trusted computing base is reduced to its bare bones, essentially providing separation of tasks in memory, on top of which non-influence can be proved. This proof-oriented design allows us to formally prove separation properties on a concrete executable model very close to its automatically extracted C implementation. Our design is shown to be realistic as it can execute isolated instances of a real-time embedded system that has moreover been modified to isolate its own processes through the Pip services.
Complete list of metadata

Cited literature [38 references]  Display  Hide  Download
Contributor : David Nowak Connect in order to contact the contributor
Submitted on : Wednesday, October 3, 2018 - 12:00:46 PM
Last modification on : Wednesday, September 7, 2022 - 8:14:05 AM
Long-term archiving on: : Friday, January 4, 2019 - 1:56:58 PM


Files produced by the author(s)




Narjes Jomaa, Paolo Torrini, David Nowak, Gilles Grimaud, Samuel Hym. Proof-Oriented Design of a Separation Kernel with Minimal Trusted Computing Base. 18th International Workshop on Automated Verification of Critical Systems (AVOCS 2018), Jul 2018, Oxford, United Kingdom. ⟨10.14279/tuj.eceasst.76.1080⟩. ⟨hal-01816830v2⟩



Record views


Files downloads