TY - GEN
T1 - Separation kernel verification
T2 - 6th International Conference on Verified Software: Theories, Tool and Experiments, VSTTE 2014
AU - San´an, David
AU - Butterfield, Andrew
AU - Hinchey, Mike
N1 - Publisher Copyright:
© 2014 Springer International Publishing Switzerland.
PY - 2014
Y1 - 2014
N2 - The separation kernel concept was developed as an architecture to simplify formal kernel security verification, and is the basis for many implementations of integrated modular avionics in the aerospace domain. This paper reports on a feasibility study conducted for the European Space Agency, to explore the resources required to formally verify the correctness of such a kernel, given a reference specification and a implementation of same. The study was part of an activity called Methods and Tools for On-Board Software Engineering (MTOBSE) which produced a natural language Reference Specification for a Time-Space Partitioning (TSP) kernel, describing partition functional properties such as health monitoring, inter-partition communication, partition control, resource access, and separation security properties, such as the security policy and authorisation control. An abstract security model, and the reference specification were both formalised using Isabelle/HOL. The C sources of the open-source XtratuM kernel were obtained, and an Isabelle/HOL model of the code was semi-automatically produced. Refinement relations were written manually and some proofs were explored. We describe some of the details of what has been modelled and report on the current state of this work. We also make a comparison between our verification explorations, and the circumstances of NICTA’s successful verification of the sel4 kernel.
AB - The separation kernel concept was developed as an architecture to simplify formal kernel security verification, and is the basis for many implementations of integrated modular avionics in the aerospace domain. This paper reports on a feasibility study conducted for the European Space Agency, to explore the resources required to formally verify the correctness of such a kernel, given a reference specification and a implementation of same. The study was part of an activity called Methods and Tools for On-Board Software Engineering (MTOBSE) which produced a natural language Reference Specification for a Time-Space Partitioning (TSP) kernel, describing partition functional properties such as health monitoring, inter-partition communication, partition control, resource access, and separation security properties, such as the security policy and authorisation control. An abstract security model, and the reference specification were both formalised using Isabelle/HOL. The C sources of the open-source XtratuM kernel were obtained, and an Isabelle/HOL model of the code was semi-automatically produced. Refinement relations were written manually and some proofs were explored. We describe some of the details of what has been modelled and report on the current state of this work. We also make a comparison between our verification explorations, and the circumstances of NICTA’s successful verification of the sel4 kernel.
UR - http://www.scopus.com/inward/record.url?scp=84909594667&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-12154-3_9
DO - 10.1007/978-3-319-12154-3_9
M3 - Conference contribution
AN - SCOPUS:84909594667
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 133
EP - 149
BT - Verified Software
A2 - Giannakopoulou, Dimitra
A2 - Kroening, Daniel
PB - Springer Verlag
Y2 - 17 July 2014 through 18 July 2014
ER -