Separation kernel verification: The xtratum case study

David San´an, Andrew Butterfield, Mike Hinchey

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The separation kernel concept was developed as an architecture to simplify formal kernel security verification, and is the basis for many implementations of integrated modular avionics in the aerospace domain. This paper reports on a feasibility study conducted for the European Space Agency, to explore the resources required to formally verify the correctness of such a kernel, given a reference specification and a implementation of same. The study was part of an activity called Methods and Tools for On-Board Software Engineering (MTOBSE) which produced a natural language Reference Specification for a Time-Space Partitioning (TSP) kernel, describing partition functional properties such as health monitoring, inter-partition communication, partition control, resource access, and separation security properties, such as the security policy and authorisation control. An abstract security model, and the reference specification were both formalised using Isabelle/HOL. The C sources of the open-source XtratuM kernel were obtained, and an Isabelle/HOL model of the code was semi-automatically produced. Refinement relations were written manually and some proofs were explored. We describe some of the details of what has been modelled and report on the current state of this work. We also make a comparison between our verification explorations, and the circumstances of NICTA’s successful verification of the sel4 kernel.

Original languageEnglish
Title of host publicationVerified Software
Subtitle of host publicationTheories, Tools and Experiments - 6th International Conference, VSTTE 2014, Revised Selected Papers
EditorsDimitra Giannakopoulou, Daniel Kroening
PublisherSpringer Verlag
Pages133-149
Number of pages17
ISBN (Electronic)9783319121536
DOIs
Publication statusPublished - 2014
Event6th International Conference on Verified Software: Theories, Tool and Experiments, VSTTE 2014 - Vienna, Austria
Duration: 17 Jul 201418 Jul 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8471
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference6th International Conference on Verified Software: Theories, Tool and Experiments, VSTTE 2014
Country/TerritoryAustria
CityVienna
Period17/07/1418/07/14

Fingerprint

Dive into the research topics of 'Separation kernel verification: The xtratum case study'. Together they form a unique fingerprint.

Cite this