• ERTOS Home
•  
• News
• Events
• Jobs
• Research
• People
• Publications
  • ERTOS Publication
  • Non-NICTA Publications
  • Selected undergraduate student theses
• Software
• Hardware
• Education
• Collaboration and Commercialisation
• Contact
• Search

Abstract

Title:

Authors:

School of Computer Science and Engineering
University of NSW
Sydney 2052
Australia

NICTA
Sydney
Australia

Abstract:

This paper presents a high-level access control model of the seL4 microkernel. We extend an earlier formalisation by Elkaduwe et al with non-determinism, explicit sharing of capability storage, and a delete-operation for entities. We formally prove that this new model can enforce system-global security policies as well as authority confinement. By treating sharing explicitly in the abstract access control model we simplify considerably the refinement proof towards the seL4 implementation. To our knowledge this is the first machine-checked access control model with explicit sharing of authority.

BibTeX Entry

  @inproceedings{Boyton_09,
    publisher        = {Elsevier},
    author           = {Andrew Boyton},
    title            = {A Verified Shared Capability Model},
    series           = {Electronic Notes in Computer Science},
    booktitle        = {Proceedings of the 4th Workshop on Systems Software Verification},
    year             = {2009},
    month            = {Oct},
    volume           = {254},
    editor           = {Gerwin Klein and Ralf Huuck and Bastian Schlich},
    address          = {Aachen, Germany},
    pages            = {25--44}
  }

Download paper:

• Boyton_09.pdf