Trustworthy Systems

Verified protection model of the seL4 microkernel


Dhammika Elkaduwe, Gerwin Klein and Kevin Elphinstone




This paper presents a machine-checked high-level security analysis of seL4—an evolution of the L4 kernel series targeted to secure, embedded devices. We provide an abstract specification of the seL4 access control system in terms of a classical take-grant model together with a formal proof of how confined subsystems can be enforced. All proofs and specifications in this paper are machine-checked and developed in the interactive theorem prover Isabelle/HOL.

BibTeX Entry

    address          = {Toronto, Canada },
    author           = {Elkaduwe, Dhammika and Klein, Gerwin and Elphinstone, Kevin},
    booktitle        = {Verified Software: Theories, Tools and Experiments},
    editor           = {{Natarajan Shankar and Jim Woodcock}},
    isbn             = {3540878726},
    month            = oct,
    pages            = {99--115},
    paperurl         = {},
    publisher        = {Springer},
    title            = {Verified Protection Model of the {seL4} Microkernel},
    year             = {2008}