Trustworthy Systems

Can we make trusted systems trustworthy?


Gernot Heiser

    School of Computer Science and Engineering
    Sydney 2052, Australia


Invited lecture at the Artist Summer School on Embedded Systems


The complexity of computer hardware and software continues to increase, while at the same time we are increasingly dependent on them functioning correctly – a recipe for disaster. Clearly, a change of approach is needed.

This lecture covers NICTA's approach, which is about constructing systems so that their dependability can be assured. Fundamentally we have to structure systems in a way that simplifies the critical components to the point where it is possible to prove that they function as required. Critical to such an approach is a trusted computing base (TCB), which is itself provably trustworthy, and at the same time general enough to support efficient construction of the systems of interest. In our case, the TCB is based on the seL4 microkernel, which has been formally verified to be implemented according to specification, the first (and to date only) operating-system kernel with such a high degree of assurance. The lecture will examine the implications of our approach on system structure, design and implementation, report on progress to date in verifying functional and non-functional properties of the TCB, and the approach taken to enable full-system guarantees.

BibTeX Entry

    author           = {Gernot Heiser},
    howpublished     = {Invited lecture at the Artist Summer School on Embedded Systems, Aix-les-Bains, France},
    month            = sep,
    title            = {Can We Make Trusted Systems Trustworthy?},
    year             = {2012}