Towards a platform for secure systems
Authors
School of Computer Science and Engineering
UNSW,
Sydney 2052, Australia
Published:
Keynote at SICS Workshop on Virtualization and Verification for SecurityStockholm
Sweden
Abstract
True security of software systems can only be achieved through mathematical proof of the relevant properties. However, real-world software systems are far too complex to make their formal verification tractable in the foreseeable future. However, strong security guarantees can, in principle, be obtained by isolating the security-critical parts of the system from less-critical parts. This approach is based on three premises: (i) it is possible to structure the system to keep the critical part(s) small and isolated, (ii) the software that provides the isolation (a microkernel or hypervisor) can be shown to enforce the security requirements, and (iii) given the known properties of the critical parts (including the hypervisor/microkernel) it is possible to prove security properties of the overall system.
The Trustworthy Systems project at NICTA takes this approach. Specifically we have mostly achieved (ii), but formally proving the functional correctness as well as other security-relevant properties of the seL4 microkernel, and are closing in on the remaining issues (especially enforcement of confidentiality). We have developed a framework to support (i) and are also working on (iii). This talk will provide an overview of the principles underlying seL4, and the approach taken in its design, implementation and formal verification. It will also discuss on-going activities and our strategy for achieving the ultimate goal of system-wide security guarantees.
BibTeX Entry
@misc{Heiser_12:sics, author = {Gernot Heiser}, howpublished = {Keynote at SICS Workshop on Virtualization and Verification for Security, Stockholm, Sweden}, month = mar, title = {Towards a Platform for Secure Systems}, year = {2012} }