The formally verified seL4 microkernel – a high-assurance foundation for MCS
Authors
CSIRO's Data61, Australia
UNSW, Australia
Published:
Keynote at IEEE Conference on Embedded and Real-Time Computing and ApplicationsAbstract
This talk covers the seL4 microkernel and its assurance story. I explain the kernel's spatial isolation guarantees. I also cover the worst-case execution-time (WCET) analysis and how it integrates with the functional correctness proof artefacts through the translation validation toolchain to establish provable loop bounds and infeasible path refutations. I explain how a verified mapping to a higher-level component framework allows reasoning about isolation properties of a system at the architecture level. I finally discuss seL4's new model of scheduling contexts, which introduces capabilities for time, making time a first-class resource just as space. This is specifically designed to support the needs of mixed-criticality systems. The model allows less critical tasks to preempt critical ones while ensuring the critical tasks will meet their deadlines; the model also supports resource sharing across criticalities. The new scheduling model is presently undergoing formal verification.
BibTeX Entry
@misc{Heiser_20:rtcsa,
author = {Gernot Heiser},
howpublished = {Keynote at IEEE Conference on Embedded and Real-Time Computing and Applications},
month = aug,
title = {The Formally Verified {seL4} Microkernel -- A High-Assurance Foundation for {MCS}},
video = {https://youtu.be/d0oDVg72HhQ},
year = {2020}
}
Slides
Video
BibTeX