Trustworthy Systems

The seL4 microkernel – security through mathematical proof


Gernot Heiser

    School of Computer Science and Engineering
    Sydney 2052, Australia


Invited Talk at the Western Digital Security Workshop


seL4 is an operating-system (OS) microkernel designed for safety- and security-critical use. It is characterised by (i) design for security, using capability-based access control that enables fine-grained data-flow and resource control, (ii) world's first OS with a mathematical proof of implementation correctness (i.e. bug-freedom in a very strong sense) (iii) unbeaten performance, (iv) strongest support for mixed-criticality real-time systems. seL4 is open-source and backed by the seL4 Foundation and a growing community of developers and adopters.

seL4's implementation is now proved correct for the RV64 ISA, bringing its strong assurance to RISC-V processors. Extension of this proof to the executable binary is in progress and probably a month away from completion; this will make seL4 the most highly assured OS kernel on any 64-bit architecture.

In the talk I will explain what the above means, and how seL4 can benefit critical systems based on RISC-V processors, discussing concrete case studies using seL4 to secure critical systems. I will also discuss on-going research on the systematic prevention of microarchitectural timing channels, and the specific opportunities offered by RISC-V.

BibTeX Entry

    author           = {Gernot Heiser},
    howpublished     = {Invited Talk at the {Western Digital} Security Workshop},
    location         = {Online},
    month            = dec,
    title            = {The {seL4} Microkernel -- Security Through Mathematical Proof},
    year             = {2020}