Trustworthy Systems

Can we make trustworthy systems a reality?


Gernot Heiser

    School of Computer Science and Engineering
    Sydney 2052, Australia


Keynote at the ACM International Systems and Storage Conference (SYSTOR)


13 years ago, seL4 became the first OS kernel with a proof of implementation correctness, followed by proofs extending the correctness to the binary code, as well as proofs of security enforcement. This triggered much research activity on the application of formal methods to systems code, including proofs of safety properties of file systems, communication protocols. Formal methods are now also heavily used used in industry.

However, to the best of my knowledge, there still is no non-trivial system that is trustworthy in a strong sense, in that its complete trusted computing base (TCB) – at least the software part of it – is verified and proved to enforce a security policy. In the talk I will give an overview of seL4 and its verification story and look at some existing deployments in critical systems. I will then discuss our current activities for extending trustworthiness to the rest of the TCB. This covers verifiable OS designs, as well as research on reducing the verification effort of TCB components.

BibTeX Entry

    author           = {Gernot Heiser},
    howpublished     = {Keynote at the ACM International Systems and Storage Conference (SYSTOR)},
    location         = {Haifa, Israel},
    month            = jun,
    title            = {Can we make trustworthy systems a reality?},
    year             = {2022}