Trustworthy Systems

Intelligent vehicle security needs a verified operating system

Authors

Gernot Heiser

    School of Computer Science and Engineering
    UNSW,
    Sydney 2052, Australia

Published:

Keynote at the International Workshop on Safety and Security of Intelligent Vehicles

Abstract

Modern vehicles, even those under nominal control of a driver or pilot, are controlled by computer systems that process human input besides a multitude of sensor inputs. As such, they cannot be safe if these computer systems can be compromised by an attacker. And preventing such attacks is a core duty of the operating system (OS).

In reality, almost all operating systems can be compromised and are therefore unable to ensure the safety of a system, even if all other critical components operate correctly. One of the rare exceptions is the seL4 microkernel, the world’s first OS kernel with a machine-checked proof of implementation correctness. seL4 is still the most thoroughly assured OS kernel, including proofs of security- and safety enforcement across multiple processor architectures. Its use has been demonstrated on autonomous vehicles in the defence space and it is being adopted by car manufacturers.

seL4 itself is not an OS, but a microkernel that essentially guarantees isolation with controlled communication. To date, most deployments use seL4 as a hypervisor, leading to course-grained system structures, still dependent on significant amounts of unverified code. At UNSW’s Trustworthy Systems group we are working on changing this, by developing a highly modular, yet high-performance seL4-based OS that can be verified with automatic proof techniques. In this talk I will give an overview of seL4 and its verification story, and then discuss the approach we are taking in developing and verifying this new OS.

BibTeX Entry

  @misc{Heiser_23:ssiv,
    author           = {Gernot Heiser},
    howpublished     = {Keynote at the International Workshop on Safety and Security of Intelligent Vehicles},
    location         = {Porto, PT},
    month            = jun,
    title            = {Intelligent Vehicle Security Needs a Verified Operating System },
    year             = {2023}
  }

Download