Proof-Oriented Design of a Separation Kernel with Minimal Trusted Computing Base

Authors

  • Narjes Jomaa University of Lille
  • Paolo Torrini University of Lille
  • David Nowak University of Lille & CNRS
  • Gilles Grimaud University of Lille
  • Samuel Hym University of Lille

DOI:

https://doi.org/10.14279/tuj.eceasst.76.1080

Abstract

The development of provably secure OS kernels represents a fundamental step in the creation of safe and secure systems. To this aim, we propose the notion of protokernel and an implementation — the Pip protokernel — as a separation kernel whose trusted computing base is reduced to its bare bones, essentially providing separation of tasks in memory, on top of which non-influence can be proved. This proof-oriented design allows us to formally prove separation properties on a concrete executable model very close to its automatically extracted C implementation. Our design is shown to be realistic as it can execute isolated instances of a realtime embedded system that has moreover been modified to isolate its own processes through the Pip services.

Downloads

Published

2019-05-14

How to Cite

[1]
N. Jomaa, P. Torrini, D. Nowak, G. Grimaud, and S. Hym, “Proof-Oriented Design of a Separation Kernel with Minimal Trusted Computing Base”, eceasst, vol. 76, May 2019.

Issue

Vol. 76 (2019): Automated Verification of Critical Systems 2018 (AVoCS 2018)

Section

Articles

License

Copyright (c) 2019 Electronic Communications of the EASST

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.