2020-03-09 06:18:30 +00:00
|
|
|
<!--
|
|
|
|
Copyright 2020, Data61, CSIRO (ABN 41 687 119 230)
|
|
|
|
|
|
|
|
SPDX-License-Identifier: BSD-2-Clause
|
|
|
|
-->
|
2020-03-02 08:20:30 +00:00
|
|
|
|
2014-07-28 01:59:57 +00:00
|
|
|
An Abstract Take/Grant Security Model
|
|
|
|
=====================================
|
2014-07-22 23:10:10 +00:00
|
|
|
|
2014-07-28 01:59:57 +00:00
|
|
|
l4v/spec/take-grant/
|
2014-07-22 23:10:10 +00:00
|
|
|
|
|
|
|
This directory contains the Isabelle sources of an abstract take-grant
|
|
|
|
security model, studying some of the underlying concepts of seL4's protection
|
|
|
|
mechanisms.
|
|
|
|
|
|
|
|
|
2014-07-28 01:59:57 +00:00
|
|
|
Overview
|
|
|
|
--------
|
2014-07-22 23:10:10 +00:00
|
|
|
|
|
|
|
* `System_S` contains the operations and state space of the model.
|
2014-07-28 01:59:57 +00:00
|
|
|
* `Confine_S` shows authority confinement
|
2014-07-22 23:10:10 +00:00
|
|
|
* `Islands_S` explicitly defines the concept of authority-isolated islands
|
|
|
|
and authority confinement on this concept.
|
|
|
|
* `Isolations_S` defines a notion of high-level information flow on
|
|
|
|
take-grant authority and shows that islands stay isolated.
|
|
|
|
* `Example` and `Example2` are two example systems in this model.
|
|
|
|
|
|
|
|
|
2014-07-28 01:59:57 +00:00
|
|
|
Building
|
|
|
|
--------
|
2014-07-22 23:10:10 +00:00
|
|
|
|
|
|
|
The corresponding Isabelle session is `TakeGrant`. To build, run in directory `l4v/spec`:
|
|
|
|
|
2014-07-28 01:59:57 +00:00
|
|
|
make TakeGrant
|
2014-07-22 23:10:10 +00:00
|
|
|
|
|
|
|
|
2014-07-28 01:59:57 +00:00
|
|
|
Remarks
|
|
|
|
-------
|
|
|
|
|
2014-07-22 23:10:10 +00:00
|
|
|
* This specification is *not* connected with the seL4 code and does *not*
|
|
|
|
completely describe seL4 behaviour. Instead, it is a more abstract study
|
|
|
|
of the underlying concepts.
|
|
|
|
* A previous, simpler version of this model has appeared in Dhammika
|
|
|
|
Elkaduwe's PhD thesis.
|
2014-07-28 01:59:57 +00:00
|
|
|
* A description of the extended, more recent model can be found in
|
|
|
|
Andrew Boyton's PhD thesis.
|