adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lh-l4v/proof/access-control
History
Joel Beeren 71e2db88a4 arm: refactor sanitise_register to take a bool instead of a kernel_object 
This simplified the sanitise_register logic in CRefine for arm-hyp.
 		2017-05-03 21:51:57 +10:00
..
ADT_AC.thy wp_cleanup: update proofs for new wp behaviour 2017-01-13 14:04:15 +01:00
Access.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
Arch_AC.thy wp_cleanup: update proofs for new wp behaviour 2017-01-13 14:04:15 +01:00
CNode_AC.thy wp_cleanup: update proofs for new wp behaviour 2017-01-13 14:04:15 +01:00
Deterministic_AC.thy arch_split: DetSchedDomainTime_AI, DetSchedSchedule_AI for ARM 2017-03-09 12:10:44 +11:00
DomainSepInv.thy Bisim / Access / InfoFlow: updates for Hypervisor stub 2017-02-22 15:26:49 +11:00
Dpolicy.thy Isabelle2016-1: fix proofs using lemmas now removed 2017-01-05 14:23:11 +11:00
ExampleSystem.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
Finalise_AC.thy Access and InfoFlow fix for prepare_thread_delete 2017-02-20 09:23:55 +11:00
Interrupt_AC.thy wp_cleanup: update proofs for new wp behaviour 2017-01-13 14:04:15 +01:00
Ipc_AC.thy arm: refactor sanitise_register to take a bool instead of a kernel_object 2017-05-03 21:51:57 +10:00
README.md misc: Proofing and formatting of README.md files. 2014-07-28 13:15:48 +10:00
Retype_AC.thy backport changes to ARM proofs from X64 work in progress 2017-01-27 08:31:07 +11:00
Syscall_AC.thy lib: new invariant syntax "f {|P|}" 2017-03-17 11:13:41 +11:00
Tcb_AC.thy arm: refactor sanitise_register to take a bool instead of a kernel_object 2017-05-03 21:51:57 +10:00

README.md

Access Control Proof

This proof establishes that seL4 enforces the security properties of authority confinement and integrity. These are essential correctness properties of its capability-based access control system: authority confinement means that authority propagates only in accordance with capabilities, and integrity means that data cannot be modified without possession of an appropriate write capability to the data. These properties and proofs are described in detail in an ITP 2011 paper. These properties are phrased over seL4's abstract specification and this proof builds on top of the Abstract Spec Invariant Proof.

Building

To build from the l4v/ directory, run:

./isabelle/bin/isabelle build -d . -v -b Access

Important Theories

The top-level theory where these two properties are proved for the kernel is Syscall_AC; the bottom-level theory where the properties are defined is Access.