History

Gerwin Klein 1bbbe090c9 isabelle2021-1: global hide_lams -> opaque_lifting The metis replay option hide_lams has been renamed. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>		2022-03-29 08:38:25 +11:00
..
Confine_S.thy	licenses: convert license tags to SPDX	2020-03-13 14:38:24 +08:00
Example.thy	licenses: convert license tags to SPDX	2020-03-13 14:38:24 +08:00
Example2.thy	licenses: convert license tags to SPDX	2020-03-13 14:38:24 +08:00
Islands_S.thy	isabelle2021-1: global hide_lams -> opaque_lifting	2022-03-29 08:38:25 +11:00
Isolation_S.thy	licenses: convert license tags to SPDX	2020-03-13 14:38:24 +08:00
README.md	license: provide documentation under CC-BY-SA-4.0	2020-03-16 14:19:15 +08:00
System_S.thy	licenses: convert license tags to SPDX	2020-03-13 14:38:24 +08:00

README.md

An Abstract Take/Grant Security Model

l4v/spec/take-grant/

This directory contains the Isabelle sources of an abstract take-grant security model, studying some of the underlying concepts of seL4's protection mechanisms.

Overview

System_S contains the operations and state space of the model.
Confine_S shows authority confinement
Islands_S explicitly defines the concept of authority-isolated islands and authority confinement on this concept.
Isolations_S defines a notion of high-level information flow on take-grant authority and shows that islands stay isolated.
Example and Example2 are two example systems in this model.

Building

The corresponding Isabelle session is TakeGrant. To build, run in directory l4v/spec:

make TakeGrant

Remarks

This specification is not connected with the seL4 code and does not completely describe seL4 behaviour. Instead, it is a more abstract study of the underlying concepts.
A previous, simpler version of this model has appeared in Dhammika Elkaduwe's PhD thesis.
A description of the extended, more recent model can be found in Andrew Boyton's PhD thesis.