0cf64b5498
Avoid mixing `isabelle`, `make`, and `run_tests` invocations. Standardise on `run_tests` and mention `L4V_ARCH` each time to indicate that you can and should set `L4V_ARCH`. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems> |
||
|---|---|---|
| .. | ||
| Confine_S.thy | ||
| Example.thy | ||
| Example2.thy | ||
| Islands_S.thy | ||
| Isolation_S.thy | ||
| README.md | ||
| System_S.thy | ||
README.md
An Abstract Take/Grant Security Model
l4v/spec/take-grant/
This directory contains the Isabelle sources of an abstract take-grant security model, studying some of the underlying concepts of seL4's protection mechanisms.
Overview
System_Scontains the operations and state space of the model.Confine_Sshows authority confinementIslands_Sexplicitly defines the concept of authority-isolated islands and authority confinement on this concept.Isolations_Sdefines a notion of high-level information flow on take-grant authority and shows that islands stay isolated.ExampleandExample2are two example systems in this model.
Building
The corresponding Isabelle session is TakeGrant. To build for the ARM
architecture, run in directory l4v/:
L4V_ARCH=ARM ./run_tests TakeGrant
Remarks
- This specification is not connected with the seL4 code and does not completely describe seL4 behaviour. Instead, it is a more abstract study of the underlying concepts.
- A previous, simpler version of this model has appeared in Dhammika Elkaduwe's PhD thesis.
- A description of the extended, more recent model can be found in Andrew Boyton's PhD thesis.