adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lh-l4v/proof/infoflow
History
Joel Beeren d6f7579be7 poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
..
admin Import release snapshot. 2014-07-14 21:32:44 +02:00
figs Import release snapshot. 2014-07-14 21:32:44 +02:00
tools Import release snapshot. 2014-07-14 21:32:44 +02:00
ADT_IF.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
ADT_IF_Refine.thy aep-binding: finished InfoFlowC 2015-09-18 13:54:01 +10:00
ADT_IF_Refine_C.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
Arch_IF.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
CNode_IF.thy fewer warnings 2015-05-16 19:52:49 +10:00
Decode_IF.thy aep-binding: finished infoflow 2015-09-16 11:41:01 +10:00
ExampleSystemPolicyFlows.thy infoflow: 2015 update (apart from C refinement) 2015-05-16 18:14:59 +10:00
Example_Valid_State.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
Example_Valid_StateH.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
FinalCaps.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
Finalise_IF.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
IRQMasks_IF.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
InfoFlow.thy aep-binding: cleanup 2015-10-07 14:18:09 +11:00
Interrupt_IF.thy infoflow: 2015 update (apart from C refinement) 2015-05-16 18:14:59 +10:00
Ipc_IF.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
Noninterference.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
Noninterference_Base.thy infoflow: 2015 update (apart from C refinement) 2015-05-16 18:14:59 +10:00
Noninterference_Base_Alternatives.thy infoflow: minor cleanup 2015-05-16 21:49:01 +10:00
Noninterference_Base_Enabledness_weak_asym.thy infoflow: 2015 update (apart from C refinement) 2015-05-16 18:14:59 +10:00
Noninterference_Base_Refinement.thy infoflow: minor cleanup 2015-05-16 21:49:01 +10:00
Noninterference_Base_Refinement_Example.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
Noninterference_Refinement.thy infoflow: 2015 update for infoflow C refinement 2015-05-20 21:10:59 +10:00
PasUpdates.thy Fix Access, InfoFlow and DRefine. 2014-08-13 16:45:40 +10:00
PolicyExample.thy aep-binding: finished infoflow 2015-09-16 11:41:01 +10:00
PolicySystemSAC.thy Merge branch 'aep-merge' of github.inside.nicta.com.au:seL4/l4v into aep-merge 2015-09-16 11:10:08 +10:00
README.md infoflow: Move "EquivValid" out of "infoflow/", into "lib/". 2014-10-13 11:05:31 +11:00
Retype_IF.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
Scheduler_IF.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Syscall_IF.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
Tcb_IF.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
UserOp_IF.thy infoflow: 2015 update (apart from C refinement) 2015-05-16 18:14:59 +10:00

README.md

Confidentiality Proof

This proof establishes that seL4 enforces information flow, and so enforces the security property of confidentiality. Information flow security is defined in terms of (intransitive) noninterference, and implies confidentiality: data cannot be inferred without appropriate read authority. This proof is described in a 2013 IEEE Symposium on Security and Privacy paper. This proof firstly establishes noninterference for seL4's abstract specification, building on top of the Access Control Proof, before transferring the noninterference result to the kernel's C implementation via the Design Spec Refinement Proof and the C Refinement Proof.

Building

To build from the l4v/ directory, run:

./isabelle/bin/isabelle build -d . -v -b InfoFlow

Important Theories

The top-level theory where noninterference is proved for the seL4 abstract specification is Noninterference; it is transferred to the C implementation via refinement in the theory Noninterference_Refinement. The base theory where noninterference is (generically) defined is Noninterference_Base. The bottom-level theory where confidentiality is formalised over the seL4 abstract specification is InfoFlow. Confidentiality is a relational property and the theory EquivValid defines these generically for the nondeterministic state monad of the abstract specification.