Skip to content

Files

Latest commit

XaphiosisXaphiosis
infoflow: update for monadic rewrite changes
Jun 16, 2023
18cbdae · Jun 16, 2023

History

History
This branch is 630 commits behind seL4/l4v:master.

infoflow

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
ARM
ARM
Mar 29, 2023
RISCV64
RISCV64
Mar 29, 2023
figs
figs
Jul 14, 2014
refine
refine
Mar 29, 2023
tools
tools
Mar 13, 2020
ADT_IF.thy
ADT_IF.thy
Jan 25, 2023
Arch_IF.thy
Arch_IF.thy
Jan 25, 2023
CNode_IF.thy
CNode_IF.thy
Feb 9, 2023
Decode_IF.thy
Decode_IF.thy
Nov 11, 2021
ExampleSystemPolicyFlows.thy
ExampleSystemPolicyFlows.thy
Oct 4, 2021
FinalCaps.thy
FinalCaps.thy
Jan 25, 2023
Finalise_IF.thy
Finalise_IF.thy
Feb 9, 2023
IRQMasks_IF.thy
IRQMasks_IF.thy
Jan 25, 2023
InfoFlow.thy
InfoFlow.thy
Oct 4, 2021
InfoFlow_IF.thy
InfoFlow_IF.thy
Jan 9, 2023
InfoFlow_Image_Toplevel.thy
InfoFlow_Image_Toplevel.thy
Oct 4, 2021
Interrupt_IF.thy
Interrupt_IF.thy
Oct 4, 2021
Ipc_IF.thy
Ipc_IF.thy
Jun 16, 2023
Noninterference.thy
Noninterference.thy
Feb 9, 2023
Noninterference_Base.thy
Noninterference_Base.thy
Oct 4, 2021
Noninterference_Base_Alternatives.thy
Noninterference_Base_Alternatives.thy
Jan 24, 2023
Noninterference_Base_Refinement.thy
Noninterference_Base_Refinement.thy
Mar 13, 2020
PasUpdates.thy
PasUpdates.thy
Oct 4, 2021
PolicyExample.thy
PolicyExample.thy
Oct 4, 2021
PolicySystemSAC.thy
PolicySystemSAC.thy
Oct 4, 2021
README.md
README.md
Mar 30, 2023
Retype_IF.thy
Retype_IF.thy
Nov 11, 2021
Scheduler_IF.thy
Scheduler_IF.thy
Feb 9, 2023
Syscall_IF.thy
Syscall_IF.thy
Feb 9, 2023
Tcb_IF.thy
Tcb_IF.thy
Feb 9, 2023
UserOp_IF.thy
UserOp_IF.thy
Oct 4, 2021

README.md

Confidentiality Proof

This proof establishes that seL4 enforces information flow, and so enforces the security property of confidentiality. Information flow security is defined in terms of (intransitive) noninterference, and implies confidentiality: data cannot be inferred without appropriate read authority. This proof is described in a 2013 IEEE Symposium on Security and Privacy paper. This proof firstly establishes noninterference for seL4's abstract specification, building on top of the Access Control Proof, before transferring the noninterference result to the kernel's C implementation via the Design Spec Refinement Proof and the C Refinement Proof.

Building

To build for the ARM architecture from the l4v/ directory, run:

L4V_ARCH=ARM ./run_tests InfoFlow

Important Theories

The top-level theory where noninterference is proved for the seL4 abstract specification is Noninterference; it is transferred to the C implementation via refinement in the theory Noninterference_Refinement. The base theory where noninterference is (generically) defined is Noninterference_Base. The bottom-level theory where confidentiality is formalised over the seL4 abstract specification is InfoFlow. Confidentiality is a relational property and the theory EquivValid defines these generically for the nondeterministic state monad of the abstract specification.