Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Microkernel
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Third generation== More recent work on microkernels has been focusing on formal specifications of the kernel API, and formal proofs of the API's security properties and implementation correctness. The first example of this is a mathematical proof of the confinement mechanisms in EROS, based on a simplified model of the EROS API.<ref>{{cite conference |first1 = Jonathan S. |last1 = Shapiro |last2 = Weber |first2 = Samuel |title = Verifying the EROS Confinement Mechanism |conference = IEEE Conference on Security and Privacy |url = http://www.eros-os.org/papers/oakland2000.ps |url-status = dead |archive-url = https://web.archive.org/web/20160303174121/http://www.eros-os.org/papers/oakland2000.ps |archive-date = 3 March 2016 }}</ref> More recently (in 2007) a comprehensive set of machine-checked proofs was performed of the properties of the protection model of [[L4 microkernel family#High assurance: seL4|seL4]], a version of L4.<ref>{{Cite book | first1 = Dhammika | last1 = Elkaduwe | first2 = Gerwin | last2 = Klein | first3 = Kevin | last3 = Elphinstone | title = Verified Protection Model of the seL4 Microkernel | year = 2007 | publisher = submitted for publication | url = http://ertos.org/publications/papers/Elkaduwe_GE_07.abstract | access-date = 10 October 2007 | archive-date = 29 November 2011 | archive-url = https://web.archive.org/web/20111129122037/http://ertos.org/publications/papers/Elkaduwe_GE_07.abstract | url-status = usurped }}</ref> This has led to what is referred to as ''third-generation microkernels'',<ref Name="Klein_EHACDEEKNSTW_09"> {{cite conference | first1 = Gerwin | last1 = Klein | last2 = Elphinstone | first2 = Kevin | last3 = Heiser | first3 = Gernot | last4 = Andronick | first4 = June | last5 = Cock | first5 = David | last6 = Derrin | first6 = Philip | last7 = Elkaduwe | first7 = Dhammika | last8 = Engelhardt | first8 = Kai | last9 = Kolanski | first9 = Rafal | last10 = Norrish | first10 = Michael | last11 = Sewell | first11 = Thomas | last12 = Tuch | first12 = Harvey | last13 = Winwood | first13 = Simon | title = seL4: Formal verification of an OS kernel | conference = 22nd ACM Symposium on Operating System Principles | date = October 2009 | location = Big Sky, MT, USA | url = http://www.sigops.org/sosp/sosp09/papers/klein-sosp09.pdf }}</ref> characterised by a security-oriented API with resource access controlled by [[capability-based security|capabilities]], [[virtual machines#System virtual machines|virtualization]] as a first-class concern, novel approaches to kernel resource management,<ref Name="Elkaduwe_DE_08">{{cite conference | first1 = Dhammika | last1 = Elkaduwe | last2 = Derrin | first2 = Philip | last3 = Elphinstone | first3 = Kevin | title = Kernel design for isolation and assurance of physical memory | conference = 1st Workshop on Isolation and Integration in Embedded Systems | date = April 2008 | location = Glasgow, UK | doi = 10.1145/1435458 | url = http://ertos.nicta.com.au/publications/papers/Elkaduwe_DE_08.abstract | access-date = 17 August 2009 | archive-url = https://web.archive.org/web/20100424035229/http://www.ertos.nicta.com.au/publications/papers/Elkaduwe_DE_08.abstract | archive-date = 24 April 2010 | url-status = dead | url-access = subscription }}</ref> and a design goal of suitability for [[formal methods|formal analysis]], besides the usual goal of high performance. Examples are [[Coyotos]], [[L4 microkernel family#High assurance: seL4|seL4]], Nova,<ref name="TUD">{{cite web |url=http://www.inf.tu-dresden.de/index.php?node_id=2697 |date=12 August 2010 |title=TUD Home: Operating Systems: Research: Microkernel & Hypervisor |work=Faculty of Computer Science |publisher=Technische Universität Dresden |access-date=5 November 2011 |archive-url=https://web.archive.org/web/20120406021703/http://www.inf.tu-dresden.de/index.php?node_id=2697 |archive-date=6 April 2012 |url-status=dead}}</ref><ref Name="Steinberg_Kauer_EuroSys_2010"> {{cite conference | first1 = Udo | last1 = Steinberg | first2 = Bernhard | last2 = Kauer | title = NOVA: A Microhypervisor-Based Secure Virtualization Architecture | conference = Eurosys 2010 | date = April 2010 | location = Paris, France | pages=209–222 | doi = 10.1145/1755913.1755935 }}</ref> [[Redox (operating system)|Redox]] and Fiasco.OC.<ref name="TUD"/><ref name=Lackor_Warg_IIES_09>{{cite conference | first1 = Adam | last1 = Lackorzynski | first2 = Alexander | last2 = Warg | title = Taming Subsystems – Capabilities as Universal Resource Access Control in L4 | conference = IIES'09: Second Workshop on Isolation and Integration in Embedded Systems | date = March 2009 | location = [[Nuremberg]], Germany | url = http://portal.acm.org/citation.cfm?id=1519135&dl=ACM | citeseerx = 10.1.1.629.9845 }}</ref> In the case of seL4, complete formal verification of the implementation has been achieved,<ref Name="Klein_EHACDEEKNSTW_09"/> i.e. a mathematical proof that the kernel's implementation is consistent with its formal specification. This provides a guarantee that the properties proved about the API actually hold for the real kernel, a degree of assurance which goes beyond even CC EAL7. It was followed by proofs of security-enforcement properties of the API, and a proof demonstrating that the executable binary code is a correct translation of the C implementation, taking the compiler out of the TCB. Taken together, these proofs establish an end-to-end proof of security properties of the kernel.<ref name="Klein_AEMSKH_14">{{cite journal | last1 = Klein | first1 = Gerwin | last2 = Andronick | first2 = June | last3 = Elphinstone | first3= Kevin | last4 = Murray | first4 = Toby | last5 = Sewell | first5 = Thomas | last6 = Kolanski | first6 = Rafal | last7 = Heiser | first7 = Gernot | date = February 2014 | title = Comprehensive Formal Verification of an OS Microkernel | journal = ACM Transactions on Computer Systems | volume = 32 | issue = 1 | pages = 2:1–2:70 | doi = 10.1145/2560537 | s2cid = 4474342 }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)