Proof that seL4 enforces confidentiality established for RISC-V

In July, we announced that the assurance story for seL4 on RISC-V keeps building, with the completion of the proof that seL4 enforces integrity, following the earlier proofs of functional correctness and binary correctness for seL4 on RISC-V.

The next step in the assurance stack is now also completed for RISC-V with the proof that seL4 enforces confidentiality, i.e. that seL4 provably enforces information flow control, when it is correctly configured to do so.

"This completes the 3 big CIA security properties for seL4 on RISC-V: confidentiality, integrity and availability. While integrity ensures there is no unauthorised interference with private data, confidentiality ensures there is no unauthorised access to private data”, says Gernot Heiser, chair of the seL4 Foundation.

We thank Ryan Barry of the Trustworthy Systems group at UNSW, main author of these proofs! We also gratefully acknowledge funding from the Australian Research Council through grant DP190103743 which has enabled this work. The proof is available on GitHub.

1 Like