A Formal Model of the L4 μ-kernel API Using the B Method
نویسندگان
چکیده
The increasing dependence of modern society on information systems increases the need for secure operating system kernels. Formal methods offer a way to achieve such high-level security, however they require a significant investment of time, and are not well suited for large kernels such as that of Linux. μ-kernels offer an alternative which is both elegant, and possibly small enough to make formal specification tractable. The L4 Pilot project aims to investigate various approaches towards the formalisation of the L4 μ-kernel and evaluating its feasibility. In order to make formal verification of a system possible its behaviour, functionality and external interface must be clearly mapped out and understood. This thesis concerns the creation of a formal model of the L4 “Pistachio” API using the B Method.
منابع مشابه
The B-Method for the Construction of Microkernel-Based Systems
Microkernels have been developed to minimize the size of software that needs to run in privileged CPU-Mode. They provide only a set of general hardware abstractions, which then can be used to implement an operating system with a high level of reliability and security on top. L4 is a second generation microkernel based on the principles of minimalism, flexibility and efficiency. Its small size (...
متن کاملFormalising the L4 microkernel API
This paper gives an overview of a pilot project on the specification and verification of the L4 highperformance microkernel. Of the three aspects examined in the project, we describe one in more detail: the formalisation of the kernel’s Application Programming Interface using the B Method. We conclude that machine-supported formal verification of software is at a turning point; that it is now f...
متن کاملA Physically-addressed L4 Kernel
All current implementations of the L4 microkernel map thread control blocks (TCBs) into a linear array in virtual memory, a decision that was originally made almost entirely for the performance advantages it offers on the Intel 486 platform. The drawback of this design choice is that page faults generated within L4 complicate the kernel and in particular its verification by formal methods. An a...
متن کاملHigh-Performance Microkernels and Virtualisation on ARM and Segmented Architectures
This paper describes the techniques used to achieve high context-switching performance on ARM processors for the L4 microkernel and a para-virtualised Linux running on top. We examine how the previously-published techniques can be used in L4 with minimal changes to the kernel API. We also propose future API changes which make it easier to maximise memory-management performance, not only on ARM ...
متن کاملTwo Phase Flow Pressure Drop Calculation Using Homogeneous Equilibrium Model
Although two-phase flow is frequently encountered in various location of the process plants, there is no a general accepted and verified two-phase flow model that may be used to size lines for such conditions. An obvious example is condensate water return lines. The API method that used in this study is based on the homogeneous equilibrium flow assumption, that is, equal velocity and equal temp...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004