Formal Modelling of Separation Kernel Components

  • Andrius Velykis
  • Leo Freitas
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6255)


Separation kernels are key components in embedded applications. Their small size and widespread use in high-integrity environments make them good targets for formal modelling and verification. We summarise results from the mechanisation of a separation kernel scheduler using the Z/Eves theorem prover. We concentrate on key data structures to model scheduler operations. The results are part of an experiment in a Grand Challenge in software verification, as part of a pilot project in verified OS kernels. The project aims at creating a mechanised formal model of kernel components that gets refined to code. This provides a set of reusable components, proof strategies, and general lemmas. Important findings about properties and requirements are also discussed.


Kernel grand challenge formal models proof 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barden, R., et al.: Z in Practice. Prentice Hall, Englewood Cliffs (1994)zbMATHGoogle Scholar
  2. 2.
    Bicarregui, J., et al.: The verified software repository. Formal Aspects of Computing 18(2), 143–151 (2006)zbMATHCrossRefGoogle Scholar
  3. 3.
    Berry, R.: A free real-time operating system (FreeRTOS)Google Scholar
  4. 4.
    Boerger, E.: Refinement of distributed agents. In: Dagstuhl Seminar 09381 (2009)Google Scholar
  5. 5.
    Cohen, E., et al.: VCC: A practical system for verifying concurrent C. In: Urban, C. (ed.) TPHOLs 2009. LNCS, vol. 5674, pp. 23–42. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Craig, I.D.: Formal Refinement for Operating System Kernels. Springer, Heidelberg (2007)Google Scholar
  7. 7.
    Freitas, L.: Proving Theorems with Z/Eves. T. Report, University of Kent (2004)Google Scholar
  8. 8.
    Freitas, L., et al.: Posix and the verification grand challenge: A roadmap. In: 13th ICECCS, pp. 153–162. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  9. 9.
    Freitas, L.: Extended Z mathematical toolkit – Verified Software Repository. Technical Report CRG13, University of York (2008)Google Scholar
  10. 10.
    Freitas, L.: Mechanising data-types for kernel design in Z. In: Oliveira, M.V.M., Woodcock, J. (eds.) SBMF 2009. LNCS, vol. 5902, pp. 186–203. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Hall, A., Chapman, R.: Correctness by Construction: Developing a Commercial Secure System. IEEE Software 19(1), 18–25 (2002)CrossRefGoogle Scholar
  12. 12.
    Jones, C., Woodcock, J. (eds.): Formal Aspects of Computing: Special Issue on the Mondex Verification, vol. 20(1). Springer, Heidelberg (2008)Google Scholar
  13. 13.
    Klein, G., et al.: seL4: Formal verification of an OS kernel. In: 22nd ACM Symposium on Operating Systems Principles (SOSP). ACM, New York (2009)Google Scholar
  14. 14.
    McDermott, J., Freitas, L.: Formal security policy of Xenon. In: FMSE (2008)Google Scholar
  15. 15.
    Rushby, J.M.: Design and verification of secure systems. ACM SIGOPS Operating Systems Review 15(5), 12–21 (1981)CrossRefGoogle Scholar
  16. 16.
    Saaltink, M.: Z/Eves 2.2 User’s Guide. Technical report, ORA (1999)Google Scholar
  17. 17.
    Saaltink, M.: Z/Eves 2.2 Mathematical Toolkit. Technical report, ORA (2003)Google Scholar
  18. 18.
    SKPP: U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness, v.1.0.3. National Security Agency (June 2007)Google Scholar
  19. 19.
    Velykis, A.: Formal modelling of separation kernels. Master’s thesis, Department of Computer Science, University of York (2009)Google Scholar
  20. 20.
    Woodcock, J., Davies, J.: Using Z. Prentice-Hall, Englewood Cliffs (1996)zbMATHGoogle Scholar
  21. 21.
    Woodcock, J.: First steps in the verified software grand challenge. IEEE Computer 39(10), 57–64 (2006)Google Scholar
  22. 22.
    Woodcock, J., Larsen, P.G., Bicarregui, J., Fitzgerald, J.: Formal Methods: Practice and Experience. ACM Computing Surveys (2009) (in Press)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Andrius Velykis
    • 1
  • Leo Freitas
    • 1
  1. 1.University of YorkUK

Personalised recommendations