%PDF-1.5
%ÐÔÅØ
99 0 obj
<<
/Length 469
/Filter /FlateDecode
>>
stream
xÚÅMoÔ@ïùsÜâØoN ¥T¹µ= Ý´]ÑM`”ñïñd²_
èEÊÆ~Ç~lª;
ê¼À’+É©
A§ñF-7ÅÂÉ!å¼l;Ñ|P_lH½ë/òíLƳFy§Á2g8OAOGÛgnäÝ66
ÁG&’«&-YnàÓå$¢%*e&¤Ûß6E}æ´”Ts«cD* Òr´RWæ¾-+6q1´LyÓ| AôE0¥!Ú×lÝìxr}#ÕçYI¸è»Õ×qÝwI# LÑq¢`k¢JÍ@9ÿjÌGUØxIÉCØñÞã÷áU]Ó¢Úïal7Cý_³ÝìÔÒ
«´
à¬M¨HZ,AÞJ[ìI¯}îõ´û¼^n’îoéßn»ö!Î!ΧLþ
/Length 75
/Filter /FlateDecode
>>
stream
x+TT(T0 BS*JUWÈSÐw.6TH.V0Ãâd|.TQ6PÈëËQÈPHSä*kf ¢ ¤bT9 dôè
endstream
endobj
108 0 obj
<<
/Length 109 0 R
/N 3
/Alternate /DeviceRGB
/Filter /FlateDecode
>>
stream
xwTSÙϽ7½Ð” %ôz Ò;HQIP&vDF)VdTÀG”cEb× òPÆÁQDEåÝk ï5óÞýÇYßÙç·×Ùgï}׺ PüÂtX4¡XîëÁËÄ÷XÀáffGøDÔü½=¨HƳöî.d»Û,¿P&sÖÿ”7C$
EÕ6<~&åS³Å2ÿÊô)212¡ ¢¬"ãįlö§æ+»É&ä¡Yμ4»PÞ%ᣡ%àg£|e½TI å÷(ÓÓøL 0_Ìç&¡l2Eîò Ä9¼rù9h x¦gäIb¦×iåèÈfúñ³Sùb1+ÃMáxLÏô´0¯oE%YmhíííYÖæhù¿Ùß~Sý=ÈzûUñ&ìÏAYßlì¬/½ ö$Z³¾U ´m@åá¬Oï ò ´Þól^Äâ'ììlsk.+è7ûoÊ¿9÷ËîûV;¦?#I3eE妧¦KDÌÌÏdý÷ÿãÀ9iÍÉÃ,Àñ
èUQè h»
<X.d
Õá6'~khu_ }
9P¸IÈo= C#$n?z}ë[1
Ⱦ¼h¯s2zþçúnáLA"Sæödr%¢,£ßlÁt
4.0,`
3pÞ H.Hi@²A>Ø
A1Øvjp ÔzÐN6pWÀ
pG@
ÁK0Þið¢Aª¤BÖZyCAP8ÅC@ùÐ&¨*ª¡CP=ô#tº]ú Ð 4ý}Óa
Ø ¶Ù°;GÂËàDxÀÛáJ¸>·Âáð ,
_Â@ÈÑFXñDBX$!k”¤©E¤¹Hqä¡aÆãYábVaÖbJ0ÕcVLæ6f3ù¥bÕ±¦X’¬?v 6-ÄV``[°±Øaì;ÇÀâp~¸2n5®·×»ëÃ
á&ñx¼*ÞïÁsðb|!¾
ßÆ¿’ Zk! $l$TçýÂ4Q¨Ot”yÄb)±ØA¼I&NI$R$)´TIj”]&=&½!É:dGrY@^O®$ _%?P(&OJEBÙN9J¹@y@yC¥R
¨nÔXªºZO½D}J}/G3óãÉ«kë{%O×w_.’_!Jþ¦ü¸QÁ@ÁS£°V¡Fá´Â=
IE¢bbbbâ5ÅQ%¼·O©@é°Ò%¥!BÓ¥yÒ¸´M´:ÚeÚ0G7¤ûÓéÅôè½ô e%e[å(ååå³ÊRÂ0`ø3R¥»ó4æ¹ÏãÏÛ6¯i^ÿ¼)ù*n*|”fªLUoÕÕªmªOÔ0j&jajÙjûÕ.«Ï§ÏwÏ_4ÿäüê°ºz¸újõÃê=ê¾U4Æ5nÉåç4Ç´hZµZåZçµ^0îÌTf%³9¡®í§-Ñ>¤Ý«=c¨³Xg£N³Î].[7A··SwBOK/X/_¯Qï¡>Q¤¿G¿[ÊÀÐ Ú`AÁ¨¡¡¿aa£ác#ª«Ñ*£Z£;Æ8c¶qñ>ã[&°IIÉMSØÔÞT`ºÏ´Ïkæh&4«5»Ç¢°ÜYY¬FÖ 9Ã<È|£yù+=XÝ_,í,S-ë,Y)YXm´ê°úÃÚÄk]c}Çjãc³Î¦Ý浩-ßv¿í};]°Ý»N»Ïöö"û&û1=x½÷Øtv(»}Õëèá¸Îñã'{'±ÓI§ßYÎ)Î
ΣðÔ-rÑqá¸r.d._xp¡ÔUÛãZëúÌM×çvÄmÄÝØ=Ùý¸û+KGǧçÏ^¯WW¯·÷bïjï§>:>>>¾v¾«}/øaýývúÝó×ðçú×ûO8¬ è
¤FV>2 uÃÁÁ»/Ò_$ÔBüCv
< 5]ús.,4¬&ìy¸Ux~xw-bEDCÄ»HÈÒÈGKwFÉGÅEÕGME{EEKX,Y³äFZ ¦={$vr©÷ÒÝKãìâ
ãî.3³ìÚrµå©ËÏ®_ÁYq*ßÿ©åL®ô_¹wå×»ûçÆ+çñ]øeü²ÑDÄ]cI®IIãOAµàu²_òä©£)3©Ñ©Íi´ø´ÓB%a°+]3='½/Ã4£0CºÊiÕîU¢@ÑL(sYf»þLõH$%Y³j²ÞgGeÊQÌæôäänËÉóÉû~5f5wug¾vþüÁ5îk
Ö®Û¹Nw]Áºáõ¾ëm mHÙðËFËeßnÞÔQ Q°¾`h³ïæÆB¹BQá½-Î[lÅllíÝf³jÛ"^ÑõbËââO%ÜëßY}WùÝÌöí½¥ö¥ûwàvwÜÝéºóXbY^ÙЮà]åÌò¢ò·»Wì¾Va[q`id´2¨²½J¯jGÕ§ê¤êæ½ê{·íÚÇÛ׿ßmÓÅ>¼È÷PkAmÅaÜá¬ÃÏë¢êº¿g_DíHñÏG
G¥ÇÂuÕ;Ô×7¨76ÂƱãqÇoýàõC{«éP3£¹ø8!9ñâÇøï<Ùy}ªé'ýö¶ÐZZ¡ÖÜÖ¶¤6i{L{ßéÓÎ-?ÿ|ôö³ÊgKÏÎ9w~òBÆ
ñ:Wt>º´äÒ®°®Þ˯^ñ¹r©Û½ûüU«g®9];}}½íýÖ»_ì~iéµïm½ép³ýã¾}çú]û/Þöº}åÿúî.¾{ÿ^Ü=é}ÞýÑ©^?Ìz8ýhýcì㢒
O*ª?ýÕø×f©½ôì ×`ϳg¸C/ÿù¯OÃÏ©Ï+F´FêGGÏùÝz±ôÅð
5 Comments
coldblues
https://genode.org/index
An operating system with seL4 support
hackpelican
Does the OS that lies on top of this kernel need to be formally verified as well for the security guarantees to hold?
nimish
SeL4 is proof that microkernels are safe, efficient and scalable yet we are stuck with big honking Linux kernels in 2025. That said more and more drivers moving usermode anyway so it's a wash in the end.
mmooss
SeL4 is old news – not a criticism, but has anyone added another formally proven layer or component? (Edit: I mean new components beyond the microkernel, not improvements to the microkernel.)
Also, I suspect some people – maybe some on HN :) – get emotional overload when they see the word 'proof' and their intellectual functions stop. It's not a panacea for the infinite problem of secure IT; it isn't a way to create or discover a perfect and flawless diamond of software. IIUC it means it's proven to meet specific requirements in specific conditions, and those requirements and conditions can be quite narrow; and it says nothing about other functions and conditions that are out of spec. Is that roughly correct?
What does it mean in practical terms? What does a security professional see when they see 'formally proven software'?
What are the specs that SeL4 meet (no, I haven't looked at the OP in a long time)? Isn't that the essential information here?
hannob
L4 was popular at my university (Karlsruhe). While I never really looked into it in any detail, it always appeared to me like a project that is primarily interested in testing some theoretical ideas, but not in building anything that would be practically useful.
That was 20 years ago. As far as I can tell, this has not changed. (Quick googling tells me there appear to be some efforts to build an OS on it, but they all look more like proof of concepts, not like something with real-world use.)