Announcement

Collapse
No announcement yet.

seL4 Micro-Kernel Working Towards A General-Purpose, Multi-Server OS

Collapse
X
Collapse
 
  • Page of 5
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 template Next
  • Luke_Wolf
    replied
    Originally posted by brouhaha View Post

    Geez, a bunch of people here seem to think that software reliability is all or nothing, and that having a reliable kernel is useless.
    Hardly, the difference is that seL4 makes a very specific claim that having complete code coverage of testing makes them magically more secure and reliable than other microkernels, when the truth is that the piece of code they have complete coverage on is but a tiny portion of the stack, and so while there are advantages that microkernels provide in terms of security and reliability, seL4 isn't really all that special... and its benefit is meaningless outside of tightly controlled embedded environments where you can certify the entire stack.

    But even then that certification basically just means that that software does what the Requirements Docs say it does. If the requirements documents say "Send passwords in clear text" then as long as it does that then it's "proven".

    Leave a comment:

  • pal666
    replied
    Originally posted by brouhaha View Post
    Geez, a bunch of people here seem to think that software reliability is all or nothing, and that having a reliable kernel is useless.
    having unusable kernel is useless
    • Likes 1

    Leave a comment:

  • pal666
    replied
    Originally posted by kvuj View Post
    I love what Linux stands for (user freedom / open source), but I would gladly accept a smaller & more secure kernel if there weren't too many compromises.
    smaller kernel comes with smaller(read: non-existent) userspace
    • Likes 1

    Leave a comment:

  • brouhaha
    replied
    Originally posted by Rallos Zek View Post

    That's just the kernel part that has been verified, none of the drivers and glue code which would make it work has had the same testing or verification applied to them.
    Geez, a bunch of people here seem to think that software reliability is all or nothing, and that having a reliable kernel is useless.
    • Likes 5

    Leave a comment:

  • Luke_Wolf
    replied
    Originally posted by bofh80

    Yes it would. It's not a security flaw if all you have is a crashed driver. duh.
    Ah yes because it's not as if a Network Protocol Stack contains information that would potentially be bad to have leaked or anything, which is what Bleeding Tooth is as much about.

    Leave a comment:

  • Luke_Wolf
    replied
    Originally posted by kvuj View Post

    Bleeding tooth?

    I love what Linux stands for (user freedom / open source), but I would gladly accept a smaller & more secure kernel if there weren't too many compromises.
    I guess? But that's a driver bug that seL4 having complete test coverage wouldn't have protected against either. Microkernel architecture in general could potentially stop the privilege escalation (you actually need certain hardware guarantees around memory access) but it wouldn't stop the underlying security flaw.

    Leave a comment:

  • kvuj
    replied
    Originally posted by Luke_Wolf View Post

    Come to think of it... when was the last time there was actually a significant Linux kernel exploit rather than a hardware exploit or a userspace exploit?
    Bleeding tooth?

    I love what Linux stands for (user freedom / open source), but I would gladly accept a smaller & more secure kernel if there weren't too many compromises.
    • Likes 2

    Leave a comment:

  • Luke_Wolf
    replied
    Originally posted by pal666 View Post
    Formal verification (alias proof of correctness) has been found to be as error-prone as software construction itself, and for that and other reasons it is unlikely to be that silver bullet (Glass 2002).
    Come to think of it... when was the last time there was actually a significant Linux kernel exploit rather than a hardware exploit or a userspace exploit?
    • Likes 1

    Leave a comment:

  • Luke_Wolf
    replied
    Originally posted by microcode View Post

    No, this is not TDD; this is an actual system of mathematical and symbolic proofs. It is a completely different galaxy of verification.

    Something that you get with proofs that you do not get with tests, is a complete picture of what the code could do (assuming the processor is functioning as designed, and your model of it is accurate), not just the subset of what it should/might do that you think of when you're writing tests.


    Congratulations on being scooped up by marketing. No It's literally just as I said. Oh boy you have 100% code coverage on your tests which means you were following TDD. "Mathematically Proven" is as much a bullshit term as "Artificial Intelligence". It is only suitable for annoying actual developers.
    • Likes 1

    Leave a comment:

  • pal666
    replied
    Originally posted by Rallos Zek View Post
    That's just the kernel part that has been verified, none of the drivers and glue code which would make it work has had the same testing or verification applied to them.
    btw :
    Formal verification (alias proof of correctness) has been found to be as error-prone as software construction itself, and for that and other reasons it is unlikely to be that silver bullet (Glass 2002).
    Last edited by pal666; 07 February 2021, 12:39 PM.

    Leave a comment:

Previous 1 2 3 4 5 template Next
Working...
X