

SeL4: OS with formal correctness + security proof - contingencies
http://sel4.systems/

======
contingencies
_seL4 can run Linux in a virtual machine._ (x86 + Intel VT-x + EPT + MSI
HPET). _We are working on supporting virtualised Linux on ARM processors with
virtualisation extensions (presently A15 /A7 cores), a release should not be
far off._

Apparently _seL4 is the world’s only hypervisor with a sound worst-case
execution-time (WCET) analysis, and as such the only one that can give you
actual real-time guarantees, no matter what others may be claiming._

Naturally _the confidentiality proof makes no guarantees about the absence of
covert timing channels._

From
[http://sel4.systems/FAQ/#virtualisation](http://sel4.systems/FAQ/#virtualisation)

------
contingencies
[http://youtu.be/lRndE7rSXiI](http://youtu.be/lRndE7rSXiI)

 _The implementation is correct against this abstract specification ... so
bug-free, etc. The implications, there 's many of them, but just a few obvious
ones: it's not possible for this kernel to have a buffer overflow; it cannot -
it provably does not use uninitialized variables or dereference null pointers,
there's no stack smashing, you can't have code injection, there's no return
oriented programming. Any of that stuff is just not possible - provably. So
that's nice!_

