seL4 is the world's first operating system (OS) kernel with a proof of implementation correctness, followed by proofs of security enforcement; it is at the same time the benchmark for microkernel performance. The seL4 Microkit is a minimal seL4-based OS framework aimed at embedded and cyberphysical systems. TS is presently developing the Lions OS, a highly modular OS based on the Microkit. It uses the same approach as the high-performance seL4 device driver framework.

Lions OS is designed for simplicity and strong separation of concerns. This meand that many of the components making up the OS have very simple implementation, which should enable their formal verification, ideally using “push-button” techniques based on SMT solvers, which were already successfully used in the verification of the Microkit. This project is to investigate the use of SMT solvers to automatically verify Lions OS components.


School of Computer Science & Engineering

The Trustworthy Systems (TS) Group is the pioneer in formal (mathematical) correctness and security proofs of computer systems software. Its formally verified seL4 microkernel, now backed by the seL4 Foundation, is deployed in real-world systems ranging from defence systems via medical devices, autonomous cars to critical infrastructure. The group's vision is to make verified software the standard for security- and safety-critical systems. Core to this a focus on performance as well as making software verification more scalable and less expensive.

  • formal specification of one Lions-OS component
  • successful verification of at least a subset of the specified functionality
  • report describing experience verifying an OS component using SMT solvers
  • potentially pull requests against the Lions-OS implementation
Scientia Professor and John Lions Chair Gernot Heiser
Scientia Professor and John Lions Chair