Extending the Noninterference Version of MLS for SAT
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Kit: A Study in Operating System Verification
IEEE Transactions on Software Engineering
Improving IPC by kernel design
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Communications of the ACM
Interface and execution models in the Fluke kernel
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Linux as a case study: its extracted software architecture
Proceedings of the 21st international conference on Software engineering
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Specification and verification of the UCLA Unix security kernel
Communications of the ACM
The nucleus of a multiprogramming system
Communications of the ACM
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
Formal Construction of the Mathematically Analyzed Separation Kernel
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Analyzing Security-Enhanced Linux Policy Specifications
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Scale and performance in the Denali isolation kernel
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Verifying information flow goals in security-enhanced Linux
Journal of Computer Security - Special issue on WITS'03
Formal certification of a compiler back-end or: programming a compiler with a proof assistant
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Running the manual: an approach to high-assurance microkernel development
Proceedings of the 2006 ACM SIGPLAN workshop on Haskell
Proceedings of the 13th ACM conference on Computer and communications security
Types, bytes, and separation logic
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proving that programs eventually do something good
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Language support for fast and reliable message-based communication in singularity OS
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
A robust machine code proof framework for highly secure applications
ACL2 '06 Proceedings of the sixth international workshop on the ACL2 theorem prover and its applications
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Secure virtual architecture: a safe execution environment for commodity operating systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Towards a practical, verified kernel
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
A Formal Model of Memory Peculiarities for the Verification of Low-Level Operating-System Code
Electronic Notes in Theoretical Computer Science (ENTCS)
Kernel design for isolation and assurance of physical memory
Proceedings of the 1st workshop on Isolation and integration in embedded systems
Data Refinement: Model-Oriented Proof Methods and their Comparison
Data Refinement: Model-Oriented Proof Methods and their Comparison
Journal of Automated Reasoning
Formal Verification of C Systems Code
Journal of Automated Reasoning
Journal of Automated Reasoning
Experience report: seL4: formally verifying a high-performance microkernel
Proceedings of the 14th ACM SIGPLAN international conference on Functional programming
Hypervisors for consumer electronics
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Software verification with BLAST
SPIN'03 Proceedings of the 10th international conference on Model checking software
Isabelle/HOL: a proof assistant for higher-order logic
Isabelle/HOL: a proof assistant for higher-order logic
Using XCAP to certify realistic systems code: machine context management
TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
Formal pervasive verification of a paging mechanism
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
The multikernel: a new OS architecture for scalable multicore systems
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Virtually eliminating router bugs
Proceedings of the 5th international conference on Emerging networking experiments and technologies
FM '09 Proceedings of the 2nd World Congress on Formal Methods
From higher-order logic to Haskell: there and back again
Proceedings of the 2010 ACM SIGPLAN workshop on Partial evaluation and program manipulation
Operating system development with ATS: work in progress
Proceedings of the 4th ACM SIGPLAN workshop on Programming languages meets program verification
PLOS 2009: fifth workshop on programming languages and operating systems
ACM SIGOPS Operating Systems Review
Filet-o-fish: practical and dependable domain-specific languages for OS development
ACM SIGOPS Operating Systems Review
ACM Inroads
Special issue on practical aspects of automated reasoning
AI Communications - Practical Aspects of Automated Reasoning
Capability wrangling made easy: debugging on a microkernel with valgrind
Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Filet-o-Fish: practical and dependable domain-specific languages for OS development
Proceedings of the Fifth Workshop on Programming Languages and Operating Systems
NOVA: a microhypervisor-based secure virtualization architecture
Proceedings of the 5th European conference on Computer systems
Safe to the last instruction: automated verification of a type-safe operating system
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Phone virtualization using a microkemel hypervisor
IMSAA'09 Proceedings of the 3rd IEEE international conference on Internet multimedia services architecture and applications
Compilation and virtualization in the HiPEAC vision
Proceedings of the 47th Design Automation Conference
The OKL4 microvisor: convergence point of microkernels and hypervisors
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
capDL: a language for describing capability-based systems
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
Using formal methods for security in the Xenon project
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
VeriML: typed computation of logical terms inside a language with effects
Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
Proceedings of the 17th ACM conference on Computer and communications security
Seeding clouds with trust anchors
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
The road to trustworthy systems
Proceedings of the fifth ACM workshop on Scalable trusted computing
Implementing an application-specific credential platform using late-launched mobile trusted module
Proceedings of the fifth ACM workshop on Scalable trusted computing
Requirements for an integrity-protected hypervisor on the x86 hardware virtualized architecture
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Formal modelling of separation kernel components
ICTAC'10 Proceedings of the 7th International colloquium conference on Theoretical aspects of computing
Language-based verification will change the world
Proceedings of the FSE/SDP workshop on Future of software engineering research
Automated verification of a small hypervisor
VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Pervasive verification of an OS microkernel: inline assembly, memory consumption, concurrent devices
VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
The L4.verified project: next steps
VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Trace-based verification of imperative programs with I/O
Journal of Symbolic Computation
Automated reasoning and presentation support for formalizing mathematics in Mizar
AISC'10/MKM'10/Calculemus'10 Proceedings of the 10th ASIC and 9th MKM international conference, and 17th Calculemus conference on Intelligent computer mathematics
A wiki for Mizar: motivation, considerations, and initial prototype
AISC'10/MKM'10/Calculemus'10 Proceedings of the 10th ASIC and 9th MKM international conference, and 17th Calculemus conference on Intelligent computer mathematics
HotDep'10 Proceedings of the Sixth international conference on Hot topics in system dependability
Trust and protection in the Illinois browser operating system
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
dBug: systematic evaluation of distributed systems
SSV'10 Proceedings of the 5th international conference on Systems software verification
Correctness proofs for device drivers in embedded systems
SSV'10 Proceedings of the 5th international conference on Systems software verification
Lyrebird: assigning meanings to machines
SSV'10 Proceedings of the 5th international conference on Systems software verification
Towards proving security in the presence of large untrusted components
SSV'10 Proceedings of the 5th international conference on Systems software verification
Type safety from the ground up
Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
Dafny: an automatic program verifier for functional correctness
LPAR'10 Proceedings of the 16th international conference on Logic for programming, artificial intelligence, and reasoning
Small trusted primitives for dependable systems
ACM SIGOPS Operating Systems Review
Abstract specification and formalization of an operating system kernel in Z
ACM SIGOPS Operating Systems Review
Certification of thread context switching
Journal of Computer Science and Technology
From a verified kernel towards verified systems
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
From a proven correct microkernel to trustworthy large systems
FoVeOOS'10 Proceedings of the 2010 international conference on Formal verification of object-oriented software
A declarative language approach to device configuration
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
Verifying security properties of internet protocol stacks: The split verification approach
Journal of Systems Architecture: the EUROMICRO Journal
Beyond provable security verifiable IND-CCA security of OAEP
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
The open theory standard theory library
NFM'11 Proceedings of the Third international conference on NASA Formal methods
What if you could actually trust your kernel?
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Provable Security: how feasible is it?
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
MOMMIE knows best: systematic optimizations for verifiable distributed algorithms
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Caisson: a hardware description language for secure information flow
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Mostly-automated verification of low-level programs in computational separation logic
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Finding and understanding bugs in C compilers
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
Modular specification and verification of interprocess communication
Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design
Security versus energy tradeoffs in host-based mobile malware detection
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
Proceedings of the 38th annual international symposium on Computer architecture
Specifying and verifying the SYNERGY reconfiguration protocol with LOTOS NT and CADP
FM'11 Proceedings of the 17th international conference on Formal methods
Composable security analysis of OS services
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Towards formal proof script refactoring
MKM'11 Proceedings of the 18th Calculemus and 10th international conference on Intelligent computer mathematics
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
Modular verification of preemptive OS kernels
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Characteristic formulae for the verification of imperative programs
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Preliminary design of the SAFE platform
PLOS '11 Proceedings of the 6th Workshop on Programming Languages and Operating Systems
Safe to the last instruction: automated verification of a type-safe operating system
Communications of the ACM
Software fault isolation with API integrity and multi-principal modules
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Breaking up is hard to do: security and functionality in a commodity hypervisor
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Logical attestation: an authorization architecture for trustworthy computing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Practical software model checking via dynamic interface reduction
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Trusted virtual domains on OKL4: secure information sharing on smartphones
Proceedings of the sixth ACM workshop on Scalable trusted computing
Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
L4Android: a generic operating system framework for secure smartphones
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Unicorn: two-factor attestation for data security
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the 18th ACM conference on Computer and communications security
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms
Proceedings of the 18th ACM conference on Computer and communications security
Eliminating the hypervisor attack surface for a more secure cloud
Proceedings of the 18th ACM conference on Computer and communications security
The web interface should be radically refactored
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Summary of PLOS 2011: the sixth workshop on programming languages and operating systems
ACM SIGOPS Operating Systems Review
Static and user-extensible proof checking
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Protected hard real-time: the next frontier
Proceedings of the Second Asia-Pacific Workshop on Systems
CertiKOS: a certified kernel for secure cloud computing
Proceedings of the Second Asia-Pacific Workshop on Systems
A Declarative Language Approach to Device Configuration
ACM Transactions on Computer Systems (TOCS) - Special Issue APLOS 2011
Reliability, thermal, and power modeling and optimization
Proceedings of the International Conference on Computer-Aided Design
A case for secure and scalable hypervisor using safe language
Proceedings of the 2012 International Workshop on Programming Models and Applications for Multicores and Manycores
Local verification of global invariants in concurrent programs
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Architectural support for hypervisor-secure virtualization
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Practical limits on software dependability: a case study
Ada-Europe'10 Proceedings of the 15th Ada-Europe international conference on Reliable Software Technologies
Isolating commodity hosted hypervisors with HyperLock
Proceedings of the 7th ACM european conference on Computer Systems
Delusional boot: securing hypervisors without massive re-engineering
Proceedings of the 7th ACM european conference on Computer Systems
Improving interrupt response time in a verifiable protected microkernel
Proceedings of the 7th ACM european conference on Computer Systems
A formally verified OS kernel. now what?
ITP'10 Proceedings of the First international conference on Interactive Theorem Proving
A trustworthy monadic formalization of the ARMv7 instruction set architecture
ITP'10 Proceedings of the First international conference on Interactive Theorem Proving
A road to a formally verified general-purpose operating system
ISARCS'10 Proceedings of the First international conference on Architecting Critical Systems
Modeling TCG-Based secure systems with colored petri nets
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Dependable and Historic Computing
Trust extension for commodity computers
Communications of the ACM
versat: a verified modern SAT solver
VMCAI'12 Proceedings of the 13th international conference on Verification, Model Checking, and Abstract Interpretation
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
Verification of TLB virtualization implemented in c
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Parametric verification of address space separation
POST'12 Proceedings of the First international conference on Principles of Security and Trust
VM aware journaling: improving journaling file system performance in virtualization environments
Software—Practice & Experience
Large-scale formal verification in practice: a process perspective
Proceedings of the 34th International Conference on Software Engineering
To preempt or not to preempt, that is the question
Proceedings of the Asia-Pacific Workshop on Systems
Correct, fast, maintainable: choose any three!
Proceedings of the Asia-Pacific Workshop on Systems
Challenges and experiences in managing large-scale proofs
CICM'12 Proceedings of the 11th international conference on Intelligent Computer Mathematics
Establishing browser security guarantees through formal shim verification
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Policy-sealed data: a new abstraction for building trusted cloud services
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Enhanced operating system security through efficient and fine-grained address space randomization
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Reasoning about i/o in functional programs
CEFP'11 Proceedings of the 4th Summer School conference on Central European Functional Programming School
xmonad in Coq (experience report): programming a window manager in a proof assistant
Proceedings of the 2012 Haskell Symposium
Trustworthy execution on mobile devices: what security properties can my mobile platform give me?
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Verifying system integrity by proxy
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Electronic Notes in Theoretical Computer Science (ENTCS)
Operating system support for redundant multithreading
Proceedings of the tenth ACM international conference on Embedded software
Proceedings of the 2012 ACM conference on Computer and communications security
Proceedings of the 2012 ACM conference on Computer and communications security
BottleCap: a credential manager for capability systems
Proceedings of the seventh ACM workshop on Scalable trusted computing
To preempt or not to preempt, that is the question
APSys'12 Proceedings of the Third ACM SIGOPS Asia-Pacific conference on Systems
Correct, fast, maintainable - choose any three!
APSys'12 Proceedings of the Third ACM SIGOPS Asia-Pacific conference on Systems
Is Linux kernel oops useful or not?
HotDep'12 Proceedings of the Eighth USENIX conference on Hot Topics in System Dependability
Automatic OS kernel TCB reduction by leveraging compile-time configurability
HotDep'12 Proceedings of the Eighth USENIX conference on Hot Topics in System Dependability
Pasture: secure offline data access using commodity trusted hardware
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Completing the automated verification of a small hypervisor - assembler code verification
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Extensible specifications for automatic re-use of specifications and proofs
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Proceedings of the 2012 workshop on New security paradigms
Enabling trusted scheduling in embedded systems
Proceedings of the 28th Annual Computer Security Applications Conference
Separation virtual machine monitors
Proceedings of the 28th Annual Computer Security Applications Conference
Scalable formal machine models
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
On the correctness of an optimising assembler for the intel MCS-51 microprocessor
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
Noninterference for operating system kernels
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
Compositional verification of a baby virtual memory manager
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
The confinement problem in the presence of faults
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
SMT proof checking using a logical framework
Formal Methods in System Design
ATP and Presentation Service for Mizar Formalizations
Journal of Automated Reasoning
On the formal verification of component-based embedded operating systems
ACM SIGOPS Operating Systems Review
Verifying security invariants in ExpressOS
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Unikernels: library operating systems for the cloud
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Security Verification of Hardware-enabled Attestation Protocols
MICROW '12 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops
Machine-verified network controllers
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Translation validation for a verified OS kernel
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Position paper: Sapper -- a language for provable hardware policy enforcement
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
RapiLog: reducing system complexity through verification
Proceedings of the 8th ACM European Conference on Computer Systems
Object protection in distributed systems
Journal of Parallel and Distributed Computing
Formal specifications better than function points for code sizing
Proceedings of the 2013 International Conference on Software Engineering
Building high assurance secure applications using security patterns for capability-based platforms
Proceedings of the 2013 International Conference on Software Engineering
Patterns for building dependable systems with trusted bases
Proceedings of the 17th Conference on Pattern Languages of Programs
Proceedings of the 18th ACM SIGPLAN international conference on Functional programming
The nonkernel: a kernel designed for the cloud
Proceedings of the 4th Asia-Pacific Workshop on Systems
An experience report on the verification of autonomic protocols in the cloud
Innovations in Systems and Software Engineering
An operational foundation for the tactic language of Coq
Proceedings of the 15th Symposium on Principles and Practice of Declarative Programming
Frontiers of Computer Science: Selected Publications from Chinese Universities
Code optimizations using formally verified properties
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Synthesis modulo recursive functions
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Development of automatically verifiable systems using data representation synthesis
Proceedings of the 2013 companion publication for conference on Systems, programming, & applications: software for humanity
PHANTOM: practical oblivious computation in a secure processor
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Formal verification of information flow security for a simple arm-based separation kernel
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Machine code verification of a tiny ARM hypervisor
Proceedings of the 3rd international workshop on Trustworthy embedded devices
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
From L3 to seL4 what have we learnt in 20 years of L4 microkernels?
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
MyCloud: supporting user-configured privacy protection in cloud computing
Proceedings of the 29th Annual Computer Security Applications Conference
File systems deserve verification too!
Proceedings of the Seventh Workshop on Programming Languages and Operating Systems
Towards a verified component platform
Proceedings of the Seventh Workshop on Programming Languages and Operating Systems
A fully verified executable LTL model checker
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
A machine-checked proof of the odd order theorem
ITP'13 Proceedings of the 4th international conference on Interactive Theorem Proving
Practical probability: applying pGCL to lattice scheduling
ITP'13 Proceedings of the 4th international conference on Interactive Theorem Proving
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
A verified information-flow architecture
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
EsseOS: Haskell-based tailored services for the cloud
Proceedings of the 12th International Workshop on Adaptive and Reflective Middleware
Sapper: a language for hardware-level security policy enforcement
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Back to the future: fault-tolerant live update with time-traveling state transfer
LISA'13 Proceedings of the 27th international conference on Large Installation System Administration
A Study of Linux File System Evolution
ACM Transactions on Storage (TOS)
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
A virtualized separation kernel for mixed criticality systems
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
A study of Linux file system evolution
FAST'13 Proceedings of the 11th USENIX conference on File and Storage Technologies
Software dataplane verification
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.03 |
Complete formal verification is the only known way to guarantee that a system is free of programming errors. We present our experience in performing the formal, machine-checked verification of the seL4 microkernel from an abstract specification down to its C implementation. We assume correctness of compiler, assembly code, and hardware, and we used a unique design approach that fuses formal and operating systems techniques. To our knowledge, this is the first formal proof of functional correctness of a complete, general-purpose operating-system kernel. Functional correctness means here that the implementation always strictly follows our high-level abstract specification of kernel behaviour. This encompasses traditional design and implementation safety properties such as the kernel will never crash, and it will never perform an unsafe operation. It also proves much more: we can predict precisely how the kernel will behave in every possible situation. seL4, a third-generation microkernel of L4 provenance, comprises 8,700 lines of C code and 600 lines of assembler. Its performance is comparable to other high-performance L4 kernels.