The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Concurrency verification: introduction to compositional and noncompositional methods
Concurrency verification: introduction to compositional and noncompositional methods
Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers
Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers
Deduction in the Verification Support Environment (VSE)
FME '96 Proceedings of the Third International Symposium of Formal Methods Europe on Industrial Benefit and Advances in Formal Methods
Information Flow Control and Applications - Bridging a Gap
FME '01 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods for Increasing Software Productivity
Verifying a chipcard-based biometric identification protocol in VSE
SAFECOMP'06 Proceedings of the 25th international conference on Computer Safety, Reliability, and Security
On the correctness of operating system kernels
TPHOLs'05 Proceedings of the 18th international conference on Theorem Proving in Higher Order Logics
Journal of Automated Reasoning
On the architecture of system verification environments
HVC'07 Proceedings of the 3rd international Haifa verification conference on Hardware and software: verification and testing
Hi-index | 0.00 |
Safety and security guarantees for individual applications in almost all cases depend on assumptions on the given context provided by distributed instances of operating systems, hardware platforms, and other application level programs running on these. In particular for formal approaches the problem is to formalize these assumptions without looking at the (formal) model of the operating system (including the machines that execute applications) in all detail. The work described in the paper proposes a modular approach which uses histories of observable events to specify runs of distributed instances of the system. The overall verification approach decomposes the given verification problem into local tasks along the lines of assume-guarantee reasoning. As an example the paper discusses the specification and implementation of the SMTP scenario. It shows in detail how this methodology is utilized within the Verification Support Environment (VSE) to verify the SMTP server part.