• There are IDEs for KeY, including an Eclipse extension, that make it easy to keep track of
proof obligations in larger projects [Hentschel et al., 2014c].• A stripped down version of …

Trace properties, which have long been used for reasoning about systems, are sets of
execution traces. Hyperproperties, introduced here, are sets of trace properties …

Information flow policies are confidentiality policies that control information leakage through
program execution. A common way to enforce secure information flow is through information …

Security remains a major roadblock to universal acceptance of the Web for many kinds of
transactions, especially since the recent sharp increase in remotely exploitable …

Attacks against computer systems can cause considerable economic or physical damage.
High-quality development of security-critical systems is difficult, mainly because of the …

Long gone are the days when program veri? cation was a task carried out merely by hand
with paper and pen. For one, we are increasingly interested in proving actual program …

Humans prove theorems by relying on substantial high-level reasoning and problem-
specific insights. Proof assistants offer a formalism that resembles human mathematical …

Relational program logics are formalisms for specifying and verifying properties about two
programs or two runs of the same program. These properties range from correctness of …

The termination insensitive secure information flow problem can be reduced to solving a
safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the …

Computing systems often deliberately release (or declassify) sensitive information. A
principal security concern for systems permitting information release is whether this release …