This paper gives a high-level introduction to the topic of formal, interactive, machine-
checked software verification in general, and the verification of operating systems code in …

Policy-based management of computer systems, computer networks and devices is a critical
technology especially for present and future systems characterized by large-scale systems …

Complete formal verification is the only known way to guarantee that a system is free of
programming errors. We present our experience in performing the formal, machine-checked …

We present an in-depth coverage of the comprehensive machine-checked formal verification
of seL4, a general-purpose operating system microkernel. We discuss the kernel design we …

In this paper we tackle the challenge of providing a generic security architecture for the
Android OS that can serve as a flexible and effective ecosystem to instantiate different …

Sensitive data are increasingly available on-line through the Web and other distributed
protocols. This heightens the need to carefully control access to data. Control means not …

Implementation bugs in security-critical software are pervasive. Several authors have
previously suggested model checking as a promising means to detect improper use of …

Administrative RBAC (ARBAC) policies specify how Role-Based Access Control (RBAC)
policies may be changed by each administrator. It is often difficult to fully understand the …

We prove that the seL4 microkernel enforces two high-level access control properties:
integrity and authority confinement. Integrity provides an upper bound on write operations …

Role-Based Access Control (RBAC) is a widely used model for expressing access control
policies. In large organizations, the RBAC policy may be collectively managed by many …