A capability machine is a type of CPU allowing fine-grained privilege separation using capabilities, machine words that represent certain kinds of authority. We present a mathematical model and accompanying proof methods that can be used for formal verification of functional correctness of programs running on a capability machine, even when they invoke and are invoked by unknown (and possibly malicious) code. We use a program logic called Cerise for reasoning about known code, and an associated logical relation, for reasoning about unknown code. The logical relation formally captures the capability safety guarantees provided by the capability machine. The Cerise program logic, logical relation, and all the examples considered in the paper h...
Software has become an integral part of our everyday lives, and so is our reliance on his correct fu...
Proof carrying code is a general methodology for certifying that the execution of an untrusted mobil...
Motivated by the problem of understanding the difference between practical access control and capabi...
A capability machine is a type of CPU allowing fine-grained privilege separation using capabilities,...
Vulnerabilities in computer systems arise in part due to programmer's logical errors, and in part al...
Capability machines provide security guarantees at machine level which makes them an interesting tar...
Conventional computer architectures provide little or no hardware support for enforcing data securit...
International audienceAssembly-level protection mechanisms (virtual memory, trusted execution enviro...
We present a logic for reasoning about properties of secure systems. The logic is built around a con...
We present a logic for reasoning about properties of se-cure systems. The logic is built around a co...
Our project applies automated proof checking to two application domains: protecting host computers f...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
The objective of the lectures is to present type-based and logic-based mechanisms to ensure reliabil...
Object capabilities are a technique for fine-grained privilege separation in programming languages a...
Abstract. A certified program analysis is an analysis whose implementation is accompanied by a check...
Software has become an integral part of our everyday lives, and so is our reliance on his correct fu...
Proof carrying code is a general methodology for certifying that the execution of an untrusted mobil...
Motivated by the problem of understanding the difference between practical access control and capabi...
A capability machine is a type of CPU allowing fine-grained privilege separation using capabilities,...
Vulnerabilities in computer systems arise in part due to programmer's logical errors, and in part al...
Capability machines provide security guarantees at machine level which makes them an interesting tar...
Conventional computer architectures provide little or no hardware support for enforcing data securit...
International audienceAssembly-level protection mechanisms (virtual memory, trusted execution enviro...
We present a logic for reasoning about properties of secure systems. The logic is built around a con...
We present a logic for reasoning about properties of se-cure systems. The logic is built around a co...
Our project applies automated proof checking to two application domains: protecting host computers f...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
The objective of the lectures is to present type-based and logic-based mechanisms to ensure reliabil...
Object capabilities are a technique for fine-grained privilege separation in programming languages a...
Abstract. A certified program analysis is an analysis whose implementation is accompanied by a check...
Software has become an integral part of our everyday lives, and so is our reliance on his correct fu...
Proof carrying code is a general methodology for certifying that the execution of an untrusted mobil...
Motivated by the problem of understanding the difference between practical access control and capabi...