research-article

Open access

Le temps des cerises: efficient temporal stack safety on capability machines using directed capabilities

Authors:

Aïna Linn Georges,

Lars BirkedalAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 6, Issue OOPSLA1

Article No.: 74, Pages 1 - 30

https://doi.org/10.1145/3527318

Published: 29 April 2022 Publication History

Abstract

Capability machines are a type of CPUs that support fine-grained privilege separation using capabilities, machine words that include forms of authority. Formal models of capability machines and associated calling conventions have so far focused on establishing two forms of stack safety properties, namely local state encapsulation and well-bracketed control flow. We introduce a novel kind of directed capabilities and show how to use them to make an earlier suggested calling convention more efficient. In contrast to earlier work on capability machine models we do not only consider integrity properties but also confidentiality properties; we provide a unary logical relation to reason about the former and a binary logical relation to reason about the latter, each expressive enough to reason about temporal stack safety. While the logical relations are useful for reasoning about concrete examples, they do not on their own demonstrate that stack safety holds for a large class of programs. Therefore, we also show full abstraction of a compiler from an overlay semantics that internalizes the calling convention as a single call step and explicitly keeps track of the call stack and frame lifetimes to a base capability machine. All results have been mechanized in Coq.

Supplementary Material

Auxiliary Archive (oopsla22main-p45-p-archive.zip)

Appendix of the paper.

Download
433.06 KB

References

[1]

Martín Abadi. 1999. Protection in Programming-Language Translations. In Secure Internet Programming, Security Issues for Mobile and Distributed Objects. 19–34. https://doi.org/10.1007/3-540-48749-2_2

[2]

Carmine Abate, Arthur Azevedo de Amorim, Roberto Blanco, Ana Nora Evans, Guglielmo Fachini, Catalin Hritcu, Théo Laurent, Benjamin C. Pierce, Marco Stronati, and Andrew Tolmach. 2018. When Good Components Go Bad: Formally Secure Compilation Despite Dynamic Compromise. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19, 2018. 1351–1368. https://doi.org/10.1145/3243734.3243745

Digital Library

[3]

Amal Ahmed. 2004. Semantics of Types for Mutable State. Ph.D. Dissertation. Princeton University.

Digital Library

[4]

Amal Ahmed, Derek Dreyer, and Andreas Rossberg. 2009. State-dependent representation independence. In Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2009, Savannah, GA, USA, January 21-23, 2009, Zhong Shao and Benjamin C. Pierce (Eds.). ACM, 340–353. https://doi.org/10.1145/1480881.1480925

Digital Library

[5]

Sean Noble Anderson, Leonidas Lampropoulos, Roberto Blanco, Benjamin C. Pierce, and Andrew Tolmach. 2021. Security Properties for Stack Safety. CoRR, abs/2105.00417 (2021), arxiv:2105.00417. arxiv:2105.00417

[6]

Arm. 2021. Morello project. https://www.morello-project.org/

[7]

Arthur Azevedo de Amorim, Nathan Collins, André DeHon, Delphine Demange, Catalin Hritcu, David Pichardie, Benjamin C. Pierce, Randy Pollack, and Andrew Tolmach. 2014. A verified information-flow architecture. In The 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’14, San Diego, CA, USA, January 20-21, 2014. 165–178. https://doi.org/10.1145/2535838.2535839

Digital Library

[8]

Arthur Azevedo de Amorim, Maxime Dénès, Nick Giannarakis, Catalin Hritcu, Benjamin C. Pierce, Antal Spector-Zabusky, and Andrew Tolmach. 2015. Micro-Policies: Formally Verified, Tag-Based Security Monitors. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. 813–830. https://doi.org/10.1109/SP.2015.55

Digital Library

[9]

Arthur Azevedo de Amorim, Catalin Hritcu, and Benjamin C. Pierce. 2018. The Meaning of Memory Safety. In Principles of Security and Trust - 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings, Lujo Bauer and Ralf Küsters (Eds.) (Lecture Notes in Computer Science, Vol. 10804). Springer, 79–105. https://doi.org/10.1007/978-3-319-89722-6_4

[10]

Thomas Bauereiss, Brian Campbell, Thomas Sewell, Alasdair Armstrong, Lawrence Esswood, Ian Stark, Graeme Barnes, Robert N. M. Watson, and Peter Sewell. 2022. Verified Security for the Morello Capability-enhanced Prototype Arm Architecture. In Proceedings of the 31st European Symposium on Programming.

Digital Library

[11]

Lars Birkedal, Bernhard Reus, Jan Schwinghammer, Kristian Støvring, Jacob Thamsborg, and Hongseok Yang. 2011. Step-indexed Kripke models over recursive worlds. In Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, January 26-28, 2011, Thomas Ball and Mooly Sagiv (Eds.). ACM, 119–132. https://doi.org/10.1145/1926385.1926401

Digital Library

[12]

Nicholas P. Carter, Stephen W. Keckler, and William J. Dally. 1994. Hardware Support for Fast Capability-Based Addressing. In International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 319–327. https://doi.org/10.1145/195473.195579

Digital Library

[13]

Chromium. 2020. Memory safety. https://www.chromium.org/Home/chromium-security/memory-safety

[14]

Jack B. Dennis and Earl C. Van Horn. 1966. Programming Semantics for Multiprogrammed Computations. Commun. ACM, 9, 3 (1966), March, 143–155. issn:0001-0782 https://doi.org/10.1145/365230.365252

Digital Library

[15]

Dominique Devriese, Lars Birkedal, and Frank Piessens. 2016. Reasoning about Object Capabilities with Logical Relations and Effect Parametricity. In IEEE European Symposium on Security and Privacy, EuroS&P 2016, Saarbrücken, Germany, March 21-24, 2016. IEEE, 147–162. https://doi.org/10.1109/EuroSP.2016.22

[16]

Derek Dreyer, Amal Ahmed, and Lars Birkedal. 2011. Logical Step-Indexed Logical Relations. LMCS, 7, 2:16 (2011), June, 1–37.

[17]

Derek Dreyer, Georg Neis, and Lars Birkedal. 2010. The impact of higher-order state and control effects on local relational reasoning. In Proceeding of the 15th ACM SIGPLAN international conference on Functional programming, ICFP 2010, Baltimore, Maryland, USA, September 27-29, 2010, Paul Hudak and Stephanie Weirich (Eds.). ACM, 143–156. https://doi.org/10.1145/1863543.1863566

Digital Library

[18]

Derek Dreyer, Georg Neis, Andreas Rossberg, and Lars Birkedal. 2010. A relational modal logic for higher-order stateful ADTs. In Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2010, Madrid, Spain, January 17-23, 2010. 185–198. https://doi.org/10.1145/1706299.1706323

Digital Library

[19]

Akram El-Korashy, Stelios Tsampas, Marco Patrignani, Dominique Devriese, Deepak Garg, and Frank Piessens. 2021. CapablePtrs: Securely Compiling Partial Programs Using the Pointers-as-Capabilities Principle. In 2021 IEEE 34th Computer Security Foundations Symposium (CSF). IEEE Computer Society, Los Alamitos, CA, USA. 421–436. issn:2374-8303 https://doi.org/10.1109/CSF51468.2021.00036

[20]

Nathaniel Wesley Filardo, Brett F. Gutstein, Jonathan Woodruff, Sam Ainsworth, Lucian Paul-Trifu, Brooks Davis, Hongyan Xia, Edward Tomasz Napierala, Alexander Richardson, John Baldwin, David Chisnall, Jessica Clarke, Khilan Gudka, Alexandre Joannou, A. Theodore Markettos, Alfredo Mazzinghi, Robert M. Norton, Michael Roe, Peter Sewell, Stacey Son, Timothy M. Jones, Simon W. Moore, Peter G. Neumann, and Robert N. M. Watson. 2020. Cornucopia: Temporal Safety for CHERI Heaps. In IEEE Symposium on Security and Privacy. IEEE.

[21]

Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2018. ReLoC: A Mechanised Relational Logic for Fine-Grained Concurrency. In Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2018, Oxford, UK, July 09-12, 2018, Anuj Dawar and Erich Grädel (Eds.). ACM, 442–451. https://doi.org/10.1145/3209108.3209174

Digital Library

[22]

Aïna Linn Georges, Armaël Guéneau, Thomas Van Strydonck, Amin Timany, Alix Trieu, Sander Huyghebaert, Dominique Devriese, and Lars Birkedal. 2021. Efficient and provable local capability revocation using uninitialized capabilities. Proc. ACM Program. Lang., 5, POPL (2021), 1–30. https://doi.org/10.1145/3434287

Digital Library

[23]

Aïna Linn Georges, Alix Trieu, and Lars Birkedal. 2022. Artifact for Le Temps des Cerises: Efficient Temporal Stack Safety on Capability Machines using Directed Capabilities. https://doi.org/10.5281/zenodo.5821862

Digital Library

[24]

Aïna Linn Georges, Alix Trieu, and Lars Birkedal. 2022. Le Temps des Cerises: Efficient Temporal Stack Safety on Capability Machines using Directed Capabilities. https://cs.au.dk/~ageorges/publications_pdfs/monotone-technical.pdf

[25]

Nicolas Joly, Saif ElSherei, and Saar Amar. 2020. Security Analysis of CHERI ISA. https://msrc-blog.microsoft.com/2020/10/14/security-analysis-of-cheri-isa/

[26]

Ralf Jung, Robbert Krebbers, Lars Birkedal, and Derek Dreyer. 2016. Higher-order ghost state. In Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming, ICFP 2016, Nara, Japan, September 18-22, 2016. 256–269. https://doi.org/10.1145/2951913.2951943

Digital Library

[27]

Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. J. Funct. Program., 28 (2018), e20. https://doi.org/10.1017/S0956796818000151

[28]

Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2015, Mumbai, India, January 15-17, 2015. 637–650. https://doi.org/10.1145/2676726.2676980

Digital Library

[29]

Matthew Kolosick, Shravan Narayan, Conrad Watt, Michael LeMay, Deepak Garg, Ranjit Jhala, and Deian Stefan. 2022. Isolation Without Taxation: Near Zero Cost Transitions for SFI. In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL). ACM.

[30]

Robbert Krebbers, Jacques-Henri Jourdan, Ralf Jung, Joseph Tassarotti, Jan-Oliver Kaiser, Amin Timany, Arthur Charguéraud, and Derek Dreyer. 2018. MoSeL: a general, extensible modal framework for interactive proofs in separation logic. PACMPL, 2, ICFP (2018), 77:1–77:30. https://doi.org/10.1145/3236772

Digital Library

[31]

Robbert Krebbers, Ralf Jung, Ales Bizjak, Jacques-Henri Jourdan, Derek Dreyer, and Lars Birkedal. 2017. The Essence of Higher-Order Concurrent Separation Logic. In Programming Languages and Systems - 26th European Symposium on Programming, ESOP 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings. 696–723. https://doi.org/10.1007/978-3-662-54434-1_26

Digital Library

[32]

Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017. Interactive proofs in higher-order concurrent separation logic. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, January 18-20, 2017, Giuseppe Castagna and Andrew D. Gordon (Eds.). ACM, 205–217. https://doi.org/10.1145/3009837.3009855

Digital Library

[33]

Morten Krogh-Jespersen, Kasper Svendsen, and Lars Birkedal. 2017. A relational model of types-and-effects in higher-order concurrent separation logic. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, January 18-20, 2017, Giuseppe Castagna and Andrew D. Gordon (Eds.). ACM, 218–231. https://doi.org/10.1145/3009837.3009877

Digital Library

[34]

Xavier Leroy. 2009. A Formally Verified Compiler Back-end. J. Autom. Reason., 43, 4 (2009), 363–446. https://doi.org/10.1007/s10817-009-9155-4

Digital Library

[35]

Henry M. Levy. 1984. Capability-Based Computer Systems. Digital Press. isbn:978-1-4831-0106-4 https://homes.cs.washington.edu/~levy/capabook/

Digital Library

[36]

Kyndylan Nienhuis, Alexandre Joannou, Thomas Bauereiss, Anthony Fox, Michael Roe, Brian Campbell, Matthew Naylor, Robert M. Norton, Simon W. Moore, Peter G. Neumann, Ian Stark, Robert N. M. Watson, and Peter Sewell. 2020. Rigorous engineering for hardware security: Formal modelling and proof in the CHERI design and implementation process. In Proceedings of the 41st IEEE Symposium on Security and Privacy (SP).

[37]

Marco Patrignani, Amal Ahmed, and Dave Clarke. 2019. Formal Approaches to Secure Compilation: A Survey of Fully Abstract Compilation and Related Work. ACM Comput. Surv., 51, 6 (2019), Article 125, Feb., 36 pages. issn:0360-0300 https://doi.org/10.1145/3280984

Digital Library

[38]

Nick Roessler and André DeHon. 2018. Protecting the Stack with Metadata Policies and Tagged Hardware. In 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21-23 May 2018, San Francisco, California, USA. IEEE Computer Society, 478–495. https://doi.org/10.1109/SP.2018.00066

[39]

Lau Skorstengaard. 2019. Formal Reasoning about Capability Machines. Ph.D. Dissertation. Aarhus University.

[40]

Lau Skorstengaard, Dominique Devriese, and Lars Birkedal. 2018. Reasoning About a Machine with Local Capabilities - Provably Safe Stack and Return Pointer Management. In Programming Languages and Systems - 27th European Symposium on Programming, ESOP 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings. 475–501. https://doi.org/10.1007/978-3-319-89884-1_17

[41]

Lau Skorstengaard, Dominique Devriese, and Lars Birkedal. 2019. Reasoning about a Machine with Local Capabilities: Provably Safe Stack and Return Pointer Management. ACM Transactions on Programming Languages and Systems, 42, 1 (2019), Dec., 5:1–5:53. issn:0164-0925 https://doi.org/10.1145/3363519

Digital Library

[42]

Lau Skorstengaard, Dominique Devriese, and Lars Birkedal. 2019. StkTokens: Enforcing Well-Bracketed Control Flow and Stack Encapsulation Using Linear Capabilities. Proc. ACM Program. Lang., 3, POPL (2019), Article 19, Jan., 28 pages. https://doi.org/10.1145/3290332

Digital Library

[43]

Eijiro Sumii and Benjamin C. Pierce. 2007. A bisimulation for type abstraction and recursion. J. ACM, 54, 5 (2007), 26. https://doi.org/10.1145/1284320.1284325

Digital Library

[44]

David Swasey, Deepak Garg, and Derek Dreyer. 2017. Robust and Compositional Verification of Object Capability Patterns. In OOPSLA. ACM. https://people.mpi-sws.org/~swasey/papers/ocpl/ocpl-20170418.pdf

[45]

Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal War in Memory. In 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, May 19-22, 2013. 48–62. https://doi.org/10.1109/SP.2013.13

Digital Library

[46]

Gavin Thomas. 2019. A proactive approach to more secure code. https://msrc-blog.microsoft.com/2019/07/16/a-proactive-approach-to-more-secure-code/

[47]

Stelios Tsampas, Dominique Devriese, and Frank Piessens. 2019. Temporal Safety for Stack Allocated Memory on Capability Machines. In 32nd IEEE Computer Security Foundations Symposium, CSF 2019, Hoboken, NJ, USA, June 25-28, 2019. 243–255. https://doi.org/10.1109/CSF.2019.00024

[48]

Aaron Turon, Derek Dreyer, and Lars Birkedal. 2013. Unifying refinement and Hoare-style reasoning in a logic for higher-order concurrency. In ACM SIGPLAN International Conference on Functional Programming, ICFP’13, Boston, MA, USA - September 25 - 27, 2013. 377–390. https://doi.org/10.1145/2500365.2500600

Digital Library

[49]

Thomas Van Strydonck, Frank Piessens, and Dominique Devriese. 2021. Linear capabilities for fully abstract compilation of separation-logic-verified code. J. Funct. Program., 31 (2021), e6. https://doi.org/10.1017/S0956796821000022

[50]

Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. 1993. Efficient Software-Based Fault Isolation. In Proceedings of the Fourteenth ACM Symposium on Operating System Principles, SOSP 1993, The Grove Park Inn and Country Club, Asheville, North Carolina, USA, December 5-8, 1993. 203–216. https://doi.org/10.1145/168619.168635

Digital Library

[51]

Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Hesham Almatary, Jonathan Anderson, John Baldwin, Graeme Barnes, David Chisnall, Jessica Clarke, Brooks Davis, Lee Eisen, Nathaniel Wesley Filardo, Richard Grisenthwaite, Alexandre Joannou, Ben Laurie, A. Theodore Markettos, Simon W. Moore, Steven J. Murdoch, Kyndylan Nienhuis, Robert Norton, Alexander Richardson, Peter Rugg, Peter Sewell, Stacey Son, and Hongyan Xia. 2020. Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 8). University of Cambridge, Computer Laboratory. https://doi.org/10.48456/tr-951

[52]

R. N. M. Watson, J. Woodruff, P. G. Neumann, S. W. Moore, J. Anderson, D. Chisnall, N. Dave, B. Davis, K. Gudka, B. Laurie, S. J. Murdoch, R. Norton, M. Roe, S. Son, and M. Vadera. 2015. CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization. In IEEE Symposium on Security and Privacy. 20–37. https://doi.org/10.1109/SP.2015.9

Digital Library

[53]

Jonathan Woodruff, Alexandre Joannou, Hongyan Xia, Anthony C. J. Fox, Robert M. Norton, David Chisnall, Brooks Davis, Khilan Gudka, Nathaniel Wesley Filardo, A. Theodore Markettos, Michael Roe, Peter G. Neumann, Robert N. M. Watson, and Simon W. Moore. 2019. CHERI Concentrate: Practical Compressed Capabilities. IEEE Trans. Computers, 68, 10 (2019), 1455–1469. https://doi.org/10.1109/TC.2019.2914037

[54]

Hongyan Xia, Jonathan Woodruff, Sam Ainsworth, Nathaniel W. Filardo, Michael Roe, Alexander Richardson, Peter Rugg, Peter G. Neumann, Simon W. Moore, Robert N. M. Watson, and Timothy M. Jones. 2019. CHERIvoke: Characterising Pointer Revocation Using CHERI Capabilities for Temporal Memory Safety. In IEEE/ACM International Symposium on Microarchitecture. ACM. https://doi.org/10.1145/3352460.3358288

Digital Library

Cited By

Gregersen SAguirre AHaselwarter PTassarotti JBirkedal L(2024)Asynchronous Probabilistic Couplings in Higher-Order Separation LogicProceedings of the ACM on Programming Languages10.1145/36328688:POPL(753-784)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632868
Timany AGregersen SStefanesco LHinrichsen JGondelman LNieto ABirkedal L(2024)Trillium: Higher-Order Concurrent and Distributed Separation Logic for Intensional RefinementProceedings of the ACM on Programming Languages10.1145/36328518:POPL(241-272)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632851
Georges AGuéneau AVan Strydonck TTimany ATrieu ADevriese DBirkedal L(2024)Cerise: Program Verification on a Capability Machine in the Presence of Untrusted CodeJournal of the ACM10.1145/362351071:1(1-59)Online publication date: 11-Feb-2024
https://dl.acm.org/doi/10.1145/3623510
Show More Cited By

Index Terms

Le temps des cerises: efficient temporal stack safety on capability machines using directed capabilities
1. Security and privacy
  1. Formal methods and theory of security
    1. Formal security models
    2. Logic and verification
  2. Security in hardware
2. Theory of computation
  1. Logic
    1. Logic and verification

Recommendations

Efficient and provable local capability revocation using uninitialized capabilities

Capability machines are a special form of CPUs that offer fine-grained privilege separation using a form of authority-carrying values known as capabilities. The CHERI capability machine offers local capabilities, which could be used as a cheap but ...
Cerise: Program Verification on a Capability Machine in the Presence of Untrusted Code
A capability machine is a type of CPU allowing fine-grained privilege separation using capabilities, machine words that represent certain kinds of authority. We present a mathematical model and accompanying proof methods that can be used for formal ...
VMSL: A Separation Logic for Mechanised Robust Safety of Virtual Machines Communicating above FF-A

Thin hypervisors make it possible to isolate key security components like keychains, fingerprint readers, and digital wallets from the easily-compromised operating system. To work together, virtual machines running on top of the hypervisor can make ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 6, Issue OOPSLA1

April 2022

687 pages

EISSN:2475-1421

DOI:10.1145/3534679

Issue’s Table of Contents

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 April 2022

Published in PACMPL Volume 6, Issue OOPSLA1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Villum Fonden

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
457
Total Downloads

Downloads (Last 12 months)123
Downloads (Last 6 weeks)17

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gregersen SAguirre AHaselwarter PTassarotti JBirkedal L(2024)Asynchronous Probabilistic Couplings in Higher-Order Separation LogicProceedings of the ACM on Programming Languages10.1145/36328688:POPL(753-784)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632868
Timany AGregersen SStefanesco LHinrichsen JGondelman LNieto ABirkedal L(2024)Trillium: Higher-Order Concurrent and Distributed Separation Logic for Intensional RefinementProceedings of the ACM on Programming Languages10.1145/36328518:POPL(241-272)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632851
Georges AGuéneau AVan Strydonck TTimany ATrieu ADevriese DBirkedal L(2024)Cerise: Program Verification on a Capability Machine in the Presence of Untrusted CodeJournal of the ACM10.1145/362351071:1(1-59)Online publication date: 11-Feb-2024
https://dl.acm.org/doi/10.1145/3623510
Liu ZStepanenko SPichon-Pharabod JTimany AAskarov ABirkedal L(2023)VMSL: A Separation Logic for Mechanised Robust Safety of Virtual Machines Communicating above FF-AProceedings of the ACM on Programming Languages10.1145/35912797:PLDI(1438-1462)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591279
Mulder IKrebbers R(2023)Proof Automation for Linearizability in Separation LogicProceedings of the ACM on Programming Languages10.1145/35860437:OOPSLA1(462-491)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586043
Anderson SBlanco RLampropoulos LPierce BTolmach A(2023)Formalizing Stack Safety as a Security Property2023 IEEE 36th Computer Security Foundations Symposium (CSF)10.1109/CSF57540.2023.00037(356-371)Online publication date: Jul-2023
https://doi.org/10.1109/CSF57540.2023.00037
Baty MWilke PHiet GFontaine ATrieu A(2023)A Generic Framework to Develop and Verify Security Mechanisms at the Microarchitectural Level: Application to Control-Flow Integrity2023 IEEE 36th Computer Security Foundations Symposium (CSF)10.1109/CSF57540.2023.00029(372-387)Online publication date: Jul-2023
https://doi.org/10.1109/CSF57540.2023.00029

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents