-purpose microkernel; namely seL4. Unlike previous proofs of information flow security for operating system kernels, ours applies to the actual 8,830 lines of C code that implement seL4, and so rules out the possibility of invalidation by implementation errors in this code. We assume correctness of compiler, assembly

Abstract. We propose a series of type systems for the information-flow security of assembly code. These systems extend previous work TALC with some timing annotations and associated judgments and rules. By using different timing rules, these systems are applicable to different practical settings

the non-exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author warrants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company); acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet.

Summary In this presentation, we would like to report on recent case studies of verification in Coq using Separation logic: publicize verified assembly programs for multi-precision arithmetic [2] and report on our progress about verification of network packet parsing written in C (progress since [4

We present a computer-aided framework for proving concrete security bounds for cryptographic machine code implementations. The front-end of the framework is an interactive verification tool that extends the EasyCrypt framework to reason about relational properties of C-like programs extended

for the secure exchange of authenticated information among a group of people. In contrast to prior work, GAnGS resists Groupin-the-Middle and Sybil attacks by malicious insiders, as well as infiltration attacks by malicious bystanders. GAnGS is designed to be robust to user errors, such as miscounting the number

Bug found in FPU. Intel offers to replace faulty chips. Estimated loss: 475M US$ Esploded 37secs after launch. Cause: uncaught overflow ex-ception. Software “glitch ” found in anti-lock braking system. 185,000 cars recalled. Why verify? “Testing can only show the presence of errors, not their absence. ” [Edgar Dijkstra]

—completely filling each semester with enrollments that are four to five times greater than the com-piler course. Furthermore, student surveys indicate that the course raises students ’ awareness of computer security while introducing students to important program translation and analysis concepts.

Abstract—In contrast to testing, mathematical reasoning and formal verification can show the absence of whole classes of security vulnerabilities. We present the, to our knowledge, first complete, formal, machine-checked verification of information flow security for the implementation of a general

to predict the behavior of the system under load. The approach is validated by comparing model predictions against measurements on the real system. Index Terms — Performance modeling and prediction, software verification, performance evaluation, distributed systems