, et Lamport (L.).-The existence of refinement mappings, Theoretical Computer Science, pp.253-284, 1991.
, ).-Cache-leakage resilient OS isolation in an idealized model of virtualization, Computer Security Foundations Symposium (CSF), 2012 IEEE 25th, pp.186-197, 2012.
, Nemati (H.) et Schwarz (O.).-Formal verification of information flow security for a simple ARM-based separation kernel, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp.223-234, 2013.
, Exokernel : An operating system architecture for application-level resource management, Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles, SOSP, SOSP, 1995.
, Sjöberg (V.) et Costanzo (D.).-CertiKOS : An extensible architecture for building certified concurrent OS kernels, OSDI, pp.653-669, 2016.
, ).-An axiomatic basis for computer programming, Commun. ACM, vol.12, issue.10, pp.576-580, 1969.
, Grimaud (G.) et Hym (S.).-Formal proof of dynamic memory isolation based on MMU, Nowak (D.), 2017.
, Nowak (D.) et Grimaud (G.).-Proof-oriented design of a separation kernel with minimal trusted computing base, 18th International Workshop on Automated Verification of Critical Systems, 2018.
, Kolanski (R.) et Heiser (G.).-Comprehensive formal verification of an OS microkernel, ACM Trans. Comput. Syst, vol.2, p.70, 2014.
, seL4 : Formal verification of an OS kernel, Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, pp.207-220, 2009.
, Genkin (D.), Gruss (D.), Haas (W.), Hamburg (M.), Lipp (M.), Mangard (S.), Prescher (T.), Schwarz (M.) et Yarom (Y.).-Spectre attacks : Exploiting speculative execution, 2018.
, ).-Verifying the Microsoft Hyper-V hypervisor with VCC, Cavalcanti (A.) et Dams (D. R.) (édité par), 2009.
, On micro-kernel construction, Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles, SOSP, SOSP, 1995.
, Gruss (D.), Prescher (T.), Haas (W.), Mangard (S.), Kocher (P.), Genkin (D.), Yarom (Y.) et Hamburg (M.), 2018.
, ).-VCC : A practical system for verifying concurrent C, Theorem Proving in Higher Order Logics, 22nd International Conference, 2009.
, Wenzel (M.) et Paulson (L. C.).-Isabelle/HOL : A Proof Assistant for Higher-order Logic, 2002.
, et Clements (P. C.).-A rational design process : How and why to fake it, IEEE transactions on software engineering, no2, pp.251-257, 1986.
, Modeling and security analysis of a commercial real-time operating system kernel, Design and Verification of Microprocessor Systems for High-Assurance Applications, pp.301-322, 2010.
, The design and verification of secure systems, Eighth ACM Symposium on Operating System Principles (SOSP), vol.15, pp.12-21, 1981.
, A trusted computing base for embedded systems, Proceedings 7th
, Computer Security Initiative Conference, pp.294-311, 1984.
, Partitioning in avionics architectures : Requirements, mechanisms, and assurance.Rapport technique, Rushby (J.), 2000.
,
, ).-Separation kernel verification : The xtratum case study, Working Conference on Verified Software : Theories, Tools, and Experiments, pp.133-149, 2014.
, ).-Program development by refinement : case studies using the B method, p.xxiiip, 2012.
, Reasoning about translation lookaside buffers, Eiter (T.) et Sands (D.) (édité par), LPAR-21, 21st International Conference on Logic for Programming, Artificial Intelligence and Reasoning, vol.46, pp.490-508, 2017.
, The Coq Development Team
, The Pip Development Team
, Comprehending monads, LISP and Functional Programming, pp.61-78, 1990.
, ).-A practical verification framework for preemptive OS kernels, International Conference on Computer Aided Verification, 2016.