End-to-end verification of information-flow security for C and assembly programs, Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, pp.648-664, 2016. ,
Formal verification of information flow security for a simple ARMbased separation kernel, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp.223-234, 2013. ,
A trustworthy monadic formalization of the armv7 instruction set architecture, Interactive Theorem Proving, First International Conference, vol.2010, pp.243-258, 2010. ,
Security policies and security models, 1982 IEEE Symposium on Security and Privacy, pp.11-11, 1982. ,
CertiKOS: An extensible architecture for building certified concurrent OS kernels, OSDI, pp.653-669, 2016. ,
Prooforiented design of a separation kernel with minimal trus ted computing base, 18th International Workshop on Automated Verification of Critical Systems, 2018. ,
seL4: Formal verification of an OS kernel, Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles, 2009. ,
Using XCAP to certify realistic systems code: Machine context management, Theorem Proving in Higher Order Logics, pp.189-206, 2007. ,
The design and verification of secure systems, Eighth ACM Symposium on Operating System Principles (SOSP), vol.15, pp.12-21, 1981. ,
A trusted computing base for embedded systems, Proceedings 7th DoD/NBS Computer Security Initiative Conference, pp.294-311, 1984. ,