D. Costanzo, Z. Shao, and R. Gu, End-to-end verification of information-flow security for C and assembly programs, Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, pp.648-664, 2016.

M. Dam, R. Guanciale, N. Khakpour, H. Nemati, and O. Schwarz, Formal verification of information flow security for a simple ARMbased separation kernel, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp.223-234, 2013.

A. C. Fox and M. O. Myreen, A trustworthy monadic formalization of the armv7 instruction set architecture, Interactive Theorem Proving, First International Conference, vol.2010, pp.243-258, 2010.

J. A. Goguen and J. Meseguer, Security policies and security models, 1982 IEEE Symposium on Security and Privacy, pp.11-11, 1982.

R. Gu, Z. Shao, H. Chen, X. N. Wu, J. Kim et al., CertiKOS: An extensible architecture for building certified concurrent OS kernels, OSDI, pp.653-669, 2016.

N. Jomaa, P. Torrini, D. Nowak, G. Grimaud, and S. Hym, Prooforiented design of a separation kernel with minimal trus ted computing base, 18th International Workshop on Automated Verification of Critical Systems, 2018.

G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock et al., seL4: Formal verification of an OS kernel, Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles, 2009.

Z. Ni, D. Yu, and Z. Shao, Using XCAP to certify realistic systems code: Machine context management, Theorem Proving in Higher Order Logics, pp.189-206, 2007.

J. Rushby, The design and verification of secure systems, Eighth ACM Symposium on Operating System Principles (SOSP), vol.15, pp.12-21, 1981.

J. Rushby, A trusted computing base for embedded systems, Proceedings 7th DoD/NBS Computer Security Initiative Conference, pp.294-311, 1984.