Learn More
We report on the first formal pervasive verification of an operating system microkernel featuring the correctness of inline assembly, large non-trivial C portions, and concurrent devices in a single seamless formal proof. We integrated all relevant verification results we had achieved so far [21,20,2,5,4] into a single top-level theorem of micro-kernel(More)
We have developed a stack of semantics for a high-level C-like language and low-level assembly code, which has been carefully crafted to support the pervasive verification of system software. It can handle mixed-language implementations and concurrently operating devices, and permits the transferral of properties to the target architecture while obeying its(More)
Modern mobile devices store and process an abundance of data. Although many users consider some of this data as private, they do not yet obtain satisfactory support for controlling what applications might do with their data. In this article, we propose Cassandra, a tool that enables users of mobile devices to check whether Android apps comply with their(More)
We report on applying techniques for static information flow analysis to identify privacy leaks in Android applications. We have crafted a framework which checks with the help of a security type system whether the Dalvik bytecode implementation of an Android app conforms to a given privacy policy. We have carefully analyzed the Android API for possible(More)
Memory virtualization by means of demand paging is a crucial component of every modern operating system. The formal verification is challenging since reasoning about the page fault handler has to cover two concurrent computational sources: the processor and the hard disk. We accurately model the in-terleaved executions of devices and the page fault handler,(More)
The Verisoft project aims at the pervasive formal verification from the application layer over the system level software, comprising a microkernel and a compiler, down to the hardware. The different layers of the system give rise to various abstraction levels to conduct the reasoning steps efficiently. The lower the abstraction level the more details and(More)
Primitives are basic means provided by a microkernel to im-plementors of operating system services. Intensively used within every OS and commonly implemented in a mixture of high-level and assembly programming languages, primitives are meaningful and challenging candidates for formal verification. We report on the accomplished correct-ness proof of academic(More)
A timing attack exploits the variance in the running time of a crypto-algorithm’s implementation in order to infer confidential information. Such a dependence between confidential information and the running time, called a timing channel, is often caused by branching of the control flow in the implementation’s source code with branching conditions depending(More)
The neutron elastic magnetic form factor was extracted from quasielastic electron scattering on deuterium over the range Q;{2}=1.0-4.8 GeV2 with the CLAS detector at Jefferson Lab. High precision was achieved with a ratio technique and a simultaneous in situ calibration of the neutron detection efficiency. Neutrons were detected with electromagnetic(More)