#### Filter Results:

- Full text PDF available (93)

#### Publication Year

1999

2017

- This year (3)
- Last 5 years (49)
- Last 10 years (81)

#### Publication Type

#### Co-author

#### Journals and Conferences

#### Key Phrases

Learn More

- Gerwin Klein, Kevin Elphinstone, +10 authors Simon Winwood
- SOSP
- 2009

Complete formal verification is the only known way to guarantee that a system is free of programming errors.
We present our experience in performing the formal, machine-checked verification of the seL4 microkernel from an abstract specification down to its C implementation. We assume correctness of compiler, assembly code, and hardware, and we used a… (More)

- Gerwin Klein, Tobias Nipkow
- ACM Trans. Program. Lang. Syst.
- 2006

We introduce Jinja, a Java-like programming language with a formal semantics designed to exhibit core features of the Java language architecture. Jinja is a compromise between the realism of the language and the tractability and clarity of its formal semantics. The following aspects are formalised: a big and a small step operational semantics for Jinja and… (More)

- Gerwin Klein, June Andronick, +4 authors Gernot Heiser
- ACM Trans. Comput. Syst.
- 2014

We present an in-depth coverage of the comprehensive machine-checked formal verification of seL4, a general-purpose operating system microkernel.
We discuss the kernel design we used to make its verification tractable. We then describe the functional correctness proof of the kernel's C implementation and we cover further steps that transform this result… (More)

- Makarius Wenzel, Stefan Berghofer, +6 authors Sebastian Skalberg
- 1999

Intelligible semi-automated reasoning (Isar) is a generic approach to readable formal proof documents. It sets out to bridge the semantic gap between any internal notions of proof based on primitive inferences and tactics, and an appropriate level of abstraction for user-level work. The Isar formal proof language has been designed to satisfy quite… (More)

- Harvey Tuch, Gerwin Klein, Michael Norrish
- POPL
- 2007

We present a formal model of memory that both captures the low-level features of C's pointers and memory, and that forms the basis for an expressive implementation of separation logic. At the low level, we do not commit common oversimplifications, but correctly deal with C's model of programming language values and the heap. At the level of separation… (More)

- Gerwin Klein, June Andronick, +10 authors Simon Winwood
- Commun. ACM
- 2010

We report on the formal, machine-checked verification of the seL4 microkernel from an abstract specification down to its C implementation. We assume correctness of compiler, assembly code, hardware, and boot code. seL4 is a third-generation microkernel of L4 provenance, comprising 8700 lines of C and 600 lines of assembler. Its performance is comparable to… (More)

- Gerwin Klein, Tobias Nipkow
- Theor. Comput. Sci.
- 2001

Using the theorem prover Isabelle/HOL we have formalized and proved correct an executable bytecode verifier in the style of Kildall’s algorithm for a significant subset of the Java Virtual Machine. First an abstract framework for proving correctness of data flow based type inference algorithms for assembly languages is formalized. It is shown that under… (More)

- Toby C. Murray, Daniel Matichuk, +6 authors Gerwin Klein
- 2013 IEEE Symposium on Security and Privacy
- 2013

In contrast to testing, mathematical reasoning and formal verification can show the absence of whole classes of security vulnerabilities. We present the, to our knowledge, first complete, formal, machine-checked verification of information flow security for the implementation of a general-purpose microkernel; namely seL4. Unlike previous proofs of… (More)

While intransitive noninterference is a natural property for any secure OS kernel to enforce, proving that the implementation of any particular general-purpose kernel enforces this property is yet to be achieved. In this paper we take a significant step towards this vision by presenting a machine-checked formulation of intransitive noninterference for OS… (More)

- David Cock, Gerwin Klein, Thomas Sewell
- TPHOLs
- 2008

We present a scalable, practical Hoare Logic and refinement calculus for the nondeterministic state monad with exceptions and failure in Isabelle/HOL. The emphasis of this formalisation is on large-scale verification of imperative-style functional programs, rather than expressing monad calculi in full generality. We achieve scalability in two dimensions.… (More)