Cyclone is a safe dialect of C. It has been designed from the ground up to prevent the buffer
overflows, format string attacks, and memory management errors that are common in C …

We motivate the design of typed assembly language (TAL) and present a type-preserving
ttranslation from Systemn F to TAL. The typed assembly language we pressent is based on a …

We describe a translation validation infrastructure for the GNU C compiler. During the
compilation the infrastructure compares the intermediate form of the program before and …

Security isolation is a foundation of computing systems that enables resilience to different
forms of attacks. This article seeks to understand existing security isolation techniques by …

Executing untrusted code while preserving security requires that the code be prevented from
modifying memory or executing instructions except as explicitly allowed. Software-based …

Many important applications must run continuously and without interruption, yet must be
changed to fix bugs or upgrade functionality. No prior general-purpose methodology for …

Many important applications must run continuously and without interruption, and yet also
must be changed to fix bugs or upgrade functionality. No prior general-purpose …

Various code certification systems allow the certification and static verification of important
safety properties such as memory and control-flow safety. These systems are valuable tools …

PLAN (Packet Language for Active Networks) is a new language for programs that form the
packets of a programmable network. These programs replace the packet headers (which …

Proof-carrying code (PCC) is a framework for mechanically verifying the safety of machine
language programs. A program that is successfully verified by a PCC system is guaranteed …