Computer-aided cryptography is an active area of research that develops and applies
formal, machine-checkable approaches to the design, analysis, and implementation of …

FSCQ is the first file system with a machine-checkable proof (using the Coq proof assistant)
that its implementation meets its specification and whose specification includes crashes …

This paper presents Serval, a framework for develo** automated verifiers for systems
software. Serval provides an extensible infrastructure for creating verifiers by lifting …

ARM TrustZone, a security extension that provides a secure world, a trusted execution
environment (TEE), to run security-sensitive code, has been widely adopted in mobile …

Security isolation is a foundation of computing systems that enables resilience to different
forms of attacks. This article seeks to understand existing security isolation techniques by …

Extended Berkeley Packet Filter (eBPF) is a Linux subsystem that allows safely executing
untrusted user-defined extensions inside the kernel. It relies on static analysis to protect the …

This paper introduces the novel concept of compilation space, which facilitates the thorough
validation of just-in-time (JIT) compilers in modern language virtual machines (LVMs). The …

The emergence of verified eBPF bytecode is ushering in a new era of safe kernel
extensions. In this paper, we argue that eBPF's verifier---the source of its safety guarantees …

Today, systems software is too complex to be bug-free. To find bugs in systems software,
developers often rely on code checkers, like Linux's Sparse. However, the capability of …

This paper proposes an automated method to check the correctness of range analysis used
in the Linux kernel's eBPF verifier. We provide the specification of soundness for range …