{"id":"https://openalex.org/W4411552270","doi":"https://doi.org/10.1109/icse55347.2025.00166","title":"Formally Verified Cloud-Scale Authorization","display_name":"Formally Verified Cloud-Scale Authorization","publication_year":2025,"publication_date":"2025-04-26","ids":{"openalex":"https://openalex.org/W4411552270","doi":"https://doi.org/10.1109/icse55347.2025.00166"},"language":"en","primary_location":{"id":"doi:10.1109/icse55347.2025.00166","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icse55347.2025.00166","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE/ACM 47th International Conference on Software Engineering (ICSE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5118596287","display_name":"Aleks Chakarov","orcid":null},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Aleks Chakarov","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050494871","display_name":"Jaco Geldenhuys","orcid":"https://orcid.org/0000-0002-5636-6656"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Jaco Geldenhuys","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107832829","display_name":"M. Heck","orcid":null},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Matthew Heck","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046625836","display_name":"Michael Hicks","orcid":"https://orcid.org/0000-0002-2759-9223"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Michael Hicks","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025927856","display_name":"Songshan Huang","orcid":"https://orcid.org/0000-0003-4990-2788"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sam Huang","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108853063","display_name":"Georges-Axel Jaloyan","orcid":null},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Georges-Axel Jaloyan","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101556885","display_name":"Anjali Joshi","orcid":"https://orcid.org/0000-0002-8743-6944"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Anjali Joshi","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077941255","display_name":"K. Rustan M. Leino","orcid":"https://orcid.org/0000-0003-2872-8039"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"K. Rustan M. Leino","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020869737","display_name":"Mika\u00ebl Mayer","orcid":"https://orcid.org/0000-0002-6460-8731"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Mikael Mayer","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019908842","display_name":"Sean McLaughlin","orcid":"https://orcid.org/0000-0002-7042-6424"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sean McLaughlin","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118596288","display_name":"Akhilesh Mritunjai","orcid":null},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Akhilesh Mritunjai","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018186543","display_name":"Cl\u00e9ment Pit-Claudel","orcid":"https://orcid.org/0000-0002-1900-3901"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Clement Pit-Claudel","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051441125","display_name":"Sorawee Porncharoenwase","orcid":"https://orcid.org/0000-0003-3900-5602"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sorawee Porncharoenwase","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091861223","display_name":"Florian Rabe","orcid":"https://orcid.org/0000-0003-3040-3655"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Florian Rabe","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035453669","display_name":"Mike Rapoport","orcid":null},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Marianna Rapoport","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052066515","display_name":"Giles Reger","orcid":"https://orcid.org/0000-0001-6353-952X"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Giles Reger","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108730900","display_name":"Christian Roux","orcid":null},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Cody Roux","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047763549","display_name":"Neha Rungta","orcid":"https://orcid.org/0000-0001-5143-8940"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Neha Rungta","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088797031","display_name":"Robin Salkeld","orcid":null},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Robin Salkeld","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072442738","display_name":"Matthias Schlaipfer","orcid":"https://orcid.org/0000-0002-3664-6677"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Matthias Schlaipfer","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044906965","display_name":"Daniel Schoepe","orcid":"https://orcid.org/0009-0006-1187-9569"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Daniel Schoepe","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118596289","display_name":"Johanna Schwartzentruber","orcid":null},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Johanna Schwartzentruber","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091601759","display_name":"Serdar Ta\u015firan","orcid":null},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Serdar Tasiran","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043389542","display_name":"Aaron Tomb","orcid":null},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Aaron Tomb","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088791029","display_name":"Emina Torlak","orcid":"https://orcid.org/0000-0002-1155-2711"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Emina Torlak","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031329578","display_name":"Jean-Baptiste Tristan","orcid":"https://orcid.org/0000-0003-2574-7883"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Jean-Baptiste Tristan","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083579335","display_name":"Lucas K. Wagner","orcid":"https://orcid.org/0000-0002-3755-044X"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Lucas Wagner","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014360702","display_name":"Michael W. Whalen","orcid":"https://orcid.org/0000-0003-3824-1435"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Michael W. Whalen","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022711156","display_name":"R. F. Willems","orcid":null},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Remy Willems","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043563677","display_name":"Tao Xiang","orcid":"https://orcid.org/0000-0001-5998-7338"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Tongtong Xiang","raw_affiliation_strings":["Amazon"],"affiliations":[{"raw_affiliation_string":"Amazon","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118596290","display_name":"Tae Joon Byun","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tae Joon Byun","raw_affiliation_strings":["Meta"],"affiliations":[{"raw_affiliation_string":"Meta","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066250865","display_name":"Joshua Cohen","orcid":"https://orcid.org/0000-0001-8743-2233"},"institutions":[{"id":"https://openalex.org/I20089843","display_name":"Princeton University","ror":"https://ror.org/00hx57361","country_code":"US","type":"education","lineage":["https://openalex.org/I20089843"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Joshua Cohen","raw_affiliation_strings":["Princeton University"],"affiliations":[{"raw_affiliation_string":"Princeton University","institution_ids":["https://openalex.org/I20089843"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118138865","display_name":"Ruijie Fang","orcid":"https://orcid.org/0000-0001-5348-5468"},"institutions":[{"id":"https://openalex.org/I86519309","display_name":"The University of Texas at Austin","ror":"https://ror.org/00hj54h04","country_code":"US","type":"education","lineage":["https://openalex.org/I86519309"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ruijie Fang","raw_affiliation_strings":["University of Texas at Austin"],"affiliations":[{"raw_affiliation_string":"University of Texas at Austin","institution_ids":["https://openalex.org/I86519309"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102241055","display_name":"Junyoung Jang","orcid":null},"institutions":[{"id":"https://openalex.org/I5023651","display_name":"McGill University","ror":"https://ror.org/01pxwe438","country_code":"CA","type":"education","lineage":["https://openalex.org/I5023651"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Junyoung Jang","raw_affiliation_strings":["McGill University"],"affiliations":[{"raw_affiliation_string":"McGill University","institution_ids":["https://openalex.org/I5023651"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030754295","display_name":"Jakob Rath","orcid":"https://orcid.org/0000-0002-7022-6668"},"institutions":[{"id":"https://openalex.org/I145847075","display_name":"TU Wien","ror":"https://ror.org/04d836q62","country_code":"AT","type":"education","lineage":["https://openalex.org/I145847075"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Jakob Rath","raw_affiliation_strings":["TU Wien"],"affiliations":[{"raw_affiliation_string":"TU Wien","institution_ids":["https://openalex.org/I145847075"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118596291","display_name":"Hira Taqdees Syeda","orcid":null},"institutions":[{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Hira Taqdees Syeda","raw_affiliation_strings":["University of Melbourne"],"affiliations":[{"raw_affiliation_string":"University of Melbourne","institution_ids":["https://openalex.org/I165779595"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039984356","display_name":"Dominik Wagner","orcid":"https://orcid.org/0000-0001-7514-8446"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Dominik Wagner","raw_affiliation_strings":["NTU Singapore"],"affiliations":[{"raw_affiliation_string":"NTU Singapore","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5010819934","display_name":"Yongwei Yuan","orcid":"https://orcid.org/0000-0002-2619-2288"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yongwei Yuan","raw_affiliation_strings":["Purdue University"],"affiliations":[{"raw_affiliation_string":"Purdue University","institution_ids":["https://openalex.org/I219193219"]}]}],"institutions":[],"countries_distinct_count":5,"institutions_distinct_count":38,"corresponding_author_ids":["https://openalex.org/A5118596287"],"corresponding_institution_ids":["https://openalex.org/I4210089985"],"apc_list":null,"apc_paid":null,"fwci":3.4721,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.92730989,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"2508","last_page":"2521"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9927999973297119,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9927999973297119,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10101","display_name":"Cloud Computing and Resource Management","score":0.9455000162124634,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9251000285148621,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.7799436450004578},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7403173446655273},{"id":"https://openalex.org/keywords/authorization","display_name":"Authorization","score":0.5592131614685059},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.5432047843933105},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.3737436830997467},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.31146448850631714},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.25614452362060547},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.05802926421165466}],"concepts":[{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.7799436450004578},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7403173446655273},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.5592131614685059},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.5432047843933105},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.3737436830997467},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.31146448850631714},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.25614452362060547},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.05802926421165466},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icse55347.2025.00166","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icse55347.2025.00166","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE/ACM 47th International Conference on Software Engineering (ICSE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":56,"referenced_works":["https://openalex.org/W59502829","https://openalex.org/W1537943690","https://openalex.org/W1545681762","https://openalex.org/W1571061829","https://openalex.org/W1583095677","https://openalex.org/W1705210632","https://openalex.org/W1964830323","https://openalex.org/W2005973420","https://openalex.org/W2006731094","https://openalex.org/W2033914241","https://openalex.org/W2076409494","https://openalex.org/W2077359497","https://openalex.org/W2112337853","https://openalex.org/W2123800777","https://openalex.org/W2130427425","https://openalex.org/W2132302503","https://openalex.org/W2162635569","https://openalex.org/W2318327664","https://openalex.org/W2548363072","https://openalex.org/W2565255124","https://openalex.org/W2732888418","https://openalex.org/W2783317701","https://openalex.org/W2893106650","https://openalex.org/W2897528029","https://openalex.org/W2964540713","https://openalex.org/W3010700826","https://openalex.org/W3013443015","https://openalex.org/W3015276542","https://openalex.org/W3082765557","https://openalex.org/W3178506813","https://openalex.org/W3183749185","https://openalex.org/W3185902186","https://openalex.org/W4241364391","https://openalex.org/W4244488020","https://openalex.org/W4249302518","https://openalex.org/W4285303404","https://openalex.org/W4285586640","https://openalex.org/W4305010641","https://openalex.org/W4362661194","https://openalex.org/W4392023442","https://openalex.org/W4396242236","https://openalex.org/W4400484855","https://openalex.org/W6604335577","https://openalex.org/W6628322413","https://openalex.org/W6667847518","https://openalex.org/W6685359154","https://openalex.org/W6696118695","https://openalex.org/W6726519258","https://openalex.org/W6736003816","https://openalex.org/W6763411181","https://openalex.org/W6785422232","https://openalex.org/W6797794712","https://openalex.org/W6838968967","https://openalex.org/W6866615378","https://openalex.org/W6890062488","https://openalex.org/W6965422237"],"related_works":["https://openalex.org/W4244478748","https://openalex.org/W3150465815","https://openalex.org/W4223488648","https://openalex.org/W2134969820","https://openalex.org/W2251605416","https://openalex.org/W1997222214","https://openalex.org/W2560439919","https://openalex.org/W4389340727","https://openalex.org/W2802581102","https://openalex.org/W4205786897"],"abstract_inverted_index":{"All":[0],"critical":[1,274],"systems":[2],"must":[3,26],"evolve":[4,273],"to":[5,30,142,180,201,209,216,260,272],"meet":[6],"the":[7,58,91,97,112,123,169,193,199,226,233,236,248],"needs":[8],"of":[9,78,115,152,225],"a":[10,28,76,83,134,182,187,223],"growing":[11],"and":[12,40,108,118,130,157,196,208,244],"diversifying":[13],"user":[14],"base.":[15],"But":[16],"supporting":[17],"that":[18,32,88,232],"evolution":[19],"is":[20,38],"challenging":[21],"at":[22,277],"increasing":[23],"scale:":[24],"Maintainers":[25],"find":[27],"way":[29],"ensure":[31,205,231],"each":[33],"change":[34,44],"does":[35],"only":[36],"what":[37],"intended,":[39],"will":[41],"not":[42,148],"inadvertently":[43],"behavior":[45],"for":[46,57,190],"existing":[47,154,170],"users.":[48],"This":[49],"paper":[50,159],"presents":[51,160],"how":[52,265],"we":[53,81,140,175,214,240],"addressed":[54],"this":[55,144,158],"challenge":[56],"Amazon":[59],"Web":[60],"Services":[61],"(AWS)":[62],"authorization":[63,85],"engine,":[64,86,171],"invoked":[65],"1":[66],"billion":[67],"times":[68],"per":[69],"second,":[70],"by":[71],"using":[72,96],"formal":[73,266],"verification.":[74],"Over":[75],"period":[77],"four":[79],"years,":[80],"built":[82,189],"new":[84,124,145,183],"one":[87],"behaves":[89],"functionally":[90],"same":[92],"as":[93],"its":[94],"predecessor,":[95],"verification-aware":[98],"programming":[99],"language":[100,188],"Dafny.":[101,228],"We":[102,121],"can":[103,268],"now":[104],"confidently":[105],"deploy":[106],"enhancements":[107],"optimizations":[109],"while":[110],"maintaining":[111],"highest":[113],"assurance":[114],"both":[116],"correctness":[117],"backward":[119],"compatibility.":[120],"deployed":[122],"engine":[125,146,184],"in":[126,173,185],"2024":[127],"without":[128],"incident":[129],"customers":[131],"immediately":[132],"enjoyed":[133],"threefold":[135],"performance":[136],"improvement.":[137],"The":[138],"methodology":[139],"followed":[141],"build":[143],"was":[147],"an":[149,153],"off-the-shelf":[150],"application":[151],"verification":[155,191,267],"tool,":[156],"several":[161],"key":[162],"insights:":[163],"1)":[164],"Rather":[165],"than":[166],"prove":[167],"correct":[168],"written":[172],"Java,":[174],"found":[176],"it":[177],"more":[178],"effective":[179],"write":[181],"Dafny,":[186],"from":[192,212],"ground":[194],"up,":[195],"then":[197],"compile":[198],"result":[200],"Java.":[202],"2)":[203],"To":[204,230],"performance,":[206],"debuggability,":[207],"gain":[210],"trust":[211],"stakeholders,":[213],"needed":[215],"generate":[217],"readable,":[218],"idiomatic":[219],"Java":[220],"code,":[221],"essentially":[222],"transliteration":[224],"source":[227],"3)":[229],"specification":[234],"matches":[235],"system's":[237],"actual":[238],"behavior,":[239],"performed":[241],"extensive":[242],"differential":[243],"shadow":[245],"testing":[246],"throughout":[247],"development":[249],"process,":[250],"ultimately":[251],"comparing":[252],"against":[253],"10<sup":[254],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[255],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">15</sup>":[256],"production":[257],"samples":[258],"prior":[259],"deployment.":[261],"Our":[262],"approach":[263],"demonstrates":[264],"be":[269],"effectively":[270],"applied":[271],"legacy":[275],"software":[276],"scale.":[278]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}