{"id":"https://openalex.org/W4362676658","doi":"https://doi.org/10.1145/3586040","title":"A Verification Methodology for the Arm\u00ae Confidential Computing Architecture: From a Secure Specification to Safe Implementations","display_name":"A Verification Methodology for the Arm\u00ae Confidential Computing Architecture: From a Secure Specification to Safe Implementations","publication_year":2023,"publication_date":"2023-04-06","ids":{"openalex":"https://openalex.org/W4362676658","doi":"https://doi.org/10.1145/3586040"},"language":"en","primary_location":{"id":"doi:10.1145/3586040","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3586040","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3586040","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3586040","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5021247044","display_name":"Anthony Fox","orcid":"https://orcid.org/0000-0002-1564-3784"},"institutions":[{"id":"https://openalex.org/I2801109035","display_name":"ARM (United Kingdom)","ror":"https://ror.org/04mmhzs81","country_code":"GB","type":"company","lineage":["https://openalex.org/I2801109035"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Anthony C. J. Fox","raw_affiliation_strings":["ARM, UK"],"raw_orcid":"https://orcid.org/0000-0002-1564-3784","affiliations":[{"raw_affiliation_string":"ARM, UK","institution_ids":["https://openalex.org/I2801109035"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022771491","display_name":"Gareth Stockwell","orcid":"https://orcid.org/0009-0004-1773-2846"},"institutions":[{"id":"https://openalex.org/I2801109035","display_name":"ARM (United Kingdom)","ror":"https://ror.org/04mmhzs81","country_code":"GB","type":"company","lineage":["https://openalex.org/I2801109035"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Gareth Stockwell","raw_affiliation_strings":["ARM, UK"],"raw_orcid":"https://orcid.org/0009-0004-1773-2846","affiliations":[{"raw_affiliation_string":"ARM, UK","institution_ids":["https://openalex.org/I2801109035"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008723144","display_name":"Shale Xiong","orcid":"https://orcid.org/0000-0001-9312-195X"},"institutions":[{"id":"https://openalex.org/I2801109035","display_name":"ARM (United Kingdom)","ror":"https://ror.org/04mmhzs81","country_code":"GB","type":"company","lineage":["https://openalex.org/I2801109035"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Shale Xiong","raw_affiliation_strings":["ARM, UK"],"raw_orcid":"https://orcid.org/0000-0001-9312-195X","affiliations":[{"raw_affiliation_string":"ARM, UK","institution_ids":["https://openalex.org/I2801109035"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006850611","display_name":"Hanno Becker","orcid":"https://orcid.org/0009-0008-8277-4312"},"institutions":[{"id":"https://openalex.org/I4210123934","display_name":"Amazon (United Kingdom)","ror":"https://ror.org/02xey9634","country_code":"GB","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210123934"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Hanno Becker","raw_affiliation_strings":["Amazon Web Services, UK"],"raw_orcid":"https://orcid.org/0009-0008-8277-4312","affiliations":[{"raw_affiliation_string":"Amazon Web Services, UK","institution_ids":["https://openalex.org/I4210123934"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077355709","display_name":"Dominic P. Mulligan","orcid":"https://orcid.org/0000-0003-4643-3541"},"institutions":[{"id":"https://openalex.org/I4210123934","display_name":"Amazon (United Kingdom)","ror":"https://ror.org/02xey9634","country_code":"GB","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210123934"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Dominic P. Mulligan","raw_affiliation_strings":["Amazon Web Services, UK"],"raw_orcid":"https://orcid.org/0000-0003-4643-3541","affiliations":[{"raw_affiliation_string":"Amazon Web Services, UK","institution_ids":["https://openalex.org/I4210123934"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088681238","display_name":"Gustavo Petri","orcid":"https://orcid.org/0000-0003-3289-4574"},"institutions":[{"id":"https://openalex.org/I4210123934","display_name":"Amazon (United Kingdom)","ror":"https://ror.org/02xey9634","country_code":"GB","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210123934"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Gustavo Petri","raw_affiliation_strings":["Amazon Web Services, UK"],"raw_orcid":"https://orcid.org/0000-0003-3289-4574","affiliations":[{"raw_affiliation_string":"Amazon Web Services, UK","institution_ids":["https://openalex.org/I4210123934"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073793617","display_name":"Nathan Chong","orcid":"https://orcid.org/0000-0001-7843-9556"},"institutions":[{"id":"https://openalex.org/I1311688040","display_name":"Amazon (United States)","ror":"https://ror.org/04mv4n011","country_code":"US","type":"company","lineage":["https://openalex.org/I1311688040"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nathan Chong","raw_affiliation_strings":["Amazon Web Services, USA"],"raw_orcid":"https://orcid.org/0000-0001-7843-9556","affiliations":[{"raw_affiliation_string":"Amazon Web Services, USA","institution_ids":["https://openalex.org/I1311688040"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5021247044"],"corresponding_institution_ids":["https://openalex.org/I2801109035"],"apc_list":null,"apc_paid":null,"fwci":2.8969,"has_fulltext":true,"cited_by_count":17,"citation_normalized_percentile":{"value":0.92444782,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"7","issue":"OOPSLA1","first_page":"376","last_page":"405"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.9894999861717224,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.781446099281311},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.7088284492492676},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.6483726501464844},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.523253321647644},{"id":"https://openalex.org/keywords/concurrency","display_name":"Concurrency","score":0.5170727372169495},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4987671375274658},{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.4693121910095215},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4457648992538452},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3300054669380188},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.2176579236984253},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.18472084403038025}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.781446099281311},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.7088284492492676},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.6483726501464844},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.523253321647644},{"id":"https://openalex.org/C193702766","wikidata":"https://www.wikidata.org/wiki/Q1414548","display_name":"Concurrency","level":2,"score":0.5170727372169495},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4987671375274658},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.4693121910095215},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4457648992538452},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3300054669380188},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.2176579236984253},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.18472084403038025},{"id":"https://openalex.org/C153349607","wikidata":"https://www.wikidata.org/wiki/Q36649","display_name":"Visual arts","level":1,"score":0.0},{"id":"https://openalex.org/C142362112","wikidata":"https://www.wikidata.org/wiki/Q735","display_name":"Art","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3586040","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3586040","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3586040","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3586040","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3586040","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3586040","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4362676658.pdf","grobid_xml":"https://content.openalex.org/works/W4362676658.grobid-xml"},"referenced_works_count":40,"referenced_works":["https://openalex.org/W51058944","https://openalex.org/W134285089","https://openalex.org/W146244851","https://openalex.org/W327452528","https://openalex.org/W583304954","https://openalex.org/W779804229","https://openalex.org/W1168380302","https://openalex.org/W1540575800","https://openalex.org/W1819989006","https://openalex.org/W1966709388","https://openalex.org/W1974737884","https://openalex.org/W1975091280","https://openalex.org/W1977764760","https://openalex.org/W1990802884","https://openalex.org/W2076409494","https://openalex.org/W2090551028","https://openalex.org/W2091621003","https://openalex.org/W2093852121","https://openalex.org/W2130427425","https://openalex.org/W2132107743","https://openalex.org/W2136310957","https://openalex.org/W2167213542","https://openalex.org/W2476747876","https://openalex.org/W2592218250","https://openalex.org/W2762625979","https://openalex.org/W2781213257","https://openalex.org/W2798365728","https://openalex.org/W2899437417","https://openalex.org/W2974073952","https://openalex.org/W2975647263","https://openalex.org/W3092452325","https://openalex.org/W3095921488","https://openalex.org/W3097964410","https://openalex.org/W3113748238","https://openalex.org/W3155827311","https://openalex.org/W3170733732","https://openalex.org/W3205972330","https://openalex.org/W4239031877","https://openalex.org/W4244488020","https://openalex.org/W6908831839"],"related_works":["https://openalex.org/W4387497383","https://openalex.org/W3183948672","https://openalex.org/W3173606202","https://openalex.org/W3110381201","https://openalex.org/W2948807893","https://openalex.org/W2935909890","https://openalex.org/W2778153218","https://openalex.org/W2758277628","https://openalex.org/W1531601525","https://openalex.org/W4389238932"],"abstract_inverted_index":{"We":[0,139,160],"present":[1],"Arm's":[2,136],"efforts":[3,113],"in":[4,35,60,166,196],"verifying":[5],"the":[6,13,29,36,42,67,71,101,108,146,163,170,178],"specification":[7,102,128],"and":[8,52,73,88,93,96,103,115,120,129,131,180],"prototype":[9,105],"reference":[10],"implementation":[11,106,181],"of":[12,22,62,64,70,82,99,107,126,148,174,182],"Realm":[14,43],"Management":[15,44],"Monitor":[16],"(RMM),":[17],"an":[18,47],"essential":[19],"firmware":[20],"component":[21],"Arm":[23,39],"Confidential":[24,31,186],"Computing":[25,32,187],"Architecture":[26],"(Arm":[27],"CCA),":[28],"recently-announced":[30],"technologies":[33],"incorporated":[34],"Armv9-A":[37],"architecture.":[38],"CCA":[40],"introduced":[41],"Extension":[45],"(RME),":[46],"architectural":[48],"extension":[49],"for":[50,157,194],"Armv9-A,":[51],"a":[53,80,104,190],"technology":[54],"that":[55,155,162],"will":[56],"eventually":[57],"be":[58],"deployed":[59],"hundreds":[61],"millions":[63],"devices.":[65],"Given":[66],"security-critical":[68],"nature":[69],"RMM,":[72],"its":[74],"taxing":[75],"threat":[76],"model,":[77],"we":[78],"use":[79],"combination":[81],"interactive":[83],"theorem":[84],"proving,":[85],"model":[86],"checking,":[87],"concurrency-aware":[89],"testing":[90],"to":[91,177],"validate":[92],"verify":[94],"security":[95],"safety":[97],"properties":[98],"both":[100,127],"RMM.":[109],"Crucially,":[110],"our":[111,141],"verification":[112],"were,":[114],"are":[116],"still":[117],"being,":[118],"developed":[119],"refined":[121],"contemporaneously":[122],"with":[123],"active":[124],"development":[125],"implementation,":[130,188],"have":[132],"been":[133],"adopted":[134],"by":[135],"product":[137],"teams.":[138],"describe":[140],"major":[142],"achievements,":[143],"realized":[144],"through":[145],"application":[147,173],"formal":[149,175],"techniques,":[150],"as":[151,153],"well":[152],"challenges":[154],"remain":[156],"future":[158],"work.":[159],"believe":[161],"work":[164,195],"reported":[165],"this":[167,197],"paper":[168],"is":[169],"most":[171],"thorough":[172],"techniques":[176],"design":[179],"any":[183],"current":[184],"commercially-viable":[185],"setting":[189],"new":[191],"high-water":[192],"mark":[193],"area.":[198]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}