{"id":"https://openalex.org/W4379536875","doi":"https://doi.org/10.1145/3591279","title":"VMSL: A Separation Logic for Mechanised Robust Safety of Virtual Machines Communicating above FF-A","display_name":"VMSL: A Separation Logic for Mechanised Robust Safety of Virtual Machines Communicating above FF-A","publication_year":2023,"publication_date":"2023-06-06","ids":{"openalex":"https://openalex.org/W4379536875","doi":"https://doi.org/10.1145/3591279"},"language":"en","primary_location":{"id":"doi:10.1145/3591279","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3591279","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3591279","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3591279","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080420028","display_name":"Zongyuan Liu","orcid":"https://orcid.org/0000-0001-9652-4869"},"institutions":[{"id":"https://openalex.org/I204337017","display_name":"Aarhus University","ror":"https://ror.org/01aj84f44","country_code":"DK","type":"education","lineage":["https://openalex.org/I204337017"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Zongyuan Liu","raw_affiliation_strings":["Aarhus University, Denmark"],"raw_orcid":"https://orcid.org/0000-0001-9652-4869","affiliations":[{"raw_affiliation_string":"Aarhus University, Denmark","institution_ids":["https://openalex.org/I204337017"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088739618","display_name":"Sergei Stepanenko","orcid":"https://orcid.org/0000-0002-7322-5644"},"institutions":[{"id":"https://openalex.org/I204337017","display_name":"Aarhus University","ror":"https://ror.org/01aj84f44","country_code":"DK","type":"education","lineage":["https://openalex.org/I204337017"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Sergei Stepanenko","raw_affiliation_strings":["Aarhus University, Denmark"],"raw_orcid":"https://orcid.org/0000-0002-7322-5644","affiliations":[{"raw_affiliation_string":"Aarhus University, Denmark","institution_ids":["https://openalex.org/I204337017"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027766872","display_name":"Jean Pichon-Pharabod","orcid":"https://orcid.org/0000-0002-4442-6543"},"institutions":[{"id":"https://openalex.org/I204337017","display_name":"Aarhus University","ror":"https://ror.org/01aj84f44","country_code":"DK","type":"education","lineage":["https://openalex.org/I204337017"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Jean Pichon-Pharabod","raw_affiliation_strings":["Aarhus University, Denmark"],"raw_orcid":"https://orcid.org/0000-0002-4442-6543","affiliations":[{"raw_affiliation_string":"Aarhus University, Denmark","institution_ids":["https://openalex.org/I204337017"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030831735","display_name":"Amin Timany","orcid":"https://orcid.org/0000-0002-2237-851X"},"institutions":[{"id":"https://openalex.org/I204337017","display_name":"Aarhus University","ror":"https://ror.org/01aj84f44","country_code":"DK","type":"education","lineage":["https://openalex.org/I204337017"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Amin Timany","raw_affiliation_strings":["Aarhus University, Denmark"],"raw_orcid":"https://orcid.org/0000-0002-2237-851X","affiliations":[{"raw_affiliation_string":"Aarhus University, Denmark","institution_ids":["https://openalex.org/I204337017"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023772821","display_name":"Aslan Askarov","orcid":"https://orcid.org/0000-0002-9035-4034"},"institutions":[{"id":"https://openalex.org/I204337017","display_name":"Aarhus University","ror":"https://ror.org/01aj84f44","country_code":"DK","type":"education","lineage":["https://openalex.org/I204337017"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Aslan Askarov","raw_affiliation_strings":["Aarhus University, Denmark"],"raw_orcid":"https://orcid.org/0000-0002-9035-4034","affiliations":[{"raw_affiliation_string":"Aarhus University, Denmark","institution_ids":["https://openalex.org/I204337017"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055959064","display_name":"Lars Birkedal","orcid":"https://orcid.org/0000-0003-1320-0098"},"institutions":[{"id":"https://openalex.org/I204337017","display_name":"Aarhus University","ror":"https://ror.org/01aj84f44","country_code":"DK","type":"education","lineage":["https://openalex.org/I204337017"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Lars Birkedal","raw_affiliation_strings":["Aarhus University, Denmark"],"raw_orcid":"https://orcid.org/0000-0003-1320-0098","affiliations":[{"raw_affiliation_string":"Aarhus University, Denmark","institution_ids":["https://openalex.org/I204337017"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.979,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.80075153,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"7","issue":"PLDI","first_page":"1438","last_page":"1462"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9922000169754028,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.9332637190818787},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8503873348236084},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.700928807258606},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5767338275909424},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4835043251514435},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.45504915714263916},{"id":"https://openalex.org/keywords/separation-logic","display_name":"Separation logic","score":0.4509517550468445},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.44925105571746826},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3858147859573364},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3524782061576843},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.23289796710014343},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.19358471035957336}],"concepts":[{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.9332637190818787},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8503873348236084},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.700928807258606},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5767338275909424},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4835043251514435},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.45504915714263916},{"id":"https://openalex.org/C173856430","wikidata":"https://www.wikidata.org/wiki/Q3257964","display_name":"Separation logic","level":2,"score":0.4509517550468445},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.44925105571746826},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3858147859573364},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3524782061576843},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.23289796710014343},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.19358471035957336},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3591279","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3591279","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3591279","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},{"id":"pmh:oai:pure.atira.dk:publications/86004023-0ec2-49c0-9f8e-e521c80a4446","is_oa":true,"landing_page_url":"https://pure.au.dk/portal/files/420153176/3591279.pdf","pdf_url":"https://pure.au.dk/ws/files/420153176/3591279.pdf","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Liu, Z, Stepanenko, S, Pichon-Pharabod, J, Timany, A, Askarov, A & Birkedal, L 2023, 'VMSL : A Separation Logic for Mechanised Robust Safety of Virtual Machines Communicating above FF-A', Proceedings of the ACM on Programming Languages , vol. 7, pp. 1438-1462. https://doi.org/10.1145/3591279","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:pure.atira.dk:openaire/86004023-0ec2-49c0-9f8e-e521c80a4446","is_oa":true,"landing_page_url":"https://pure.au.dk/portal/en/publications/86004023-0ec2-49c0-9f8e-e521c80a4446","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Liu, Z, Stepanenko, S, Pichon-Pharabod, J, Timany, A, Askarov, A & Birkedal, L 2023, 'VMSL : A Separation Logic for Mechanised Robust Safety of Virtual Machines Communicating above FF-A', Proceedings of the ACM on Programming Languages , vol. 7, pp. 1438-1462. https://doi.org/10.1145/3591279","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"doi:10.1145/3591279","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3591279","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3591279","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6851704783","display_name":null,"funder_award_id":"25804","funder_id":"https://openalex.org/F4320310490","funder_display_name":"Villum Fonden"}],"funders":[{"id":"https://openalex.org/F4320309327","display_name":"Google","ror":"https://ror.org/00njsd438"},{"id":"https://openalex.org/F4320310490","display_name":"Villum Fonden","ror":"https://ror.org/007ww2d15"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4379536875.pdf","grobid_xml":"https://content.openalex.org/works/W4379536875.grobid-xml"},"referenced_works_count":42,"referenced_works":["https://openalex.org/W51058944","https://openalex.org/W1540575800","https://openalex.org/W1545681762","https://openalex.org/W1937179622","https://openalex.org/W1988079752","https://openalex.org/W2061341742","https://openalex.org/W2112460268","https://openalex.org/W2128180740","https://openalex.org/W2136310957","https://openalex.org/W2137628566","https://openalex.org/W2141260727","https://openalex.org/W2141928434","https://openalex.org/W2147323041","https://openalex.org/W2162598060","https://openalex.org/W2163347957","https://openalex.org/W2163806865","https://openalex.org/W2165970356","https://openalex.org/W2170598551","https://openalex.org/W2361817505","https://openalex.org/W2509578035","https://openalex.org/W2513825548","https://openalex.org/W2562833768","https://openalex.org/W2751009798","https://openalex.org/W2761120147","https://openalex.org/W2900137615","https://openalex.org/W2901454403","https://openalex.org/W2945629647","https://openalex.org/W2973704179","https://openalex.org/W2998679550","https://openalex.org/W3113614934","https://openalex.org/W3155827311","https://openalex.org/W3175981353","https://openalex.org/W3184568883","https://openalex.org/W3205972330","https://openalex.org/W3211661085","https://openalex.org/W4225163108","https://openalex.org/W4226096346","https://openalex.org/W4245729501","https://openalex.org/W4253527523","https://openalex.org/W4281916531","https://openalex.org/W4386746600","https://openalex.org/W6950522987"],"related_works":["https://openalex.org/W1973516247","https://openalex.org/W4241166160","https://openalex.org/W2796290234","https://openalex.org/W2799095291","https://openalex.org/W2470663080","https://openalex.org/W2622620488","https://openalex.org/W2075174112","https://openalex.org/W2976854232","https://openalex.org/W2943837643","https://openalex.org/W4286572122"],"abstract_inverted_index":{"Thin":[0],"hypervisors":[1],"make":[2,34],"it":[3,71,156],"possible":[4],"to":[5,36,39,149,157,179],"isolate":[6],"key":[7],"security":[8,102,222],"components":[9],"like":[10],"keychains,":[11],"fingerprint":[12],"readers,":[13],"and":[14,67,83,101,154,201],"digital":[15],"wallets":[16],"from":[17],"the":[18,31,37,50,73,78,91,99,104,107,133,150,166,170,177,189,196,208,220,225,229,232,240],"easily-compromised":[19],"operating":[20],"system.":[21],"To":[22],"work":[23],"together,":[24],"virtual":[25,92,161,185,197,213],"machines":[26,162,198,214],"running":[27,215],"on":[28],"top":[29],"of":[30,52,75,80,84,103,106,110,118,132,183,195,211,224],"hypervisor":[32,38],"can":[33],"hypercalls":[35,129],"share":[40],"pages":[41],"between":[42,61],"each":[43],"other":[44,212],"in":[45,127,231,237],"a":[46,57,81,115,121,124,139],"controlled":[47],"way.":[48],"However,":[49],"design":[51,105],"such":[53],"hypercall":[54,86,108,167,171,226],"ABIs":[55,109],"remains":[56],"delicate":[58],"balancing":[59],"task":[60],"conflicting":[62],"needs":[63],"for":[64,90],"expressivity,":[65],"performance,":[66],"security.":[68],"In":[69,94],"particular,":[70],"raises":[72],"question":[74],"what":[76],"makes":[77],"specification":[79],"hypervisor,":[82],"its":[85],"ABIs,":[87,168],"good":[88],"enough":[89],"machines.":[93],"this":[95],"paper,":[96],"we":[97,144,175],"validate":[98],"expressivity":[100],"Arm's":[111],"FF-A.":[112],"We":[113,135],"formalise":[114],"substantial":[116],"fragment":[117],"FF-A":[119],"as":[120],"machine":[122,151],"with":[123,147],"simplified":[125],"ISA":[126],"which":[128,143,163],"are":[130,199],"steps":[131],"machine.":[134],"then":[136],"develop":[137],"VMSL,":[138],"novel":[140],"separation":[141],"logic,":[142],"prove":[145,180],"sound":[146],"respect":[148],"execution":[152],"model,":[153],"use":[155,176],"reason":[158],"modularly":[159],"about":[160],"communicate":[164],"through":[165],"demonstrating":[169],"ABIs'":[172],"expressivity.":[173],"Moreover,":[174],"logic":[178],"robust":[181],"safety":[182,209],"communicating":[184],"machines,":[186],"that":[187,191],"is,":[188],"guarantee":[190],"even":[192],"if":[193],"some":[194],"compromised":[200],"execute":[202],"unknown":[203],"code,":[204],"they":[205],"cannot":[206],"break":[207],"properties":[210],"known":[216],"code.":[217],"This":[218],"demonstrates":[219],"intended":[221],"guarantees":[223],"ABIs.":[227],"All":[228],"results":[230],"paper":[233],"have":[234],"been":[235],"formalised":[236],"Coq":[238],"using":[239],"Iris":[241],"framework.":[242]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}