{"id":"https://openalex.org/W4386746600","doi":"https://doi.org/10.1145/3623510","title":"Cerise: Program Verification on a Capability Machine in the Presence of Untrusted Code","display_name":"Cerise: Program Verification on a Capability Machine in the Presence of Untrusted Code","publication_year":2023,"publication_date":"2023-09-14","ids":{"openalex":"https://openalex.org/W4386746600","doi":"https://doi.org/10.1145/3623510"},"language":"en","primary_location":{"id":"doi:10.1145/3623510","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3623510","pdf_url":null,"source":{"id":"https://openalex.org/S118992489","display_name":"Journal of the ACM","issn_l":"0004-5411","issn":["0004-5411","1557-735X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of the ACM","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://pure.au.dk/portal/en/publications/0b91fce5-ff15-48be-b077-83035db76d32","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5041169923","display_name":"A\u00efna Linn Georges","orcid":"https://orcid.org/0000-0002-5951-4642"},"institutions":[{"id":"https://openalex.org/I4210121786","display_name":"Max Planck Institute for Software Systems","ror":"https://ror.org/02pe2kf23","country_code":"DE","type":"facility","lineage":["https://openalex.org/I149899117","https://openalex.org/I4210121786"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"A\u00efna Linn Georges","raw_affiliation_strings":["MPI-SWS, Germany"],"raw_orcid":"https://orcid.org/0000-0002-5951-4642","affiliations":[{"raw_affiliation_string":"MPI-SWS, Germany","institution_ids":["https://openalex.org/I4210121786"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043705983","display_name":"Arma\u00ebl Gu\u00e9neau","orcid":"https://orcid.org/0000-0003-3072-4045"},"institutions":[{"id":"https://openalex.org/I1294671590","display_name":"Centre National de la Recherche Scientifique","ror":"https://ror.org/02feahw73","country_code":"FR","type":"government","lineage":["https://openalex.org/I1294671590"]},{"id":"https://openalex.org/I277688954","display_name":"Universit\u00e9 Paris-Saclay","ror":"https://ror.org/03xjwb503","country_code":"FR","type":"education","lineage":["https://openalex.org/I277688954"]},{"id":"https://openalex.org/I4387154672","display_name":"Laboratoire M\u00e9thodes Formelles","ror":"https://ror.org/00gdtta79","country_code":"FR","type":"facility","lineage":["https://openalex.org/I11559806","https://openalex.org/I1294671590","https://openalex.org/I277688954","https://openalex.org/I277688954","https://openalex.org/I4387154672"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Arma\u00ebl Gu\u00e9neau","raw_affiliation_strings":["Universit\u00e9 Paris-Saclay, CNRS, ENS Paris-Saclay, Inria, Laboratoire M\u00e9thodes Formelles, France"],"raw_orcid":"https://orcid.org/0000-0003-3072-4045","affiliations":[{"raw_affiliation_string":"Universit\u00e9 Paris-Saclay, CNRS, ENS Paris-Saclay, Inria, Laboratoire M\u00e9thodes Formelles, France","institution_ids":["https://openalex.org/I277688954","https://openalex.org/I1294671590","https://openalex.org/I4387154672"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064318003","display_name":"Thomas Van Strydonck","orcid":"https://orcid.org/0000-0002-5262-1381"},"institutions":[{"id":"https://openalex.org/I4210114974","display_name":"IMEC","ror":"https://ror.org/02kcbn207","country_code":"BE","type":"nonprofit","lineage":["https://openalex.org/I4210114974"]},{"id":"https://openalex.org/I99464096","display_name":"KU Leuven","ror":"https://ror.org/05f950310","country_code":"BE","type":"education","lineage":["https://openalex.org/I99464096"]}],"countries":["BE"],"is_corresponding":false,"raw_author_name":"Thomas Van Strydonck","raw_affiliation_strings":["imec-Distrinet, KU Leuven, Belgium","KU Leuven - CS - Department of Computer Science (Departement Computerwetenschappen\r\nCelestijnenlaan 200A B-3001 Leuven - Belgium)"],"raw_orcid":"https://orcid.org/0000-0002-5262-1381","affiliations":[{"raw_affiliation_string":"imec-Distrinet, KU Leuven, Belgium","institution_ids":["https://openalex.org/I4210114974","https://openalex.org/I99464096"]},{"raw_affiliation_string":"KU Leuven - CS - Department of Computer Science (Departement Computerwetenschappen\r\nCelestijnenlaan 200A B-3001 Leuven - Belgium)","institution_ids":["https://openalex.org/I99464096"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030831735","display_name":"Amin Timany","orcid":"https://orcid.org/0000-0002-2237-851X"},"institutions":[{"id":"https://openalex.org/I204337017","display_name":"Aarhus University","ror":"https://ror.org/01aj84f44","country_code":"DK","type":"education","lineage":["https://openalex.org/I204337017"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Amin Timany","raw_affiliation_strings":["Aarhus University, Denmark","Aarhus University [Aarhus] (Nordre Ringgade 1 DK-8000 Aarhus C - Denmark)"],"raw_orcid":"https://orcid.org/0000-0002-2237-851X","affiliations":[{"raw_affiliation_string":"Aarhus University, Denmark","institution_ids":["https://openalex.org/I204337017"]},{"raw_affiliation_string":"Aarhus University [Aarhus] (Nordre Ringgade 1 DK-8000 Aarhus C - Denmark)","institution_ids":["https://openalex.org/I204337017"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014999933","display_name":"Alix Trieu","orcid":"https://orcid.org/0000-0002-8239-8125"},"institutions":[{"id":"https://openalex.org/I4210108273","display_name":"Agence Nationale de S\u00e9curit\u00e9 du M\u00e9dicament et des Produits de Sant\u00e9","ror":"https://ror.org/01g80gk13","country_code":"FR","type":"government","lineage":["https://openalex.org/I4210108273"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Alix Trieu","raw_affiliation_strings":["ANSSI, France"],"raw_orcid":"https://orcid.org/0000-0002-8239-8125","affiliations":[{"raw_affiliation_string":"ANSSI, France","institution_ids":["https://openalex.org/I4210108273"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011654888","display_name":"Dominique Devriese","orcid":"https://orcid.org/0000-0002-3862-6856"},"institutions":[{"id":"https://openalex.org/I4210114974","display_name":"IMEC","ror":"https://ror.org/02kcbn207","country_code":"BE","type":"nonprofit","lineage":["https://openalex.org/I4210114974"]},{"id":"https://openalex.org/I99464096","display_name":"KU Leuven","ror":"https://ror.org/05f950310","country_code":"BE","type":"education","lineage":["https://openalex.org/I99464096"]}],"countries":["BE"],"is_corresponding":false,"raw_author_name":"Dominique Devriese","raw_affiliation_strings":["imec-Distrinet, KU Leuven, Belgium","KU Leuven - CS - Department of Computer Science (Departement Computerwetenschappen\r\nCelestijnenlaan 200A B-3001 Leuven - Belgium)"],"raw_orcid":"https://orcid.org/0000-0002-3862-6856","affiliations":[{"raw_affiliation_string":"imec-Distrinet, KU Leuven, Belgium","institution_ids":["https://openalex.org/I4210114974","https://openalex.org/I99464096"]},{"raw_affiliation_string":"KU Leuven - CS - Department of Computer Science (Departement Computerwetenschappen\r\nCelestijnenlaan 200A B-3001 Leuven - Belgium)","institution_ids":["https://openalex.org/I99464096"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055959064","display_name":"Lars Birkedal","orcid":"https://orcid.org/0000-0003-1320-0098"},"institutions":[{"id":"https://openalex.org/I204337017","display_name":"Aarhus University","ror":"https://ror.org/01aj84f44","country_code":"DK","type":"education","lineage":["https://openalex.org/I204337017"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Lars Birkedal","raw_affiliation_strings":["Aarhus University, Denmark","Aarhus University [Aarhus] (Nordre Ringgade 1 DK-8000 Aarhus C - Denmark)"],"raw_orcid":"https://orcid.org/0000-0003-1320-0098","affiliations":[{"raw_affiliation_string":"Aarhus University, Denmark","institution_ids":["https://openalex.org/I204337017"]},{"raw_affiliation_string":"Aarhus University [Aarhus] (Nordre Ringgade 1 DK-8000 Aarhus C - Denmark)","institution_ids":["https://openalex.org/I204337017"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.1211,"has_fulltext":true,"cited_by_count":13,"citation_normalized_percentile":{"value":0.898744,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"71","issue":"1","first_page":"1","last_page":"59"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7921924591064453},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.6583372354507446},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.6443483829498291},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4518798887729645}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7921924591064453},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.6583372354507446},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.6443483829498291},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4518798887729645},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/3623510","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3623510","pdf_url":null,"source":{"id":"https://openalex.org/S118992489","display_name":"Journal of the ACM","issn_l":"0004-5411","issn":["0004-5411","1557-735X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of the ACM","raw_type":"journal-article"},{"id":"pmh:oai:pure.atira.dk:openaire/0b91fce5-ff15-48be-b077-83035db76d32","is_oa":true,"landing_page_url":"https://pure.au.dk/portal/en/publications/0b91fce5-ff15-48be-b077-83035db76d32","pdf_url":null,"source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Georges, A L, Gu\u00e9neau, A, Van Strydonck, T, Timany, A, Trieu, A, Devriese, D & Birkedal, L 2024, 'Cerise : Program Verification on a Capability Machine in the Presence of Untrusted Code', Journal of the ACM, vol. 71, no. 1, 3. https://doi.org/10.1145/3623510","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:HAL:hal-03826854v3","is_oa":true,"landing_page_url":"https://hal.science/hal-03826854/document","pdf_url":"https://hal.science/hal-03826854v3/document","source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of the ACM (JACM), 2024, 71 (1), pp.1-59. &#x27E8;10.1145/3623510&#x27E9;","raw_type":"Journal articles"},{"id":"pmh:oai:lirias2repo.kuleuven.be:20.500.12942/725171","is_oa":true,"landing_page_url":"https://lirias.kuleuven.be/handle/20.500.12942/725171","pdf_url":"https://lirias.kuleuven.be/retrieve/4edb4055-a8e2-42aa-88dd-d57241d69f26","source":{"id":"https://openalex.org/S4306401954","display_name":"Lirias (KU Leuven)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I99464096","host_organization_name":"KU Leuven","host_organization_lineage":["https://openalex.org/I99464096"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal Of The Acm, vol. 71 (1), Art.No. ARTN 3, (1-57)","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"pmh:oai:pure.atira.dk:openaire/0b91fce5-ff15-48be-b077-83035db76d32","is_oa":true,"landing_page_url":"https://pure.au.dk/portal/en/publications/0b91fce5-ff15-48be-b077-83035db76d32","pdf_url":null,"source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Georges, A L, Gu\u00e9neau, A, Van Strydonck, T, Timany, A, Trieu, A, Devriese, D & Birkedal, L 2024, 'Cerise : Program Verification on a Capability Machine in the Presence of Untrusted Code', Journal of the ACM, vol. 71, no. 1, 3. https://doi.org/10.1145/3623510","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[{"score":0.6200000047683716,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2614865343","display_name":null,"funder_award_id":"FA9550-21-1-0054","funder_id":"https://openalex.org/F4320338279","funder_display_name":"Air Force Office of Scientific Research"},{"id":"https://openalex.org/G6851704783","display_name":null,"funder_award_id":"25804","funder_id":"https://openalex.org/F4320310490","funder_display_name":"Villum Fonden"}],"funders":[{"id":"https://openalex.org/F4320310490","display_name":"Villum Fonden","ror":"https://ror.org/007ww2d15"},{"id":"https://openalex.org/F4320321730","display_name":"Fonds Wetenschappelijk Onderzoek","ror":"https://ror.org/03qtxy027"},{"id":"https://openalex.org/F4320322308","display_name":"KU Leuven","ror":"https://ror.org/05f950310"},{"id":"https://openalex.org/F4320322928","display_name":"Danmarks Frie Forskningsfond","ror":"https://ror.org/02sptwz63"},{"id":"https://openalex.org/F4320327336","display_name":"Vlaamse regering","ror":null},{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":40,"referenced_works":["https://openalex.org/W1877442346","https://openalex.org/W1983077483","https://openalex.org/W2101443478","https://openalex.org/W2162598060","https://openalex.org/W2361817505","https://openalex.org/W2517996894","https://openalex.org/W2528661589","https://openalex.org/W2562833768","https://openalex.org/W2570150511","https://openalex.org/W2604241429","https://openalex.org/W2761120147","https://openalex.org/W2779850521","https://openalex.org/W2796499075","https://openalex.org/W2899599233","https://openalex.org/W2900137615","https://openalex.org/W2901454403","https://openalex.org/W2943086984","https://openalex.org/W2966793605","https://openalex.org/W2973704179","https://openalex.org/W2974932038","https://openalex.org/W2994621632","https://openalex.org/W2995538315","https://openalex.org/W3025512357","https://openalex.org/W3040448914","https://openalex.org/W3113614934","https://openalex.org/W3124113140","https://openalex.org/W3143310372","https://openalex.org/W3174107386","https://openalex.org/W3188362363","https://openalex.org/W3211661085","https://openalex.org/W4225163108","https://openalex.org/W4249212548","https://openalex.org/W4281711013","https://openalex.org/W4281916531","https://openalex.org/W4293812490","https://openalex.org/W4307208325","https://openalex.org/W4362659591","https://openalex.org/W4379536875","https://openalex.org/W4388857031","https://openalex.org/W6793002476"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"A":[0],"capability":[1,47,90,96,140],"machine":[2,15],"is":[3],"a":[4,25,46,64,171,178,198],"type":[5],"of":[6,21,39,42,133,204,208],"CPU":[7],"allowing":[8],"fine-grained":[9],"privilege":[10],"separation":[11],"using":[12,115],"capabilities":[13],",":[14],"words":[16],"that":[17,32,219],"represent":[18],"certain":[19],"kinds":[20],"authority.":[22],"We":[23,62,189],"present":[24,129,170],"mathematical":[26],"model":[27],"and":[28,53,74,104,184,202],"accompanying":[29],"proof":[30,124],"methods":[31],"can":[33],"be":[34],"used":[35],"for":[36,69,79,213],"formal":[37,137],"verification":[38],"functional":[40],"correctness":[41],"programs":[43],"running":[44],"on":[45,136],"machine,":[48],"even":[49],"when":[50],"they":[51],"invoke":[52],"are":[54],"invoked":[55],"by":[56,94],"unknown":[57,82],"(and":[58],"possibly":[59],"malicious)":[60],"code.":[61,83],"use":[63],"program":[65,100,118],"logic":[66,119],"called":[67],"Cerise":[68,99],"reasoning":[70,80,138],"about":[71,81,139,197],"known":[72],"code,":[73],"an":[75],"associated":[76],"logical":[77,85,102],"relation,":[78,103],"The":[84,98,126],"relation":[86],"formally":[87],"captures":[88],"the":[89,95,106,110,116,122,134,175,209,220],"safety":[91],"guarantees":[92],"provided":[93],"machine.":[97],"logic,":[101],"all":[105],"examples":[107],"considered":[108],"in":[109,121,163,177],"paper":[111,168],"have":[112],"been":[113],"mechanized":[114],"Iris":[117],"framework":[120],"Coq":[123],"assistant.":[125],"methodology":[127,221],"we":[128,169],"underlies":[130],"recent":[131],"work":[132,190],"authors":[135],"machines":[141],"[Georges":[142],"et":[143,148,154],"al.":[144,149,155],"2021":[145],";":[146,151],"Skorstengaard":[147],"2019a":[150],"Van":[152],"Strydonck":[153],"2022":[156],"],":[157],"but":[158],"was":[159],"left":[160],"somewhat":[161],"implicit":[162],"those":[164],"publications.":[165],"In":[166],"this":[167],"pedagogical":[172],"introduction":[173],"to":[174,194,223],"methodology,":[176],"simpler":[179],"setting":[180],"(no":[181],"exotic":[182],"capabilities),":[183],"starting":[185],"from":[186],"minimal":[187],"examples.":[188],"our":[191],"way":[192],"up":[193],"new":[195],"results":[196],"heap-based":[199],"calling":[200],"convention":[201],"implementations":[203],"sophisticated":[205],"object-capability":[206],"patterns":[207],"kind":[210],"previously":[211],"studied":[212],"high-level":[214],"languages":[215],"with":[216],"object-capabilities,":[217],"demonstrating":[218],"scales":[222],"such":[224],"reasoning.":[225]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}