{"id":"https://openalex.org/W7134889611","doi":"https://doi.org/10.1145/3779212.3790171","title":"Highly Automated Verification of Security Properties for Unmodified System Software","display_name":"Highly Automated Verification of Security Properties for Unmodified System Software","publication_year":2026,"publication_date":"2026-03-10","ids":{"openalex":"https://openalex.org/W7134889611","doi":"https://doi.org/10.1145/3779212.3790171"},"language":null,"primary_location":{"id":"doi:10.1145/3779212.3790171","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3779212.3790171","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3779212.3790171","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5109729525","display_name":"Ganxiang Yang","orcid":null},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ganxiang Yang","raw_affiliation_strings":["Columbia University, New York, NY, USA"],"raw_orcid":"https://orcid.org/0009-0006-5703-2582","affiliations":[{"raw_affiliation_string":"Columbia University, New York, NY, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103491790","display_name":"Wei Qiang","orcid":null},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wei Qiang","raw_affiliation_strings":["Columbia University, New York, NY, USA"],"raw_orcid":"https://orcid.org/0009-0003-2107-1625","affiliations":[{"raw_affiliation_string":"Columbia University, New York, NY, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yi Rong","orcid":"https://orcid.org/0000-0003-2740-2109"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yi Rong","raw_affiliation_strings":["Columbia University, New York, NY, USA"],"raw_orcid":"https://orcid.org/0000-0003-2740-2109","affiliations":[{"raw_affiliation_string":"Columbia University, New York, NY, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128708863","display_name":"Xuheng Li","orcid":null},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xuheng Li","raw_affiliation_strings":["Columbia University, New York, NY, USA"],"raw_orcid":"https://orcid.org/0009-0000-1371-2179","affiliations":[{"raw_affiliation_string":"Columbia University, New York, NY, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113242941","display_name":"Fanqi Yu","orcid":null},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Fanqi Yu","raw_affiliation_strings":["Columbia University, New York, NY, USA"],"raw_orcid":"https://orcid.org/0009-0009-3378-006X","affiliations":[{"raw_affiliation_string":"Columbia University, New York, NY, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055391594","display_name":"Jason Nieh","orcid":"https://orcid.org/0009-0005-8301-4479"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jason Nieh","raw_affiliation_strings":["Columbia University, New York, NY, USA"],"raw_orcid":"https://orcid.org/0009-0005-8301-4479","affiliations":[{"raw_affiliation_string":"Columbia University, New York, NY, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000031216","display_name":"Ronghui Gu","orcid":"https://orcid.org/0000-0002-6812-6182"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ronghui Gu","raw_affiliation_strings":["Columbia University, New York, NY, USA and CertiK, New York, NY, USA"],"raw_orcid":"https://orcid.org/0000-0002-6812-6182","affiliations":[{"raw_affiliation_string":"Columbia University, New York, NY, USA and CertiK, New York, NY, USA","institution_ids":["https://openalex.org/I78577930"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5109729525"],"corresponding_institution_ids":["https://openalex.org/I78577930"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.50045409,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"912","last_page":"928"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.6784999966621399,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.6784999966621399,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10142","display_name":"Formal Methods in Verification","score":0.14159999787807465,"subfield":{"id":"https://openalex.org/subfields/1703","display_name":"Computational Theory and Mathematics"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10126","display_name":"Logic, programming, and type systems","score":0.03220000118017197,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-verification","display_name":"Software verification","score":0.6553000211715698},{"id":"https://openalex.org/keywords/pointer","display_name":"Pointer (user interface)","score":0.6327000260353088},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5443000197410583},{"id":"https://openalex.org/keywords/formal-verification","display_name":"Formal verification","score":0.48919999599456787},{"id":"https://openalex.org/keywords/software-system","display_name":"Software system","score":0.44670000672340393},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.4390000104904175},{"id":"https://openalex.org/keywords/verification","display_name":"Verification","score":0.43630000948905945},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.41440001130104065},{"id":"https://openalex.org/keywords/functional-verification","display_name":"Functional verification","score":0.4016999900341034},{"id":"https://openalex.org/keywords/transition-system","display_name":"Transition system","score":0.3824999928474426}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8379999995231628},{"id":"https://openalex.org/C33054407","wikidata":"https://www.wikidata.org/wiki/Q6504747","display_name":"Software verification","level":5,"score":0.6553000211715698},{"id":"https://openalex.org/C150202949","wikidata":"https://www.wikidata.org/wiki/Q107602","display_name":"Pointer (user interface)","level":2,"score":0.6327000260353088},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5443000197410583},{"id":"https://openalex.org/C111498074","wikidata":"https://www.wikidata.org/wiki/Q173326","display_name":"Formal verification","level":2,"score":0.48919999599456787},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.48249998688697815},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.44670000672340393},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.4390000104904175},{"id":"https://openalex.org/C142284323","wikidata":"https://www.wikidata.org/wiki/Q7921323","display_name":"Verification","level":5,"score":0.43630000948905945},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.41440001130104065},{"id":"https://openalex.org/C62460635","wikidata":"https://www.wikidata.org/wiki/Q5508853","display_name":"Functional verification","level":3,"score":0.4016999900341034},{"id":"https://openalex.org/C2779167558","wikidata":"https://www.wikidata.org/wiki/Q176468","display_name":"Transition system","level":2,"score":0.3824999928474426},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.37790000438690186},{"id":"https://openalex.org/C3406870","wikidata":"https://www.wikidata.org/wiki/Q6044160","display_name":"Intelligent verification","level":5,"score":0.37720000743865967},{"id":"https://openalex.org/C202973057","wikidata":"https://www.wikidata.org/wiki/Q7380130","display_name":"Runtime verification","level":3,"score":0.37229999899864197},{"id":"https://openalex.org/C7263679","wikidata":"https://www.wikidata.org/wiki/Q5978076","display_name":"Pointer analysis","level":3,"score":0.3650999963283539},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.36070001125335693},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.3598000109195709},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3424000144004822},{"id":"https://openalex.org/C187250869","wikidata":"https://www.wikidata.org/wiki/Q5754573","display_name":"High-level verification","level":5,"score":0.31610000133514404},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.3149999976158142},{"id":"https://openalex.org/C75606506","wikidata":"https://www.wikidata.org/wiki/Q1049183","display_name":"Formal methods","level":2,"score":0.31470000743865967},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3043000102043152},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.30059999227523804},{"id":"https://openalex.org/C199519371","wikidata":"https://www.wikidata.org/wiki/Q942695","display_name":"Source lines of code","level":3,"score":0.298799991607666},{"id":"https://openalex.org/C76518257","wikidata":"https://www.wikidata.org/wiki/Q271680","display_name":"Software framework","level":5,"score":0.2824999988079071},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.2815999984741211},{"id":"https://openalex.org/C116253237","wikidata":"https://www.wikidata.org/wiki/Q1437424","display_name":"Formal specification","level":2,"score":0.27950000762939453},{"id":"https://openalex.org/C48002344","wikidata":"https://www.wikidata.org/wiki/Q2919644","display_name":"Verification and validation","level":2,"score":0.27559998631477356},{"id":"https://openalex.org/C107645828","wikidata":"https://www.wikidata.org/wiki/Q12070446","display_name":"System model","level":2,"score":0.27250000834465027},{"id":"https://openalex.org/C2988765172","wikidata":"https://www.wikidata.org/wiki/Q22349898","display_name":"Control software","level":3,"score":0.26420000195503235},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.25780001282691956},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.25529998540878296},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.2540999948978424},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.2533999979496002},{"id":"https://openalex.org/C124304363","wikidata":"https://www.wikidata.org/wiki/Q673661","display_name":"Abstraction","level":2,"score":0.2502000033855438}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3779212.3790171","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3779212.3790171","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3779212.3790171","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3779212.3790171","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7470174431800842}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":52,"referenced_works":["https://openalex.org/W44396093","https://openalex.org/W1565541828","https://openalex.org/W1586448612","https://openalex.org/W1973641744","https://openalex.org/W1975091280","https://openalex.org/W1977764760","https://openalex.org/W2040669676","https://openalex.org/W2054739713","https://openalex.org/W2066997989","https://openalex.org/W2067073730","https://openalex.org/W2110904621","https://openalex.org/W2118341398","https://openalex.org/W2132334337","https://openalex.org/W2132901790","https://openalex.org/W2136310957","https://openalex.org/W2152505375","https://openalex.org/W2412857152","https://openalex.org/W2415236938","https://openalex.org/W2761236351","https://openalex.org/W2762625979","https://openalex.org/W2767174522","https://openalex.org/W2768537380","https://openalex.org/W2798365728","https://openalex.org/W2894169300","https://openalex.org/W2899856510","https://openalex.org/W2903499634","https://openalex.org/W2974073952","https://openalex.org/W2975647263","https://openalex.org/W2982259651","https://openalex.org/W2995722189","https://openalex.org/W3032926390","https://openalex.org/W3139619551","https://openalex.org/W3174107386","https://openalex.org/W3177341713","https://openalex.org/W3205972330","https://openalex.org/W4205950726","https://openalex.org/W4211224947","https://openalex.org/W4225409672","https://openalex.org/W4238016509","https://openalex.org/W4239479692","https://openalex.org/W4243284147","https://openalex.org/W4254459063","https://openalex.org/W4315630928","https://openalex.org/W4318776735","https://openalex.org/W4362661194","https://openalex.org/W4362676658","https://openalex.org/W4384154591","https://openalex.org/W4390605422","https://openalex.org/W4400973173","https://openalex.org/W4404400628","https://openalex.org/W4404400748","https://openalex.org/W4408749785"],"related_works":[],"abstract_inverted_index":{"System":[0],"software":[1,14],"is":[2,39],"often":[3],"complex":[4],"and":[5,106,112,128],"hides":[6],"exploitable":[7],"security":[8,32,46,149],"vulnerabilities.":[9],"Formal":[10],"verification":[11,27,33,89],"promises":[12],"bug-free":[13],"but":[15],"comes":[16],"with":[17,157],"a":[18,62],"prohibitive":[19],"proof":[20],"cost.":[21],"We":[22,141],"present":[23],"Spoq2,":[24],"the":[25,42,102,117,143],"first":[26],"framework":[28],"to":[29,54,101],"highly":[30],"automate":[31],"of":[34,61,145,151],"unmodified":[35],"system":[36,64,67,76,155],"software.":[37,68],"Spoq2":[38,82,120,146],"based":[40],"on":[41,58],"observation":[43],"that":[44,65,133],"many":[45],"properties,":[47],"such":[48,72],"as":[49],"noninterference,":[50],"can":[51],"be":[52],"reduced":[53],"establishing":[55],"inductive":[56],"invariants":[57,73],"individual":[59,95,103],"transitions":[60,93],"transition":[63,104],"models":[66],"However,":[69],"directly":[70],"verifying":[71,148],"for":[74],"real":[75],"code":[77],"overwhelms":[78],"existing":[79],"SMT":[80,118,139],"solvers.":[81],"makes":[83],"this":[84],"possible":[85],"by":[86,147],"automatically":[87],"reducing":[88],"complexity.":[90],"It":[91],"decomposes":[92],"into":[94],"execution":[96],"paths,":[97],"extends":[98],"cone-of-influence":[99],"analysis":[100],"level,":[105],"eliminates":[107],"irrelevant":[108],"machine":[109],"states,":[110],"clauses,":[111],"control-flow":[113],"paths":[114],"before":[115],"invoking":[116],"solver.":[119],"further":[121],"optimizes":[122],"how":[123],"pointer":[124,131],"operations":[125,137],"are":[126],"modeled":[127],"verified":[129],"through":[130],"abstractions":[132],"eliminate":[134],"expensive":[135],"bit-wise":[136],"from":[138],"queries.":[140],"demonstrate":[142],"effectiveness":[144],"properties":[150],"four":[152],"unmodified,":[153],"real-world":[154],"codebases":[156],"minimal":[158],"manual":[159],"effort.":[160]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2026-03-12T00:00:00"}