{"id":"https://openalex.org/W7154574442","doi":"https://doi.org/10.48550/arxiv.2604.13638","title":"Cerisier: A Program Logic for Attestation in a Capability Machine","display_name":"Cerisier: A Program Logic for Attestation in a Capability Machine","publication_year":2026,"publication_date":"2026-04-15","ids":{"openalex":"https://openalex.org/W7154574442","doi":"https://doi.org/10.48550/arxiv.2604.13638"},"language":null,"primary_location":{"id":"pmh:oai:lirias2repo.kuleuven.be:20.500.12942/786647","is_oa":true,"landing_page_url":"https://lirias.kuleuven.be/handle/20.500.12942/786647","pdf_url":"https://lirias.kuleuven.be/retrieve/19b1cd75-d6ba-4514-a991-aa5f64e9d03b","source":{"id":"https://openalex.org/S4306401954","display_name":"Lirias (KU Leuven)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I99464096","host_organization_name":"KU Leuven","host_organization_lineage":["https://openalex.org/I99464096"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv","raw_type":"info:eu-repo/semantics/preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://lirias.kuleuven.be/retrieve/19b1cd75-d6ba-4514-a991-aa5f64e9d03b","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5108158321","display_name":"June Rousseau","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rousseau, June","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108158384","display_name":"Denis Carnier","orcid":"https://orcid.org/0000-0003-2148-5193"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Carnier, Denis","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064318003","display_name":"Thomas Van Strydonck","orcid":"https://orcid.org/0000-0002-5262-1381"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Van Strydonck, Thomas","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086376186","display_name":"Steven Keuchel","orcid":"https://orcid.org/0000-0001-6411-438X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Keuchel, Steven","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011654888","display_name":"Dominique Devriese","orcid":"https://orcid.org/0000-0002-3862-6856"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Devriese, Dominique","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5055959064","display_name":"Lars Birkedal","orcid":"https://orcid.org/0000-0003-1320-0098"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Birkedal, Lars","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9553999900817871,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9553999900817871,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.008500000461935997,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.008299999870359898,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.6133999824523926},{"id":"https://openalex.org/keywords/trusted-computing","display_name":"Trusted Computing","score":0.564300000667572},{"id":"https://openalex.org/keywords/model-checking","display_name":"Model checking","score":0.4738999903202057},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.46209999918937683},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4499000012874603},{"id":"https://openalex.org/keywords/formal-verification","display_name":"Formal verification","score":0.421099990606308},{"id":"https://openalex.org/keywords/identity","display_name":"Identity (music)","score":0.41850000619888306},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4174000024795532}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7505999803543091},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.6133999824523926},{"id":"https://openalex.org/C2776831232","wikidata":"https://www.wikidata.org/wiki/Q966812","display_name":"Trusted Computing","level":2,"score":0.564300000667572},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.5013999938964844},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.4738999903202057},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.46209999918937683},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4499000012874603},{"id":"https://openalex.org/C111498074","wikidata":"https://www.wikidata.org/wiki/Q173326","display_name":"Formal verification","level":2,"score":0.421099990606308},{"id":"https://openalex.org/C2778355321","wikidata":"https://www.wikidata.org/wiki/Q17079427","display_name":"Identity (music)","level":2,"score":0.41850000619888306},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4174000024795532},{"id":"https://openalex.org/C25343380","wikidata":"https://www.wikidata.org/wiki/Q277521","display_name":"Relation (database)","level":2,"score":0.4052000045776367},{"id":"https://openalex.org/C169796023","wikidata":"https://www.wikidata.org/wiki/Q3708936","display_name":"Direct Anonymous Attestation","level":3,"score":0.3995000123977661},{"id":"https://openalex.org/C173856430","wikidata":"https://www.wikidata.org/wiki/Q3257964","display_name":"Separation logic","level":2,"score":0.3921000063419342},{"id":"https://openalex.org/C2778029271","wikidata":"https://www.wikidata.org/wiki/Q5421931","display_name":"Extension (predicate logic)","level":2,"score":0.36160001158714294},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.3529999852180481},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.3424000144004822},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3400000035762787},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.31630000472068787},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.30140000581741333},{"id":"https://openalex.org/C75606506","wikidata":"https://www.wikidata.org/wiki/Q1049183","display_name":"Formal methods","level":2,"score":0.28060001134872437},{"id":"https://openalex.org/C202775310","wikidata":"https://www.wikidata.org/wiki/Q1140366","display_name":"Trusted Platform Module","level":2,"score":0.274399995803833},{"id":"https://openalex.org/C88482812","wikidata":"https://www.wikidata.org/wiki/Q6453666","display_name":"Modular programming","level":2,"score":0.27079999446868896},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2583000063896179},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.2574000060558319}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:lirias2repo.kuleuven.be:20.500.12942/786647","is_oa":true,"landing_page_url":"https://lirias.kuleuven.be/handle/20.500.12942/786647","pdf_url":"https://lirias.kuleuven.be/retrieve/19b1cd75-d6ba-4514-a991-aa5f64e9d03b","source":{"id":"https://openalex.org/S4306401954","display_name":"Lirias (KU Leuven)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I99464096","host_organization_name":"KU Leuven","host_organization_lineage":["https://openalex.org/I99464096"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv","raw_type":"info:eu-repo/semantics/preprint"},{"id":"doi:10.48550/arxiv.2604.13638","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.13638","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:lirias2repo.kuleuven.be:20.500.12942/786647","is_oa":true,"landing_page_url":"https://lirias.kuleuven.be/handle/20.500.12942/786647","pdf_url":"https://lirias.kuleuven.be/retrieve/19b1cd75-d6ba-4514-a991-aa5f64e9d03b","source":{"id":"https://openalex.org/S4306401954","display_name":"Lirias (KU Leuven)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I99464096","host_organization_name":"KU Leuven","host_organization_lineage":["https://openalex.org/I99464096"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv","raw_type":"info:eu-repo/semantics/preprint"},"sustainable_development_goals":[{"score":0.44041356444358826,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7154574442.pdf","grobid_xml":"https://content.openalex.org/works/W7154574442.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"A":[0],"key":[1],"feature":[2],"in":[3,90,150],"trusted":[4,171,181],"computing":[5],"is":[6,40,148],"attestation,":[7],"which":[8,134],"allows":[9],"encapsulated":[10],"components":[11],"(enclaves)":[12],"to":[13,17,105,115],"prove":[14],"their":[15,58],"identity":[16],"(local":[18],"or":[19,60],"remote)":[20],"distrusting":[21],"components.":[22],"Reasoning":[23],"about":[24,53,82],"software":[25],"that":[26],"uses":[27],"the":[28,75,91,96,116],"technique":[29,49],"requires":[30],"tracking":[31],"how":[32],"trust":[33],"evolves":[34],"after":[35],"successful":[36],"attestation.":[37,142],"This":[38],"process":[39],"security-critical":[41],"and":[42,57,69,85,95,120,139,178],"non-trivial,":[43],"but":[44],"no":[45],"existing":[46],"formal":[47],"verification":[48],"supports":[50],"modular":[51,80],"reasoning":[52,81],"attestation":[54,177],"of":[55,152,170],"enclaves":[56],"clients,":[59],"proving":[61,163],"end-to-end":[62,164],"properties":[63,165],"for":[64,79,131,166],"systems":[65],"combining":[66],"trusted,":[67,83],"untrusted":[68,84,132],"attested":[70,86],"code.":[71],"We":[72,99,159],"contribute":[73],"Cerisier,":[74],"first":[76],"program":[77,121,124],"logic":[78,94,125],"code,":[87,133],"fully":[88],"mechanized":[89],"Iris":[92],"separation":[93],"Rocq":[97],"Prover.":[98],"formalize":[100],"a":[101,128,153,179],"recent":[102],"proposal,":[103],"CHERI-TrEE,":[104],"extend":[106],"capability":[107,118,137],"machines":[108],"with":[109,127],"enclave":[110,141],"primitives,":[111],"as":[112],"an":[113],"extension":[114],"Cerise":[117],"machine":[119],"logic.":[122],"Our":[123],"comes":[126],"universal":[129,146],"contract":[130,147],"captures":[135],"both":[136],"safety":[138],"local":[140],"Like":[143],"Cerise,":[144],"this":[145],"phrased":[149],"terms":[151],"logical":[154],"relation":[155],"defining":[156],"capabilities'":[157],"authority.":[158],"demonstrate":[160],"Cerisier":[161],"by":[162],"three":[167],"representative":[168],"applications":[169],"computing:":[172],"secure":[173],"outsourced":[174],"computation,":[175],"mutual":[176],"modeled":[180],"sensor":[182],"component.":[183]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-06-13T07:54:00.901334","created_date":"2026-04-17T00:00:00"}