The distinction between safety and liveness properties is due to Lamport who gave the following informal characterization. Safety properties assert that nothing bad ever happens w...
Many software security policies can be encoded as aspects that identify and guard security-relevant program operations. Bugs in these aspectually-implemented security policies oft...
We report on our experience implementing a lightweight, fully verified relational database management system (RDBMS). The functional specification of RDBMS behavior, RDBMS impleme...
Avraham Shinnar, Greg Morrisett, J. Gregory Malech...
We generalise Fiore et al's account of variable binding for untyped cartesian contexts and Tanaka's account of variable binding for untyped linear contexts to give an ac...
This paper describes the application of the Real-Time Maude tool and the Maude formal methodology to the specification and analysis of the AER/NCA suite of active network multicast...