| Toward The Verification Of A Simple Hypervisor | 7 | 0.52 | 2011 |
| Mechanized information flow analysis through inductive assertions | 2 | 0.38 | 2008 |
| A robust machine code proof framework for highly secure applications | 23 | 2.05 | 2006 |
| Introducing Abstractions via Rewriting | 1 | 0.69 | 2005 |
| Comparing Verification Systems: Interactive Consistency in ACL2 | 5 | 1.21 | 1997 |
| Mathematical Modeling and Analysis of an External Memory Manager | 2 | 0.52 | 1997 |
| A state-based approach to noninterference | 0 | 0.34 | 1995 |
| A State-Based Approach to Non-Interference | 6 | 0.53 | 1994 |
| Machine Checked Proofs of the Design of a Fault-Tolerance Circuit | 6 | 2.41 | 1992 |
| Introduction to a Formally Defined Hardware Description Language | 8 | 0.88 | 1992 |
| Mathematical Methods for Digital Systems Development | 8 | 1.15 | 1991 |
| Formal methods versus software engineering: Is there a conflict | 3 | 0.50 | 1991 |
| Verified program support environments | 0 | 0.34 | 1990 |
| Verified compilation in micro-Gypsy | 4 | 0.93 | 1989 |
| A mechanically verified code generator | 40 | 4.96 | 1989 |
| An approach to systems verification | 73 | 9.33 | 1989 |
| Toward Verified Execution Environments. | 11 | 5.33 | 1987 |
| Extending the Noninterference Version of MLS for SAT | 64 | 17.94 | 1987 |
| An Experience Using Two Covert Channel Analysis Techniques on a Real System Design | 30 | 9.76 | 1987 |
| Coding for a Believable Specification to Implementation Mapping. | 8 | 1.50 | 1987 |
| Extending the Non-Interference Version of MLS for SAT | 28 | 4.23 | 1986 |
| HAL/S/V: a verifiable subset for HAL/S | 0 | 0.34 | 1981 |
| Steelman and the verifiability of (preliminary) ADA | 0 | 0.34 | 1981 |
| Generics and verification in Ada | 2 | 0.45 | 1980 |
