| Model-Centered Assurance for Autonomous Systems | 0 | 0.34 | 2020 |
| Inferring and Conveying Intentionality - Beyond Numerical Rewards to Logical Intentions. | 0 | 0.34 | 2019 |
| A Mechanically Assisted Examination of Begging the Question in Anselm's Ontological Argument. | 0 | 0.34 | 2018 |
| On the Interpretation of Assurance Case Arguments | 0 | 0.34 | 2015 |
| Safety envelope for security | 11 | 0.73 | 2014 |
| Evaluating the Assessment of Software Fault-Freeness. | 0 | 0.34 | 2014 |
| The versatile synchronous observer | 3 | 0.43 | 2014 |
| Mechanized Support for Assurance Case Argumentation. | 8 | 0.78 | 2013 |
| Example of a Complementary Use of Model Checking and Agent-Based Simulation | 3 | 0.38 | 2013 |
| Logic and Epistemology in Safety Cases | 4 | 0.62 | 2013 |
| Reasoning about the Reliability of Diverse Two-Channel Systems in Which One Channel Is "Possibly Perfect" | 21 | 1.00 | 2012 |
| From DSS to MILS - (Extended Abstract). | 1 | 0.38 | 2011 |
| Formal Modeling and Analysis for Interactive Hybrid Systems. | 14 | 0.86 | 2011 |
| Composing Safe Systems. | 5 | 0.52 | 2011 |
| Fractionated software for networked cyber-physical systems: research directions and long-term vision | 12 | 0.70 | 2011 |
| New challenges in certification for aircraft software | 15 | 0.98 | 2011 |
| Formalism in Safety Cases. | 11 | 0.88 | 2010 |
| Software Verification and System Assurance | 14 | 0.92 | 2009 |
| What Use is Verified Software? | 4 | 0.42 | 2007 |
| Distributed Secure Systems: Then and Now | 7 | 0.71 | 2007 |
| Just-in-Time Certification | 19 | 0.92 | 2007 |
| Automated Formal Methods Enter the Mainstream | 2 | 0.44 | 2007 |
| Harnessing Disruptive Innovation in Formal Verification | 20 | 1.17 | 2006 |
| Hybrid systems—and everything else | 0 | 0.34 | 2006 |
| PVS | 0 | 0.34 | 2006 |
| Tutorial: Automated Formal Methods with PVS, SAL, and Yices | 7 | 0.50 | 2006 |
| An evidential tool bus | 9 | 0.73 | 2005 |
| Automated Test Generation and Verified Software | 10 | 1.02 | 2005 |
| Generating Efficient Test Sets with a Model Checker | 69 | 3.40 | 2004 |
| SAL 2 | 42 | 1.81 | 2004 |
| An Operational Semantics for Stateflow | 71 | 3.17 | 2004 |
| Model Checking a Fault-Tolerant Startup Algorithm: From Design Exploration To Exhaustive Fault Simulation | 34 | 1.57 | 2004 |
| The ICS Decision Procedures for Embedded Deduction | 29 | 1.62 | 2004 |
| Invisible formal methods for embedded control systems | 26 | 1.44 | 2003 |
| Using model checking to help discover mode confusions and other automation surprises | 31 | 1.63 | 2002 |
| An Overview of Formal Verification for the Time-Triggered Architecture | 19 | 1.31 | 2002 |
| Bus Architectures for Safety-Critical Embedded Systems | 42 | 2.94 | 2001 |
| Modeling the Human in Human Factors | 11 | 0.75 | 2001 |
| Analyzing Cockpit Interfaces Using Formal Methods | 18 | 1.26 | 2001 |
| From Refutation to Verification | 2 | 0.44 | 2000 |
| Disappearing formal methods. | 5 | 0.53 | 2000 |
| Theorem Proving for Verification | 15 | 0.69 | 2000 |
| Verification Diagrams Revisited: Disjunctive Invariants for Easy Verification | 21 | 1.36 | 2000 |
| Mechanized Formal Methods: Where Next? | 7 | 0.60 | 1999 |
| Integrated Formal Verification: Using Model Checking with Automated Abstraction, Invariant Generation, and Theorem Proving | 17 | 1.00 | 1999 |
| Structural Embeddings: Mechanization with Method | 8 | 0.64 | 1999 |
| Systematic Formal Verification for Fault-Tolerant Time-Triggered Algorithms | 48 | 2.96 | 1999 |
| A case-study in component-based mechanical verification of fault-tolerant programs | 13 | 0.64 | 1999 |
| Subtypes for specifications: predicate subtyping in PVS | 65 | 2.57 | 1998 |
| PVS: An Experience Report | 19 | 1.69 | 1998 |
