{"id":22202876,"url":"https://github.com/logsem/cerise","last_synced_at":"2025-07-27T05:31:56.127Z","repository":{"id":46650950,"uuid":"304267477","full_name":"logsem/cerise","owner":"logsem","description":"Formalisation of a capability machine and principles for reasoning about security properties","archived":false,"fork":false,"pushed_at":"2024-11-05T21:37:24.000Z","size":41114,"stargazers_count":17,"open_issues_count":6,"forks_count":4,"subscribers_count":13,"default_branch":"main","last_synced_at":"2024-11-05T23:38:44.298Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Coq","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/logsem.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-10-15T08:58:28.000Z","updated_at":"2023-11-01T10:25:37.000Z","dependencies_parsed_at":"2023-10-13T01:21:52.508Z","dependency_job_id":"1f0a325f-3a73-4145-a524-d2f69665da8a","html_url":"https://github.com/logsem/cerise","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/logsem%2Fcerise","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/logsem%2Fcerise/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/logsem%2Fcerise/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/logsem%2Fcerise/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/logsem","download_url":"https://codeload.github.com/logsem/cerise/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227763351,"owners_count":17816170,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-02T16:38:34.797Z","updated_at":"2024-12-02T16:38:35.439Z","avatar_url":"https://github.com/logsem.png","language":"Coq","funding_links":[],"categories":[],"sub_categories":[],"readme":"This repository contains the Coq mechanization of a capability machine and\nprinciples to reason about the interaction of known and unknown code.\n\nThe repository depends on the submodule `machine_utils`. After cloning Cerise,\nyou can load the submodule using\n```\ngit submodule update --init\n```\n\nWe consider here a machine with so-called *sentry* (or \"enter\") capabilities on\ntop of the usual memory capabilities, and focus on reasoning about the\n*local-state encapsulation* properties they can enforce.\n\nWe instantiate the Iris program logic to reason about programs running on the\nmachine, and we use it to define a logical relation characterizing the behavior\nof unknown code. The logical relation is much simpler than what one would need\nto reason about more complex stack-like properties: in particular, we only need\nto rely on standard Iris invariants.\n\nFor more information, see this [extended\narticle](https://cs.au.dk/~birke/papers/cerise.pdf) which provides a pedagogical\nbut thorough overview of the work (currently submitted for publication).\n\n# Building the proofs\n\n## Installing the dependencies\n\nYou need to have [opam](https://opam.ocaml.org/) \u003e= 2.0 installed.\n\nThe simplest option is to create a fresh *local* opam switch with everything\nneeded, by running the following commands:\n\n```\nopam switch create -y --repositories=default,coq-released=https://coq.inria.fr/opam/released . ocaml-base-compiler.4.14.0\neval $(opam env)\n```\n\nConsult the `opam` file for more information.\n\n### Troubleshooting\n\nIf the `opam switch` invocation fails at some point, either remove the `_opam`\ndirectory and re-run the command (this will redo everything), or do `eval $(opam\nenv)` and then `opam install -y .` (this will continue from where it failed).\n\n## Building\n\n```\nmake -jN  # replace N with the number of CPU cores of your machine\n```\n\nIt is possible to run `make fundamental` to only build files up to the\nFundamental Theorem.\n\n# Documentation\n\nAn HTML rendering of the development can be browsed online at\n[logsem.github.io/cerise/dev/](https://logsem.github.io/cerise/dev/). In\nparticular, the index page provides an overview of the organisation of the\nformalization.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flogsem%2Fcerise","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flogsem%2Fcerise","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flogsem%2Fcerise/lists"}