T
Thomas Santen
Researcher at Microsoft
Publications - 14
Citations - 1307
Thomas Santen is an academic researcher from Microsoft. The author has contributed to research in topics: Software & Computer science. The author has an hindex of 9, co-authored 12 publications receiving 1252 citations.
Papers
More filters
Book ChapterDOI
VCC: A Practical System for Verifying Concurrent C
Ernie Cohen,Markus Dahlweid,Mark Hillebrand,Dirk Leinenbach,Michal Moskal,Thomas Santen,Wolfram Schulte,Stephan Tobies +7 more
TL;DR: This paper motivates VCC, describes the verification methodology, the architecture of VCC is described, and the experience using VCC to verify the Microsoft Hyper-V hypervisor is reported on.
Journal ArticleDOI
A comparison of security requirements engineering methods
TL;DR: A conceptual framework for security engineering is presented, with a strong focus on security requirements elicitation and analysis, that establishes a clear-cut vocabulary and makes explicit the interrelations between the different concepts and notions used in security engineering.
Book ChapterDOI
Verifying the Microsoft Hyper-V Hypervisor with VCC
Dirk Leinenbach,Thomas Santen +1 more
TL;DR: A brief overview on the Hypervisor with a special focus on verification related challenges this kind of low-level software poses is given, and how the design of VCC addresses these challenges is discussed.
Proceedings ArticleDOI
VCC: Contract-based modular verification of concurrent C
TL;DR: Annotated C and the Verified C Compiler form the first modular sound verification methodology for concurrent C that scales to real-world production code.
Book ChapterDOI
Invariants, modularity, and rights
Ernie Cohen,Eyad Alkassar,Vladimir Boyarinov,Markus Dahlweid,Ulan Degenbaev,Mark Hillebrand,Bruno Langenstein,Dirk Leinenbach,Michal Moskal,Steven Obua,Wolfgang J. Paul,Hristo Pentchev,Elena Petrova,Thomas Santen,Norbert Schirmer,Sabine Schmaltz,Wolfram Schulte,Andrey Shadrin,Stephan Tobies,Alexandra Tsyban,Sergey Tverdyshev +20 more
TL;DR: This paper argues that rights to access the state are really just sugar for knowledge that certain updates preserve certain invariants, and extends program assertions to include not just knowledge about the state, but rights toaccess the state.