Overview

The goal of the VSTTE conference series is to advance the state of the art in the science and technology of software verification, through the interaction of theory development, tool evolution, and experimental validation.

The Verified Software Initiative (VSI), spearheaded by Tony Hoare and Jayadev Misra, is an ambitious research program for making large-scale verified software a practical reality. The International Conference on Verified Software: Theories, Tools and Experiments (VSTTE) is the main forum for advancing the initiative. VSTTE brings together experts spanning the spectrum of software verification in order to foster international collaboration on the critical research challenges. The theoretical work includes semantic foundations and logics for specification and verification, and verification algorithms and methodologies. The tools cover specification and annotation languages, program analyzers, model checkers, interactive verifiers and proof checkers, automated theorem provers and SAT/SMT solvers, and integrated verification environments. The experimental work drives the research agenda for theory and tools by taking on significant specification/verification exercises covering hardware, operating systems, compilers, computer security, parallel computing, and cyber-physical systems.

The 2023 edition of VSTTE will be the 15th international conference in the series, and will be co-located with FMCAD 2023 in Ames, Iowa, USA.

We welcome submissions describing significant advances in the production of verified software, i.e., software that has been proved to meet its functional specifications. Submissions of theoretical, practical, and experimental contributions are equally encouraged, including those that focus on specific problems or problem domains. We are especially interested in submissions describing large-scale verification efforts that involve collaboration, theory unification, tool integration, and formalized domain knowledge. We also welcome papers describing novel experiments and case studies evaluating verification techniques and technologies.

Topics of interest for this conference include, but are not limited to, requirements modeling, specification languages, specification/verification/certification case studies, formal calculi, software design methods, automatic code generation, refinement methodologies, compositional analysis, verification tools (e.g., static analysis, dynamic analysis, model checking, theorem proving, satisfiability), tool integration, benchmarks, challenge problems, and integrated verification environments.
Paper Submissions

VSTTE 2023 will accept both long (limited to 16 pages, excluding references) and short (limited to 10 pages, excluding references) paper submissions. Short submissions also cover Verification Pearls describing an elegant proof or proof technique. Submitted research papers and system descriptions must be original and not submitted for publication elsewhere. Submissions of theoretical, practical, and experimental contributions are equally encouraged, including those that focus on specific problems or problem domains.

Papers will be submitted via EasyChair at the VSTTE 2023 conference page. Submissions that arrive late, are not in the proper format, or are too long will not be considered. The post-conference proceedings of VSTTE 2023 will be published as a LNCS volume by Springer-Verlag. Authors of accepted papers will be requested to sign a form transferring copyright of their contribution to Springer-Verlag. The use of LaTeX and the Springer LNCS class files is strongly encouraged.

Invited Speakers

Peter Mueller (ETHZ)

Arie Gurfinkel (U Waterloo)
Invited Tutorial

Mike Hicks (Amazon)

Title: Cedar: A language for expressing fast, safe, and fine-grained authorization policies

Abstract: Cedar is a new authorization policy language developed as the core of AWS's recently released Amazon Verified Permissions (AVP) service. Cedar policies are used to express fine-grained permissions on behalf of applications. Cedar was designed to be ergonomic, fast, safe, and analyzable. Cedar’s simple and intuitive syntax supports common authorization use-cases with easy-to-understand policies. Cedar’s policy structure ensures that access requests can be authorized quickly. Cedar's policy validator leverages gradual typing to help policy writers avoid mistakes but not get in their way. Cedar's design has been finely balanced to enable a sound and complete logical encoding, which allows analysts to precisely reason about what policies do, e.g., to ensure that when refactoring a set of policies, the authorized permissions do not change.

Cedar is built using a high-assurance process we call verification-guided development. Its authorization engine and validator are formally modeled in the Dafny programming language. Cedar’s core development team proves safety and security properties about those models in Dafny, and runs millions of automated differential tests to check that the implementations of the Cedar authorization engine and validator, written in Rust, agree with the Dafny models.


Cedar is joint work with Craig Disselkoen, Aaron Eline, Shaobo He, Kyle Headley, Kesha Hietala, John Kastner, Anwar Mamat, Darin McAdams, Matt McCutchen, Neha Rungta, Emina Torlak, and Andrew Wells (all at AWS).

Bio: Mike Hicks is a Senior Principal Scientist at Amazon Web Services, and Professor Emeritus at the University of Maryland. His research explores programming languages and security. He is a Fellow of the Association of Computing Machinery (ACM), Editor-in-Chief of Proceedings of the ACM on Programming Languages, and prior Chair of ACM's Special Interest Group on Programming Languages. He co-leads the development of Cedar, the policy language underpinning the new Amazon Verified Permissions authorization service.

Robert Jones (Amazon)
General Chair

* Supratik Chakraborty (IIT Bombay, India)

Program Chairs

* Serdar Tasiran (Amazon Web Services, USA)
* Andrew Reynolds (University of Iowa, USA)

Program Committee

* Ahmed Irfan (SRI International)
* Pierre-Loic Garoche (ENAC)
* Gennaro Parlato (University of Molise, Italy)
* Hiroshi Unno (University of Tsukuba)
* Yuepeng Wang (Simon Fraser University)
* Burcu Kulahcioglu Ozkan (Delft University of Technology)
* Christel Baier (TU Dresden)
* Constantin Enea (Ecole Polytechnique)
* Sergio Mover (Ecole Polytechnique)
* Haniel Barbosa (Universidade Federal de Minas Gerais)
* Supratik Chakraborty (IIT Bombay)
* Stefano Tonetta (FBK-irst)
* Kirsten Winter (The University of Queensland)
* Akash Lal (Microsoft)
* Roderick Bloem (Inst. for Applied Information Processing and Communications, TU Graz)
* Carlos Olarte (LIPN, Université Sorbonne Paris Nord)
* Borzoo Bonakdarpour (Michigan State University)
* Grigory Fedyukovich (Florida State University)
* Kristin Yvonne Rozier (Iowa State University)
* Pamela Zave (Princeton University)
* Yakir Vizel (The Technion)