H. Remzi, A. C. Arpaci-dusseau, and . Arpaci-dusseau, Operating Systems: Three Easy Pieces. 0, 2014.

[. Andreescu, T. Jensen, and S. Lescuyer, Correlating Structured Inputs and Outputs in Functional Specifications, Software Engineering and Formal Methods: 14th International Conference, SEFM 2016, Held as Part of STAF 2016 Proceedings, pp.85-103978, 2016.
DOI : 10.1145/1181775.1181809

A. Alkassar, Automated Verification of a Small Hypervisor, Lecture Notes in Computer Science. Edinburgh, vol.6217, pp.40-54, 2010.
DOI : 10.1007/978-3-642-15057-9_3

]. E. Alk+12 and . Alkassar, Verification of TLB Virtualization Implemented in C, 4th International Conference on Verifed Software: Theories, Tools, and Experiments , VSTTE'12. Lecture Notes in Computer Science, 2012.

J. Bacelar and A. , Rigorous Software Development -An Introduction to Program Verification Undergraduate Topics in Computer Science, pp.1-263, 2011.

S. J. Andrabi, Verification of XMHF HPT Protection Setup. Tech. rep. University of North Carolina, 2013.

G. Barthe, Cache-Leakage Resilient OS Isolation in an Idealized Model of Virtualization, 2012 IEEE 25th Computer Security Foundations Symposium, pp.186-197, 2012.
DOI : 10.1109/CSF.2012.17

[. Baumann, Proving Memory Separation in a Microkernel by Code Level Verification, 2011 14th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops, 2011.
DOI : 10.1109/ISORCW.2011.14

C. Baumann and T. Bormer, Verifying the PikeOS Microkernel: First Results in the Verisoft XT Avionics Project Doctoral Symposium on Systems Software Verification (DS SSV 2009), pp.20-22, 2009.

W. R. Bevier, Kit: a study in operating system verification, IEEE Transactions on Software Engineering, vol.15, issue.11, pp.1382-1396, 1989.
DOI : 10.1109/32.41331
URL : http://dirleton.csres.utexas.edu/reports/files/028.ps

P. Bolignano, T. Jensen, and V. Siles, Modeling and Abstraction of Memory Management in a Hypervisor Held as Part of the European Joint Conferences on Theory and Practice of Software, Fundamental Approaches to Software Engineering -19th International Conference, FASE 2016 Proceedings. 2016, pp.214-230978, 2016.

A. Blanchard, A Case Study on Formal Verification of the Anaxagoros Hypervisor Paging System with Frama-C, FMICS 2015, pp.15-30978, 2015.
DOI : 10.1007/978-3-319-19458-5_2

D. Brumley, BAP: A Binary Analysis Platform, Proceedings of the 23rd International Conference on Computer Aided Verification. CAV'11, pp.463-469, 2011.
DOI : 10.1007/978-3-642-14295-6_27

D. Chisnall, The Definitive Guide to the Xen Hypervisor. First. Upper Saddle River, 2007.

E. Cohen, VCC: A Practical System for Verifying Concurrent C, Theorem Proving in Higher Order Logics, 22nd International Conference, pp.23-42, 2009.
DOI : 10.1007/978-3-540-74591-4_15
URL : http://research.microsoft.com/~moskal/pdf/tphol2009.pdf

[. Dam, Formal verification of information flow security for a simple arm-based separation kernel, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pp.223-234, 2013.
DOI : 10.1145/2508859.2516702

[. Daum, N. Billing, and G. Klein, Concerned with the unprivileged: user programs in kernel refinement In: Formal Aspects of Computing 26, pp.1205-1229, 2014.

[. Daum, N. Billing, and G. Klein, Concerned with the unprivileged: user programs in kernel refinement, Formal Aspects of Computing, vol.34, issue.1, pp.1205-1229, 2014.
DOI : 10.1007/978-3-642-35308-6_13

[. Dam, R. Guanciale, and H. Nemati, Machine code verification of a tiny ARM hypervisor, Proceedings of the 3rd international workshop on Trustworthy embedded devices, TrustED '13, pp.3-12, 2013.
DOI : 10.1145/2517300.2517302

[. Dall and J. Nieh, KVM/ARM, Proceedings of the 19th international conference on Architectural support for programming languages and operating systems, ASPLOS '14, pp.45-56, 2010.
DOI : 10.1145/2541940.2541946

]. Do1, . Software, . In, . Systems, . Equip-ment et al., URL: http : / / sesam . smart -lab . se / IG _ Prgsak

B. Dutertre, Yices??2.2, Computer-Aided Verification, pp.737-744, 2014.
DOI : 10.1007/978-3-319-08867-9_49

V. Esxi, URL: https://www.vmware.com/fr/products/ esxi-and-esx/overview, 2016.

J. Richard, P. G. Feiertag, and . Neumann, The foundations of a provably secure operating system (PSOS), In: IN PROCEEDINGS OF THE NA- TIONAL COMPUTER CONFERENCE, pp.329-334, 1979.

H. [. Hohmuth and . Tews, The VFiasco approach for a verified operating system, Proceedings of the 2nd ECOOP Workshop on Programming Languages and Operating Systems, 2005.

S. Jacklin, Certification of Safety-Critical Software Under DO-178C and DO-278A URL: https : / / ti . arc . nasa . gov / publications, 2012.
DOI : 10.2514/6.2012-2473

G. Klein, seL4, Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, SOSP '09, pp.207-220, 2009.
DOI : 10.1145/1629575.1629596

G. Klein, Operating system verification???An overview, S¯ adhan¯ a 34, pp.27-69, 2009.
DOI : 10.3233/JCS-2005-13105
URL : http://www.ertos.nicta.com.au/publications/papers/Klein_08.pdf

M. Kovalev, TLB virtualization in the context of hypervisor verification " . eng, 2013.

[. Khakpour, O. Schwarz, and M. Dam, Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties, Certified Programs and Proofs: Third International Conference, CPP 2013 Proceedings, pp.276-291, 2013.
DOI : 10.1007/978-3-319-03545-1_18
URL : http://kth.diva-portal.org/smash/get/diva2:675843/FULLTEXT01

]. K. Lei10, M. Rustan, and . Leino, Dafny: An Automatic Program Verifier for Functional Correctness, Proceedings of the 16th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning. LPAR'10, pp.348-370, 2010.

X. Leroy, A Formally Verified Compiler Back-end, Journal of Automated Reasoning, vol.27, issue.1, pp.363-446, 2009.
DOI : 10.1007/978-3-642-59495-3
URL : https://hal.archives-ouvertes.fr/inria-00360768

S. Lescuyer, ProvenCore: Towards a Verified Isolation Micro-Kernel " . In: International Workshop on MILS: Architecture and Assurance for Secure Systems, 2015.

D. Leinenbach and T. Santen, Verifying the Microsoft Hyper-V Hypervisor with VCC The Netherlands, FM 2009: Formal Methods: Second World Congress Proceedings, pp.806-809, 2009.
DOI : 10.1007/978-3-642-05089-3_51

F. [. Lynch and . Vaandrager, Forward and Backward Simulations DOI: h ttp, Information and Computation 121, pp.214-233, 1995.
DOI : 10.1006/inco.1996.0060
URL : https://doi.org/10.1006/inco.1996.0060

R. Mijat and A. Nightingale, Virtualization is Coming to a Platform Near You URL: https : / / www . arm . com / files, 2011.

M. Moskal, A Practical Verification Methodology for Concurrent Programs URL: https://www.microsoft.com/en-us/res earch/publication/a-practical-verification-methodology- for-concurrent-programs, 2009.

T. C. Murray, Noninterference for Operating System Kernels, Certified Programs and Proofs -Second International Conference, pp.126-142978, 2012.
DOI : 10.1007/978-3-642-35308-6_12
URL : http://ertos.nicta.com.au/publications/papers/Murray_MBGK_12.pdf

T. C. Murray, seL4: From General Purpose to a Proof of Information Flow Enforcement, 2013 IEEE Symposium on Security and Privacy, pp.415-429, 2013.
DOI : 10.1109/SP.2013.35

[. Nemati, Trustworthy Memory Isolation of Linux on Embedded Devices, Trust and Trustworthy Computing -8th International Conference, pp.125-142978, 2015.
DOI : 10.1007/978-3-319-22846-4_8

R. [. Neumann and . Feiertag, PSOS revisited, 19th Annual Computer Security Applications Conference, 2003. Proceedings., pp.208-216, 2003.
DOI : 10.1109/CSAC.2003.1254326

[. Nemati, R. Guanciale, and M. Dam, Trustworthy Virtualization of the ARMv7 Memory Subsystem, SOFSEM 2015: Theory and Practice of Computer Science -41st International Conference on Current Trends in Theory and Practice of Computer Science, pp.578-589978, 2015.
DOI : 10.1007/978-3-662-46078-8_48

J. C. Nordholz, XNPro, Proceedings of the 5th International Workshop on Trustworthy Embedded Devices, TrustED '15, pp.55-64, 2015.
DOI : 10.1109/SP.2010.30

J. Gerald, R. P. Popek, and . Goldberg, Formal Requirements for Virtualizable Third Generation Architectures, Commun. ACM, vol.177, pp.412-421, 1974.

J. Gerald and . Popek, UCLA Secure UNIX In: Managing Requirements Knowledge, 1979.

R. J. Richards, Modeling and Security Analysis of a Commercial Real-Time Operating System Kernel Design and Verification of Microprocessor Systems for High-Assurance Applications, pp.301-322978, 2010.

J. Rushby and . Noninterference, Transitivity, and Channel-Control Security Policies

T. Sewell, Berg en Dal, The Netherlands, Interactive Theorem Proving -Second International Conference, pp.325-340978, 2011.

A. Silberschatz, P. Baer-galvin, and G. Gagne, Operating System Concepts. 9th, 2012.

J. S. Shapiro and N. Hardy, EROS: a principle-driven operating system from the ground up, IEEE Software, vol.19, issue.1, pp.26-33, 2002.
DOI : 10.1109/52.976938
URL : http://www.eros-os.org/papers/IEEE-Software-Jan-2002.pdf

A. Vasudevan, Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework, 2013 IEEE Symposium on Security and Privacy, pp.430-444, 2013.
DOI : 10.1109/SP.2013.36
URL : http://ieeexplore.ieee.org:80/stamp/stamp.jsp?tp=&arnumber=6547125

J. Vetter, Uncloaking Rootkits on Mobile Devices with a Hypervisor-Based Detector, In: Information Security and Cryptology -ICISC 2015 -18th International Conference, pp.262-277, 2015.
DOI : 10.1007/978-3-319-30840-1_17

B. J. Walker, R. A. Kemmerer, and G. J. Popek, Specification and verification of the UCLA Unix security kernel, Communications of the ACM, vol.23, issue.2, pp.118-131, 1980.
DOI : 10.1145/358818.358825

[. Zhao, Reasoning About Information Flow Security of Separation Kernels with Channel-Based Communication Tools and Algorithms for the Construction and Analysis of Systems Held as Part of the European Joint Conferences on Theory and Practice of Software The Netherlands, 22nd International Conference , TACAS 2016 Proceedings. Ed. by Marsha Chechik and Jean-François Raskin, pp.791-810978, 2016.