@inproceedings{Boyton_09,
    address          = {Aachen, Germany},
    author           = {Boyton, Andrew},
    booktitle        = {Systems Software Verification},
    keywords         = {shared capabilities, interactive theorem proving},
    month            = oct,
    pages            = {25--44},
    paperurl         = {https://trustworthy.systems/publications/nicta_full_text/1810.pdf},
    title            = {A Verified Shared Capability Model},
    year             = {2009}
  }