I am interested in systems software verification as a way to substantially improve their safety and reliability, but to achieve this, the verification effort must be commensurate to the value it provides. I build verified systems, and extend the available tooling to find and fix inefficiencies.

I lead the Principled Systems Group at the Max Planck Institute for Software Systems (MPI-SWS). You can find more information on the group on its website.

I co-started (with Chris Hawblitzel, MSR) and I co-lead the Verus project. Verus is a tool to rapidly verify the correctness of systems code written in Rust. The Verus project involves members from VMware Research, Microsoft Research, Carnegie Mellon University, ETH Zurich, University of Washington, University of Michigan, University of Wisconsin-Madison, and others.

We are writing and verifying complex, concurrent systems programs in Verus. Researchers at the University of Utah are using Verus to write and verify a full-featured microkernel, and Microsoft is writing and verifying durable logs on persistent memory with Verus.

I am starting to explore the relationship between Rust's Ownership Logic, leveraged by Verus, and separation logic, in particular in the context of the Iris Concurrent Separation Logic Framework: I am interested in exploring ways to bring SMT-style automation to Iris-style proofs, and to bring advanced CSL-based reasoning to SMT-based tools like Verus.

I have worked on techniques for efficient re-scaling and fault-tolerance for streaming data processing systems, and I am working on a new dataflow-inspired programming model for Serverless platforms as part of a collaboration with ETH Zurich.

With colleagues at VMware Research and ETH Zurich I am exploring how to specify and verify an Operating System with the goal of providing a useful, verified interface to the client applications rather than just focusing on isolation and security properties.

🏆 Awards

• PLDI Distinguished Paper Award at PLDI '25 for "Destabilizing Iris"
• Distinguished Artifact Award at SOSP '24 for "Verus: A Practical Foundation for Systems Verification"
• Jay Lepreau Best Paper Award at OSDI '24 for "Anvil: Verifying Liveness of Cluster Management Controllers"
• Recognized as Distinguished Reviewer for ASPLOS '24
• Distinguished Paper Award at OOPSLA '22 for Linear Dafny ("Linear Types for Large-Scale Systems Verification")
• Recipient of the 2018 Google PhD Fellowship for Systems and Networking (2018-2022)

Lectures offered at Saarland University

• Winter Semester 2024/2025 - Formal Verification of Systems Software: The course teaches how to formally verify systems software that underpins computing infrastructure using Rust and the Verus verification framework to ensure implementations match their abstract models and remain bug-free. By learning to model system behavior and write proofs with the help of SMT solvers, students gain the skills to design, implement, and verify distributed systems, which can prevent costly failures like data loss and service outages.

Peer-reviewed Publications

• PLDI 2025 ⸺ Distinguished Paper Award
  Destabilizing Iris, Simon Spies, Niklas Mück, Haoyi Zeng, Michael Sammler, Andrea Lattuada, Peter Müller, Derek Dreyer
  46th ACM SIGPLAN Conference on Programming Language Design and Implementation
• SOSP 2024 ⸺ Distinguished Artifact Award
  Verus: A Practical Foundation for Systems Verification, Andrea Lattuada, Travis Hance, Jay Bosamiya, Matthias Brun, Chanhee Cho, Hayley LeBlanc, Pranav Srinivasan, Reto Achermann, Tej Chajed, Chris Hawblitzel, Jon Howell, Jacob R. Lorch, Oded Padon, Bryan Parno
  The 30th Symposium on Operating Systems Principles
• OSDI 2024 ⸺ Jay Lepreau Best Paper Award
  Anvil: Verifying Liveness of Cluster Management Controllers, Xudong Sun, Wenjie Ma, Jiawei Tyler Gu, Zicheng Ma, Tej Chajed, Jon Howell, Andrea Lattuada, Oded Padon, Lalith Suresh, Adriana Szekeres, Tianyin Xu
  18th USENIX Symposium on Operating Systems Design and Implementation
• OOPSLA 2023
  Verus: Verifying Rust Programs using Linear Ghost Types, Andrea Lattuada, Travis Hance, Chanhee Cho, Matthias Brun, Isitha Subasinghe, Yi Zhou, Jon Howell, Bryan Parno, Chris Hawblitzel
  Proceedings of the ACM on Programming Languages
• HotOS 2023
  Beyond isolation: OS verification as a foundation for correct applications, Matthias Brun, Reto Achermann, Tej Chajed, Jon Howell, Gerd Zellweger, Andrea Lattuada
  The 19th Workshop on Hot Topics in Operating Systems
• OSDI 2023
  Sharding the State Machine: Automated Modular Reasoning for Complex Concurrent Systems, Travis Hance, Yi Zhou, Andrea Lattuada, Reto Achermann, Alex Conway, Ryan Stutsman, Gerd Zellweger, Chris Hawblitzel, Jon Howell, Bryan Parno
  17th USENIX Symposium on Operating Systems Design and Implementation
• OOPSLA 2022 ⸺ Distinguished Paper Award
  Linear Types for Large-Scale Systems Verification, Jialin Li, Andrea Lattuada, Yi Zhou, Jonathan Cameron, Jon Howell, Bryan Parno, Chris Hawblitzel
  Proceedings of the ACM on Programming Languages
• ITP 2021
  Verified Progress Tracking for Timely Dataflow [Technical Report], Matthias Brun, Sára Decova, Andrea Lattuada, Dmitriy Traytel
  The International Conference on Interactive Theorem Proving
• OSDI 2020
  Storage Systems are Distributed Systems (So Verify Them That Way!), Travis Hance, Andrea Lattuada, Chris Hawblitzel, Jon Howell, Rob Johnson, Bryan Parno
  14th USENIX Symposium on Operating Systems Design and Implementation
• VLDB 2020
  Shared Arrangements: practical inter-query sharing for streaming dataflows [Technical report] [Talk video], Frank McSherry, Andrea Lattuada, Malte Schwarzkopf, Timothy Roscoe
  Proceedings of the VLDB Endowment, Volume 13, No. 10 (VLDB 2020)
• VLDB 2019
  Megaphone: Latency-conscious state migration for distributed streaming dataflows, Moritz Hoffmann, Andrea Lattuada, Frank McSherry, Vasiliki Kalavri, John Liagouris, Timothy Roscoe
  Proceedings of the VLDB Endowment, Volume 12, 2018-2019
• BeyondMR 2018
  Latency-conscious dataflow reconfiguration, Moritz Hoffmann, Frank McSherry, Andrea Lattuada
  Proceedings of the 5th ACM SIGMOD Workshop on Algorithms and Systems for MapReduce and Beyond
• NSDI 2018
  SnailTrail: Generalizing critical paths for online analysis of distributed dataflows [Technical report], Moritz Hoffmann, Andrea Lattuada, John Liagouris, Vasiliki Kalavri, Desislava Dimitrova, Sebastian Wicki, Zaheer Chothia, Timothy Roscoe
  Proceedings of the 15th USENIX Symposium on Networked Systems Design and Implementation
• BeyondMR 2016
  Faucet: a user-level, modular technique for flow control in dataflow engines, Andrea Lattuada, Frank McSherry, Zaheer Chotia
  Proceedings of the 3rd ACM SIGMOD Workshop on Algorithms and Systems for MapReduce and Beyond

Journal Publications

• Usenix ;login: ⸺ June 2024
  Anvil: Building Kubernetes Controllers That Do Not Break, Xudong Sun, Jiawei Tyler Gu, Cody Rivera, Tej Chajed, Jon Howell, Andrea Lattuada, Oded Padon, Lalith Suresh, Adriana Szekeres, Tianyin Xu

Workshops, Conferences, Peer-review Service

• ASPLOS '26 − External Review Committee
• OOPSLA '26 − Program Committee (accepted invite)
• RW2025 Rust Verification Workshop − Co-chair
• OSDI '25 − Program Committee
• ASPLOS '25 − External Review Committee
• NSDI '25 − Program Committee
• Dafny '24 − Program Committee
• ASPLOS '24 − Program Committee - 🏆 Distinguished Reviewer
• ASPLOS '22 − External Review Committee
• OSDI '21 − Artifact Evaluation Committee
• 2018 - VLDB Journal − Referred reviewer

Advising and Mentoring

Over the last few years I have advised and mentored many brilliant students working with me on a variety of research projects. With the exception of currently ongoing collaborations, students at ETH Zurich were co-supervised by my advisor, Prof. Timothy Roscoe.

• April-October 2024 Johanna Polzin, ETH Zurich, Switzerland Bachelor Thesis
  Co-supervised by Matthias Brun and Prof. David Basin. Johanna is working on modeling a concurrent OS and verifying that it corresponds to a process-centric contract of OS behavior, which can be used as a foundation for verified applications.
• August-November 2024 Pranav Srinivasan, VMware Research, US Research Intern
  Co-supervised by Jon Howell and Oded Padon. Pranav worked on better understanding the verification performance implications of quantifier instantiation across program modules: this work was presented at the Dafny 2024 Workshop as "Domesticating Automation". Pranav also worked on supporting a decidable logic fragment in Verus which enables a complete and fast decision procedure in the solver.
• Since 2023 Matthias Brun, ETH Zurich, Switzerland PhD Student (continued collaboration)
  Co-supervised by Prof. David Basin. Matthias is working on verifying the correctness of an operating system's memory management subsystem (page table) in relation to the memory management hardware (MMU, TLBs), and against a process-centric contract of OS behavior, which can be used as a foundation for verified applications.
• April - October 2022 Matthias Brun, ETH Zurich, Switzerland Master Thesis
  📄 Verified Paging for x86-64 in Rust. Part of this work was published as part of "Beyond isolation: OS verification as a foundation for correct applications" at HotOS 2023. Matthias' contributions to Verus were published as part of "Verus: Verifying Rust Programs using Linear Ghost Types" at OOPSLA 2023.
• Summer 2022 Isitha Subasinghe, ETH Zurich, Switzerland Research Assistant
  Isitha contributed support for reasoning about character strings in Verus. This work was published as part of "Verus: Verifying Rust Programs using Linear Ghost Types" at OOPSLA 2023.
• November 2019 - May 2020 Sára Decova, ETH Zurich, Switzerland Master Thesis
  Co-supervised by Dmitriy Traytel. 📄 Modelling and Verification of the Timely Dataflow Progress Tracking Protocol. This work was published as part of "Verified Progress Tracking for Timely Dataflow" at ITP 2021.
• November 2019 - May 2020 Matthias Brun, ETH Zurich, Switzerland Research Assistant
  Co-supervised by Dmitriy Traytel. Matthias worked on the modeling and verification of the Timely Dataflow's control plane protocol. This work was published as part of "Verified Progress Tracking for Timely Dataflow" at ITP 2021.
• October 2019 - April 2020 Lorenzo Selvatici, ETH Zurich, Switzerland Master Thesis
  📄 A Streaming System with Coordination-Free Fault-Tolerance
• October 2018 - April 2019 Lorenzo Martini, ETH Zurich, Switzerland Master Thesis
  Co-supervised by Frank McSherry. 📄 Performance implications of a Dataflow System’s Communication Plane
• July - Aug. 2018 Nazerke Seidan, Eötvös Lorand University, Hungary ETH Summer Student Research Fellowship
  Co-supervised by Frank McSherry. Visualizing progress tracking, the control plane messages, of Timely Dataflow, a distributed dataflow data-processing engine.

Selected talks

• Invited talk at AWS Identity, Amazon Inc., Remote
  Verus – Efficient Verification of Rust Programs
• New England Verification Workshop 2024, MIT CSAIL, Cambridge, Massachusetts, USA
  Tunable automation for SMT-based verification in Verus
• Dafny 2024 Workshop at POPL 2024, Paris, France
  Co-author of Domesticating Automation

  To be presented by Pranav Srinivasan
• Rust Verification Workshop (RW2023) at ETAPS 2023, Paris, France
  Rust Ghost Code
• Invited talk at the New England Verification Workshop 2022, MIT CSAIL, Cambridge, Massachusetts, USA
  Verus -- SMT-based verification of low-level systems code
• Rust Verification Workshop (RW2022) at ETAPS 2022, Munich / Garching, Germany
  Verus -- SMT-based verification of low-level systems code

Community talks

• June 2023, Zürich Rust Meetup, ETH Zurich, Switzerland
  Verus -- Verified Rust for low-level systems code
• Rust Devroom at FOSDEM 2019, Brussels, Belgium
  Containing the RDMA plasma
• Rustfest 2017, Zürich, Switzerland
  A hammer you can only hold by the handle
• March 2017, Papers we love, Zürich, Switzerland
  Naiad: A timely dataflow system

• SOSP'17 - Poster session
  [Poster] No-sync: coordination-free fault-tolerance in streaming, Andrea Lattuada, Vasiliki Kalavri, Moritz Hoffmann, Frank McSherry
• Eurosys'17 - Poster session
  [Poster] Differential durability: fault-tolerant distributed differential computation, Andrea Lattuada, Vasiliki Kalavri, Moritz Hoffman, Frank McSherry
• Eurosys'17 - Poster session
  [Poster] SnailTrail: Online Bottleneck Detection for your Dataflow, R. Sager, John Liagouris, Desislava Dimitrova, Andrea Lattuada, Vasiliki Kalavri, Zaheer Chothia, Moritz Hoffmann, Timothy Roscoe