Proof-Carrying Code with Untrusted Proof Rules
نویسندگان
چکیده
Proof-carrying code (PCC) allows a code producer to associate to a program a machine-checkable proof of its safety. In traditional implementations of PCC the producer negotiates beforehand, and in an unspecified way, with the consumer the permission to prove safety in whatever high-level way it chooses. In practice this has meant that highlevel rules for type safety have been hard-wired into the system as part of the trusted code base. This limits the security and flexibility of the PCC system. In this paper, we exhibit an approach to removing the safety proof rules from the trusted base, with a technique by which the producer can convince the consumer that a given set of high-level safety rules enforce a strong global invariant that entails the trusted low-level memory safety policy.
منابع مشابه
Proof Carrying Code
Proof-Carrying Code (PCC) is a technique that can be used for safe execution of untrusted code. In a typical instance of PCC, a code receiver establishes a set of safety rules that guarantee safe behavior of programs, and the code producer creates a formal safety proof that proves, for the untrusted code, adherence to the safety rules. Then, the receiver is able to use a simple and fast proof v...
متن کاملProofs of Safety for Untrusted Code
Proof-carrying code is a technique that can be used to execute untrusted code safely. A code consumer speci es requirements and safety rules which de ne the safe behavior of a system, and a code producer packages each program with a formal proof that the program satis es the requirements. The consumer uses a fast proof validator to check that the proof is correct, and hence the program is safe....
متن کاملPaderborn Proof - Carrying Code
Proof Carrying Code is a general principle that supports to transfer code from an untrusted producer over an untrusted channel to a code consumer. The producer generates a safety proof that ensures certain properties of the program and transmits this proof together with the program to the consumer side. The consumer checks that the proof guarantees the required security properties before he exe...
متن کاملProof-Carrying Code for x86 Architectures
This paper presents an extension of Necula and Lee’s Proof-Carrying Code (PCC) system to support the x86 architecture. PCC is a security scheme which allows the safe execution of untrusted code. Untrusted code to be executed is required to be coupled with a proof that the code satisfies certain safety properties. This code-proof pair is statically checked by the client system prior to execution...
متن کاملResearch on Proof-Carrying Code for Untrusted-Code Security
A powerful method of interaction between two software systems is through mobile code. By allowing code to be installed dynamically and then executed, a host system can provide a flexible means of access to its internal resources and services. There are many problems to be solved before such uses of untrusted code can become practical. For this position paper, we will focus on the problem of how...
متن کامل