Correctness of Source-Level Safety Policies
نویسندگان
چکیده
Program certification techniques formally show that programs satisfy certain safety policies. They rely on the correctness of the safety policy which has to be established externally. In this paper we investigate an approach to show the correctness of safety policies which are formulated as a set of Hoare-style inference rules on the source code level. We develop a framework which is generic with respect to safety policies and which allows us to establish that proving the safety of a program statically guarantees dynamic safety, i.e., that the program never violates the safety property during its execution. We demonstrate our framework by proving safety policies for memory access safety and memory read/write limitations to be sound and complete. Finally, we formulate a set of generic safety inference rules which serve as the blueprint for the implementation of a verification condition generator which can be parameterized with different safety policies and identify conditions on appropriate safety policies.
منابع مشابه
Developing Certified Program Verifiers with a Proof Assistant
I describe ongoing work on a new approach to foundational proof-carrying code. The key new idea is to use certified program verifiers to embody customized program verification strategies, specialized to particular safety policies, enforcement mechanisms, and source-level compilers. A certified verifier is an executable program that has a full correctness proof. The particular strategy that I’ve...
متن کاملA Certificate Infrastructure for Machine-Checked Proofs of Conditional Information Flow
In previous work, we have proposed a compositional framework for stating and automatically verifying complex conditional information flow policies using a relational Hoare logic. The framework allows developers and verifiers to work directly with the source code using source-level code contracts. In this work, we extend that approach so that the algorithm for verifying code compliance to an inf...
متن کاملA Formalization of the Proof-Carrying Code Architecture in a Linear Logical Framework
One of the major challenges in the design of modular and extensible operating systems is to guarantee safety in the presence of untrusted code. A similar problem arises in the domain of mobile code. One solution, adopted, for example, in the Java Virtual Machine [LY97], is to perform extensive safety checks at run time. In the alternative paradigm of proof-carrying code (PCC) proposed by Necula...
متن کاملPréservation Des Preuves Et Transformation De Programmes Préservation Des Preuves Et Transformation De Programmes Certificate Translation alongside Program Transformations
Software applications have gained a notable role in our everyday activities, mobile code applications being a significant portion of these software agents. The mobile code paradigm entails the distribution of applications from the code producer to heterogeneous client environments in which they are executed. An extended practice of this paradigm consists in the development of third party compon...
متن کاملSpecification and verification of security policies for smart cards
Security systems that use smart cards are nowadays an important part of our daily life, which becomes increasingly dependent on the reliability of such systems, for example cash cards, electronic health cards or identification documents. Since a security policy states both the main security objectives and the security functions of a certain security system, it is the basis for the reliable syst...
متن کامل