ion-Carrying Code Elvira Albert, Germán Puebla, and Manuel Hermenegildo 1 DSIP, Universidad Complutense Madrid 2 Facultad de Informática, Technical University of Madrid 3 Depts. of Comp. Sci. and El. and Comp. Eng., U. of New Mexico Abstract. Proof-Carrying Code (PCC) is a general approach to mobile code safety in which programs are augmented with a certificate (or proof). The practical uptake ...

ion-Carrying Code Elvira Albert, Puri Arenas, and Germán Puebla 1 Complutense University of Madrid, {elvira,puri}@sip.ucm.es 2 Technical University of Madrid, [email protected] Abstract. Abstraction-Carrying Code (ACC) has recently been proposed as a framework for proof-carrying code (PCC) in which the code supplier provides a program together with an abstraction (or abstract model of the progra...

In this paper we present a method for verifying Yhc bytecode, an intermediate form of Haskell suitable for mobile code applications. We examine the issues involved with verifying Yhc bytecode programs, and we present a proof-of-concept bytecode compiler and verifier. Verification is a static analysis which ensures that a bytecode program is type-safe. The ability to check type-safety is importa...

The first and most important step in solving any problem is understanding the problem well enough to create effective solutions. To this end, several software-related spacecraft accidents were studied to determine common systemic factors. Although the details in each accident were different, very similar factors related to flaws in the safety culture, the management and organization, and techni...

Type specialization can serve as a powerful tool in enforcing safety properties on foreign code. Using the specification of a monitoring interpreter, polyvariant type specialization can produce compiled code that is guaranteed to obey a specified safety policy. It propagates a security state at compile-time and generates code for each different security state. The resulting code contains virtua...

There are many source-level analyses or instrumentation tools that enforce various safety properties. In this paper we present an infrastructure that can be used to check independently that the assembly output of such tools has the desired safety properties. By working at assembly level we avoid the complications with unavailability of source code, with source-level parsing, and we certify the ...

The primary goal of exception mechanisms is to help ensure that when an operation fails, code that depends on the operation’s successful completion is not executed (a property we call dependency safety). However, current exception mechanisms make it hard to achieve dependency safety, in particular when objects manipulated inside a try block outlive the try block. To remedy this, we propose a la...

Popular language-based security mechanisms for software systems are based on verifiers that enforce a fixed and trusted type system. We live in a multi-lingual world and no system is written entirely in a single strongly-typed language. Rather than seek the absolute most general type system, we propose a sound framework for customizing the mechanism (e.g., a type system or an explicit safety pr...