We consider safety mechanisms for mobile code, especially Model-Carrying Code (MCC) approach. We find that in many cases the MCC approach is superior over Proof-Carrying Code (PCC), since in many contexts the code safety deals with quantity and other dynamic issues, and proving such properties in general with static PCC is not possible. For example, in mobile phone context, one can prove with P...

Verification of machine-code programs using program logic has focused on functional correctness, and proofs have required manuallyprovided program specifications. Fortunately, the verification of shallow safety properties such as memory and control-flow safety can be easier to automate, but past techniques for automatically verifying machine-code safety have required post-compilation transforma...

Proof-carrying code provides a mechanism for insuring that a host, or code consumer, can safely run code delivered by a code producer. The host specifies a safety policy as a set of axioms and inference rules. In addition to a compiled program, the code producer delivers a formal proof of safety expressed in terms of those rules that can be easily checked. Foundational proof-carrying code (FPCC...

Proof-carrying code provides a mechanism for insuring that a host, or code consumer, can safely run code delivered by a code producer. The host specifies a safety policy as a set of axioms and inference rules. In addition to a compiled program, the code producer delivers a formal proof of safety expressed in terms of those rules that can be easily checked. Foundational proof-carrying code (FPCC...

PRACTICAL LOW-OVERHEAD ENFORCEMENT OF MEMORY SAFETY FOR C PROGRAMS Santosh Ganapati Nagarakatte Milo M. K. Martin The serious bugs and security vulnerabilities that result from C’s lack of bounds checking and unsafe manual memory management are well known, yet C remains in widespread use. Unfortunately, C’s arbitrary pointer arithmetic, conflation of pointers and arrays, and programmer-visible ...

Proof-carrying code approaches aim at the safe execution of untrusted code by having the code producer attach a safety proof to the code which the code consumer only has to validate. Depending on the type of safety property, proofs can however become quite large and their validation though faster than their construction still time consuming. Programs from Proofs is a new concept for the safe ex...

We present an approach to systematically derive safety cases for automatically generated code from information collected during a formal, Hoare-style safety certification of the code. We use a generic safety case that is instantiated with respect to the certified safety property and the program. It is complemented by a static system safety case that argues the safety of the framework itself, in...

We introduce a generic framework for proof carrying code, developed and mechanically verified in Isabelle/HOL. The framework defines and proves sound a verification condition generator with minimal assumptions on the underlying programming language, safety policy, and safety logic. We demonstrate its usability for prototyping proof carrying code systems by instantiating it to a simple assembly ...