Encoding the Program Correctness Proofs as Programs in PCC Technology.

We propose a generic extended PCC framework (EPCC) in which, instead of the proof, a proof generator for the program in question is transmitted. ... One of the key issues with the practical applicability of Proof-Carrying Code (PCC) and its related methods is the difficulty in communicating and storing the proofs which are inherently large. ... We present an extended framework that allows the PCC proofs to be represented as programs. ...

doi:10.1109/pst.2008.20 dblp:conf/pst/PirzadehD08 fatcat:xayrp64h7fedxkfsy7q2jvhuv4

Each PCC binary contains, in addition to the native code, a formal proof that the code obeys the safety policy. ... If the validation succeeds, the code is guaranteed to respect the safety policy without relying on run-time checks. The main practical di culty of PCC is in generating the safety proofs. ... Finally, w e thank the anonymous reviewers for their many suggestions for improving this paper. In particular we thank our shepherd, Jay Lepreau, who also suggested the PCC name. ...

doi:10.1145/238721.238781 dblp:conf/osdi/NeculaL96 fatcat:njd4s2j5o5bdlleh4yun5kulru

Each PCC binary contains, in addition to the native code, a formal proof that the code obeys the safety policy. ... If the validation succeeds, the code is guaranteed to respect the safety policy without relying on run-time checks. The main practical di culty of PCC is in generating the safety proofs. ... Finally, w e thank the anonymous reviewers for their many suggestions for improving this paper. In particular we thank our shepherd, Jay Lepreau, who also suggested the PCC name. ...

doi:10.1145/248155.238781 fatcat:ogmghaqaijbe5cj22hpfh3ovbu

Proof-Carrying Code Proof-carrying code (PCC) [NL97,Nec97,Nec98] is a method of ensuring the safety of untrusted machine code. ... This combination extends proof-carrying code to provide a context for model checking, but uses standard model checking technology. ... The main advantage of PCC is that the hard work-compiling the code and producing the proof-is in the hands of the code producer, while only the easy work, checking the proof and running the program, is ...

doi:10.1007/978-3-540-45234-8_104 fatcat:3khaogfgynazhpngwdzuxwjcqm

In this approach, security information is derived from a program written in a high-level language during the compilation process and is included in the compiled object. ... I will give a n o verview of some recent w ork in this area, including a particular e ort in which w e are trying to make the production of certi cates and the veri cation as e cient and invisible as possible ... In the PCC implementation 22], the veri cation condition and its proof are encoded using the Edinburgh Logical Framework (LF) 8]. ...

doi:10.1007/3-540-48340-3_26 fatcat:ojfjbkbn4rhlhbgyn56iebqz2m

This makes BML particularly suited as property specication language in a proof-carrying code framework. ... from JML to BML specications; BML2BPL, a translator from BML to BoogiePL, so that the BoogiePL verication condition generator can be used; and CCT, a tool to store proofs in class les. ... To use BML specications in a PCC context, this generic certicate scheme is instantiated to certicates that encode Coq proofs of the properties expressed in BML. ...

doi:10.1007/978-3-642-04167-9_14 fatcat:vvblskm62jdwjcvic5ueluyi6a

Validity of the evidence is established via a small trusted type checker, either directly on the binary or indirectly on proof representations in a logical framework. ... Concrete realizations of this framework are proof-carrying code, where the evidence for safety is a formal proof generated by a certifying compiler, and typed assembly language, where the evidence for ... The key technology underlying our approaches to safety is type theory as used in modern programming language design and implementation. ...

doi:10.1016/s0304-3975(01)00201-8 fatcat:gs6i47buajc6jgmwy6b24qa6da

Szczepanski

Since code certification uses the same underlying technology as program verification, it requires detailed annotations (e.g., loop invariants) to make the proofs possible. ... Based on built-in domain knowledge, proof annotations are added and used to generate proof obligations that are discharged by the automated theorem prover E-SETHEO. ... Whalen was supported by the RIACS SSRP program. ...

doi:10.1007/3-540-45614-7_25 fatcat:bykrsf4hxjbxnkvg3jpyoa5z6y

In the same framework, the runtime library and operating systems components such as memory management can be certified safe at the level of assembly code. ... To enable this development, I develop a new alternative for producing foundational proof-carrying code (FPCC), utilizing a syntactic encoding of the high-level type system along with syntactic soundness ... The basic idea of PCC, as the name implies, is that a piece of executable code comes packaged with a proof of its safety. A diagram of a PCC system is given in Figure 1.1. ...

doi:10.1023/b:jars.0000021012.97318.e9 fatcat:j4hktdoafbb6njacssl3atbtq4

In particular, we describe how a variableinitialization-before-use safety policy can be encoded and certified. ... ; (2) program safety is defined as adherence to an explicitly formulated safety policy; (3) the safety policy is formalized by a collection of logical program properties; (4) Hoare-style program verification ... Code certification is based on the same technology as Hoare-style program verification; in particular, it also uses code annota-Proceedings of the 36th Hawaii International Conference on System Sciences ...

doi:10.1109/hicss.2003.1174914 dblp:conf/hicss/SchumannFWW03 fatcat:gwqzqv2njbbahbcm5fohqdceoe

All components, including the verification condition generator and the compiler are implemented and integrated in the Java Applet Correctness Kit (JACK). ... Our compiler can be used in combination with most Java compilers to produce extended class files from JML-annotated Java source programs. ... The equivalence between source and bytecode proof obligations can be applied to PCC scenarios, as discussed in Section 1 in cases where the client policy is complex and a complete automatic certification ...

doi:10.1145/1141277.1141708 dblp:conf/sac/BurdyP06 fatcat:3it4kc2fcngsfawkcck466nfmq

In particular, our approach reduces the complexity of the required proofs, resulting in fewer proof obligations that need to be discharged at the target machine. ... Existing virtual machines, such as the Java VM, have several drawbacks. First, the effort required for safety verification is considerable. ... An important practical aspect of PCC is the size of proofs and the time spent in proof checking. ...

doi:10.1016/j.scico.2004.09.001 fatcat:5sdci4cl5jfgxg3fqniebkahhi

Szczepanski

In particular, our approach reduces the complexity of the required proofs, resulting in fewer proof obligations that need to be discharged at the target machine. ... Existing virtual machines, such as the Java VM, have several drawbacks. First, the effort required for safety verification is considerable. ... An important practical aspect of PCC is the size of proofs and the time spent in proof checking. ...

doi:10.1145/858570.858573 fatcat:wyfsedjzujhfpd2sogelgf4tai

; and how to apply it for designing secure concurrent and distributed programming languages. ... This paper sketches an idea on how to challenge the three security issues concentrating on code mobility, by the development of a general theory of types of the π-calculus and the higher-order π-calculus ... The same idea of the optimisation was made in the early 1980s by the designers of distributed object-oriented languages, but no proof of the correctness could be given at that time. ...

doi:10.1016/j.entcs.2005.12.115 fatcat:nuyji5iylbgeli36wjrmm6g35a

Open Access

that may have been written in a language with a different type system, or even certified directly in the FPCC logic using a proof assistant. ... that may have been written in a language with a different type system, or even certified directly in the FPCC logic using a proof assistant. ... Acknowledgments We would like to thank the anonymous referees for their comments on an earlier version of this paper. ...

doi:10.1007/978-3-540-30142-4_10 fatcat:ivxp7gh5zbagpdnrukxmucdayu

Encoding the Program Correctness Proofs as Programs in PCC Technology

Preserved Fulltext

Safe kernel extensions without run-time checking

Preserved Fulltext

Safe kernel extensions without run-time checking

Preserved Fulltext

Model Checking Reconfigurable Processor Configurations for Safety Properties [chapter]

Preserved Fulltext

Language-Based Security [chapter]

Preserved Fulltext

BML and Related Tools [chapter]

Preserved Fulltext

Automated techniques for provably safe mobile code

Preserved Fulltext

Synthesizing Certified Code [chapter]

Preserved Fulltext

A Syntactic Approach to Foundational Proof-Carrying Code

Preserved Fulltext

Certification support for automatically generated programs

Preserved Fulltext

Java bytecode specification and verification

Preserved Fulltext

A portable virtual machine target for proof-carrying code

Preserved Fulltext

A portable Virtual Machine target for Proof-Carrying Code

Preserved Fulltext

Type-Based Security for Mobile Computing Integrity, Secrecy and Liveness

Preserved Fulltext

Interfacing Hoare Logic and Type Systems for Foundational Proof-Carrying Code [chapter]

Preserved Fulltext