124,519 research outputs found
An abstract interpretation-based approach to mobile code safety
Recent approaches to mobile code safety, like proof- arrying code, involve associating safety information to programs. The code supplier provides a program and also includes with it a certifĂcate (or proof) whose validity entails compliance with a predefined safety policy. The intended benefit is that the program consumer can locally validate the certifĂcate w.r.t. the "untrusted" program by means of a certifĂcate checker—a process which should be much simpler, eflicient, and automatic than generating the original proof. We herein introduce a novel approach to mobile code safety which follows a similar scheme, but which is based throughout on the use of abstract interpretation techniques. In our framework the safety policy is specified by using an expressive assertion language defined over abstract domains. We identify a particular slice of the abstract interpretation-based static
analysis results which is especially useful as a certifĂcate. We propose an algorithm for checking the validity of the certifĂcate on the consumer side which is itself in fact a very simplified and eflicient specialized abstract-interpreter. Our ideas are illustrated through an example implemented in the CiaoPP system. Though further experimentation is still required, we believe the proposed approach is of interest for bringing the automation and expressiveness which is inherent in the abstract interpretation techniques to the área of mobile code safety
Abstract interpretation-based code certification for pervasive systems: Preliminary experiments
Proof carrying code is a general methodology for certifying
that the execution of an untrusted mobile code is safe, according to a predefined safety policy. The basic idea is
that the code supplier attaches a certifĂcate (or proof) to
the mobile code which, then, the consumer checks in order
to ensure that the code is indeed safe. The potential benefit is that the consumer's task is reduced from the level of proving to the level of checking, a much simpler task. Recently, the abstract interpretation techniques developed in logic programming have been proposed as a basis for proof carrying code [1]. To this end, the certifĂcate is generated from an abstract interpretation-based proof of safety. Intuitively, the verification condition is extracted from a set of assertions guaranteeing safety and the answer table generated during the analysis. Given this information, it is relatively simple and fast to verify that the code does meet this proof and so its execution is safe. This extended abstract reports on experiments which illustrate several issues involved in abstract interpretation-based code certification. First, we describe the implementation of our system in the context of CiaoPP: the preprocessor of the Ciao multi-paradigm (constraint) logic programming system. Then, by means of some experiments, we show how code certification is aided in the implementation of the framework. Finally, we discuss the application of our method within the área of pervasive systems which may lack the necessary computing resources to verify safety on their own. We herein illustrate the relevance of the information inferred by existing cost analysis to control resource usage in this context. Moreover, since the (rather complex) analysis phase is replaced by a simpler, efficient checking process at the code consumer side, we believe that our abstract interpretation-based approach to proof-carrying code becomes practically applicable to this kind of systems
Experiments in abstract interpretation-based code certification for pervasive systems
Proof carrying code (PCC) is a general is originally a roof in ñrst-order logic of certain vermethodology for certifying that the execution of an un- ification onditions and the checking process involves trusted mobile code is safe. The baste idea is that the ensuring that the certifĂcate is indeed a valid ñrst-order code supplier attaches a certifĂcate to the mobile code proof. which the consumer checks in order to ensure that the The main practical difñculty of PCC techniques is in code is indeed safe. The potential benefit is that the generating safety certiñeates which at the same time: i) consumer's task is reduced from the level of proving to allow expressing interesting safety properties, ii) can be the level of checking. Recently, the abstract interpre- generated automatically and, iii) are easy and efficient tation techniques developed, in logic programming have to check. In [1], the abstract interpretation techniques been proposed as a basis for PCC. This extended ab- [5] developed in logic programming1 are proposed as stract reports on experiments which illustrate several is- a basis for PCC. They offer a number of advantages sues involved in abstract interpretation-based certifica- for dealing with the aforementioned issues. In particution. First, we describe the implementation of our sys- lar, the xpressiveness of existing abstract domains will tem in the context of CiaoPP: the preprocessor of the be implicitly available in abstract interpretation-based Ciao multi-paradigm programming system. Then, by code certification to deñne a wide range of safety propermeans of some experiments, we show how code certifi- ties. Furthermore, the approach inherits the automation catiĂłn is aided in the implementation of the framework. and inference power of the abstract interpretation en- Finally, we discuss the application of our method within gines used in (Constraint) Logic Programming, (C)LP. the área, of pervasive system
Abstract Interpretation-based verification/certification in the ciaoPP system
CiaoPP is the abstract interpretation-based preprocessor of
the Ciao multi-paradigm (Constraint) Logic Programming system. It uses modular, incremental abstract interpretation as a fundamental tool to obtain information about programs. In CiaoPP, the semantic approximations thus produced have been applied to perform high- and low-level optimizations during program compilation, including transformations such as mĂşltiple abstract specialization, parallelization, partial evaluation, resource usage control, and program verification. More recently, novel and promising applications of such semantic approximations are
being applied in the more general context of program development such as program verification. In this work, we describe our extensiĂłn of the system to incorpĂłrate Abstraction-Carrying Code (ACC), a novel approach to mobile code safety. ACC follows the standard strategy of associating safety certificates to programs, originally proposed in Proof Carrying- Code. A distinguishing feature of ACC is that we use an abstraction (or abstract model) of the program computed by standard static analyzers as a certifĂcate. The validity of the abstraction on the consumer side is checked in a single-pass by a very efficient and specialized abstractinterpreter. We have implemented and benchmarked ACC within CiaoPP. The experimental results show that the checking phase is indeed faster than the proof generation phase, and that the sizes of certificates are reasonable. Moreover, the preprocessor is based on compile-time (and run-time) tools for the certification of CLP programs with resource consumption assurances
Abstraction carrying code and resource-awareness
Proof-Carrying Code (PCC) is a general approach to mobile
code safety in which the code supplier augments the program with a certifĂcate (or proof). The intended benefit is that the program consumer can locally validate the certifĂcate w.r.t. the "untrusted" program by means of a certifĂcate checker—a process which should be much simpler, eĂñcient, and automatic than generating the original proof. Abstraction Carrying Code (ACC) is an enabling technology
for PCC in which an abstract model of the program plays the role of certifĂcate. The generation of the certifĂcate, Le., the abstraction, is automatically carried out by an
abstract interpretation-based analysis engine, which is parametric w.r.t. different abstract domains. While the analyzer on the producer side typically has to compute a semantic fixpoint in a complex, iterative process, on the receiver it is only necessary to check that the certifĂcate is indeed a fixpoint of the abstract semantics equations representing the program. This is done in a single pass in a much more efficient process. ACC addresses the fundamental issues in PCC and opens the door to the applicability of the large body of frameworks and domains based on abstract interpretation as enabling technology for PCC. We present an overview of ACC and we describe in a tutorial fashion an application to the problem of resource-aware security in mobile code. Essentially the information computed by a cost analyzer is used to genĂ©rate cost certificates which attest a safe and efficient use of a mobile code. A receiving side can then reject code which brings cost certificates (which it cannot validate or) which have too large cost requirements in terms of computing resources (in time and/or space) and accept mobile code which meets the established requirements
Poster Presentation: Abstract Interpretation-based Mobile Code Certification
Current approaches to mobile code safety-inspired by the technique of Proof-Carrying Code (PCC) [4]-associate safety information (in the form of a certifĂcate) to programs. The certifĂcate (or proof) is created by the code supplier at compile time, and packaged along with the untrusted code. The consumer who receives the code+certiñcate package can then run a checker which, by a straightforward inspection of the code and the certifĂcate, is able to verify the validity of the certifĂcate and thus compliance with the safety policy. The main practical difficulty of PCC techniques is in generating safety certiñcates which at the same time: i) allow expressing interesting safety properties, ii) can be generated automatically and, iii) are easy and efficient to check. We propose an automatic approach to PCC which makes use of abstract interpretation [2] techniques for dealing with the above issues. While our approach is general, we develop it for concreteness in the context of (Constraint) Logic Programming, (C)LP, because this paradigm offers a good number of advantages, especially the maturity and sophistication of the analysis tools available. Assertions are used to define the safety policy. Such assertions are syntactic objects which allow expressing "abstract"-i.e. symbolic-properties over different abstract domains. The ñrst step in our method then involves automatically inferring a set of safety assertions (corresponding to the analysis results), using abstract interpretation, and taking as a starting input the program, the predeñned assertions available for library predicates, and any (optional) assertions provided by the user for user-deñned predicates. The safety policy consists in guaranteeing that the safety assertions hold for the given program in the context of the desired abstract domain. This is automatically provided by the inference process and its correctness ensured by the proved correctness of the process. The certification process-i.e., the generation of a safety certifĂcate by the code supplier which is as small as possible-is in turn based on the idea that only a particular subset of the analysis results computed by abstract interpretationbased ñxpoint algorithms needs to be used to play the role of certifĂcate fo
Certificate size reduction in abstraction-carrying code
Abstraction-Carrying Code (ACC) has recently been proposed as a framework for mobile code safety in which the code supplier provides a program together with an abstraction (or abstract model of the program) whose validity entails compliance with a predefined safety policy. The abstraction plays thus the role of safety certificate and its generation
is carried out automatically by a fixpoint analyzer. The advantage of providing a (fixpoint) abstraction to the code consumer is that its validity is checked in a single pass
(i.e., one iteration) of an abstract interpretation-based checker. A main challenge to make ACC useful in practice is to reduce the size of certificates as much as possible while at the same time not increasing checking time. The intuitive idea is to only include in the certificate information that the checker is unable to reproduce without iterating. We introduce the notion of reduced certificate which characterizes the subset of the abstraction which a checker needs in order to validate (and re-construct) the fall certificate in a single pass. Based on this notion, we instrument a generic analysis algorithm with the necessary
extensions in order to identify the information relevant to the checker. Interestingly, the fact that the reduced certificate omits (parts of) the abstraction has implications in the design of the checker. We provide the sufficient conditions which allow us to ensure that 1) if the checker succeeds in validating the certificate, then the certificate is valid for the program (correctness) and 2) the checker will succeed for any reduced certificate which is valid (completeness). Our approach has been implemented and benchmarked within the CiaoPP system. The experimental results show t h a t our proposal is able to greatly reduce the size of certificates in practice. To appear in Theory and Practice of Logic Programming (TPLP)
Towards Declarative Safety Rules for Perception Specification Architectures
Agriculture has a high number of fatalities compared to other blue collar
fields, additionally population decreasing in rural areas is resulting in
decreased work force. These issues have resulted in increased focus on
improving efficiency of and introducing autonomy in agriculture. Field robots
are an increasingly promising branch of robotics targeted at full automation in
agriculture. The safety aspect however is rely addressed in connection with
safety standards, which limits the real-world applicability. In this paper we
present an analysis of a vision pipeline in connection with functional-safety
standards, in order to propose solutions for how to ascertain that the system
operates as required. Based on the analysis we demonstrate a simple mechanism
for verifying that a vision pipeline is functioning correctly, thus improving
the safety in the overall system.Comment: Presented at DSLRob 2015 (arXiv:1601.00877
Static Safety for an Actor Dedicated Process Calculus by Abstract Interpretation
The actor model eases the definition of concurrent programs with non uniform
behaviors. Static analysis of such a model was previously done in a data-flow
oriented way, with type systems. This approach was based on constraint set
resolution and was not able to deal with precise properties for communications
of behaviors. We present here a new approach, control-flow oriented, based on
the abstract interpretation framework, able to deal with communication of
behaviors. Within our new analyses, we are able to verify most of the previous
properties we observed as well as new ones, principally based on occurrence
counting
- …