Proof-Carrying Code with Correct Compilers

In the late 1990s, proof-carrying code was able to produce machine-checkable safety proofs for machine-language programs even though (1) it was impractical to prove correctness properties of source programs and (2) it was impractical to prove correctness of compilers. But now it is practical to prove some correctness properties of source programs, and it is practical to prove correctness of optimizing compilers. We can produce more expressive proof-carrying code, that can guarantee correctness properties for machine code and not just safety. We will construct program logics for source languages, prove them sound w.r.t. the operational semantics of the input language for a proved-correct compiler, and then use these logics as a basis for proving the soundness of static analyses

Enforcing Security and Safety with Proof-Carrying Code

AbstractIn an environment where more and more code cannot be trusted to behave safety it is becoming necessary to employ mechanisms for detecting and preventing unsafe program behavior. This paper first reviews various such mechanisms and then focuses on static mechanisms with an emphasis on Proof-Carrying Code and its expressiveness.Proof-Carrying Code is a technique that allows a code receiver to verify statically that the code has certain required properties, which are stated in the form of a safety policy. To make this possible the code is accompanied by a representation of an easily checkable formal proof of compliance with the safety policy. This paper discusses first the general properties of the Proof-Carrying Code technique and then explores a particular implementation of the idea using verification condition generators. As a surprising result we prove that by adopting such an implementation choice we limit ourselves to safety properties, which constitute but a subset (albeit a very important one) of all the interesting program properties. We further speculate on what it takes to extend Proof-Carrying Code to handle more that safety properties

Lissom, a source level proof carrying code platform

This paper introduces a proposal for a Proof Carrying Code (PCC) architecture called Lissom. Started as a challenge for final year Computing students, Lissom was thought as a mean to prove to a sceptic community, and in particular to students, that formal verification tools can be put to practice in a realistic environment, and be used to solve complex and concrete problems. The attractiveness of the problems that PCC addresses has already brought students to show interest in this pro ject

Avances en Proof-Carrying Code

Uno de los principales desafíos en el diseño e implementación de sistemas que involucran código móvil es garantizar la seguridad del receptor frente a la ejecución del código foráneo. La técnica de Proof-Carrying Code (PCC) establece una infraestructura que permite garantizar que los programas se ejecutarán de manera segura. En esta alternativa, el productor de código adjunta al código móvil una demostración, mediante la cual el consumidor del código puede verificar su seguridad antes de la ejecución del programa. Esto elimina la necesidad de validaciones en tiempo de ejecución y de identificación del emisor. Los esfuerzos de distintos grupos de investigación han logrado grandes avances en el tema y existen varias líneas de investigación tendientes a desarrollar una infraestructura flexible, escalable y confiable, quedando a´un muchos problemas por resolver. Partiendo del análisis de los resultados obtenidos y de los enfoques actuales se pretende diseñar e implementar una arquitectura PCC que permita su uso en el “mundo real”.Eje: Teoría (TEOR)Red de Universidades con Carreras en Informática (RedUNCI

Dead code elimination based pointer analysis for multithreaded programs

This paper presents a new approach for optimizing multitheaded programs with pointer constructs. The approach has applications in the area of certified code (proof-carrying code) where a justification or a proof for the correctness of each optimization is required. The optimization meant here is that of dead code elimination. Towards optimizing multithreaded programs the paper presents a new operational semantics for parallel constructs like join-fork constructs, parallel loops, and conditionally spawned threads. The paper also presents a novel type system for flow-sensitive pointer analysis of multithreaded programs. This type system is extended to obtain a new type system for live-variables analysis of multithreaded programs. The live-variables type system is extended to build the third novel type system, proposed in this paper, which carries the optimization of dead code elimination. The justification mentioned above takes the form of type derivation in our approach.Comment: 19 page

Avances en Proof-Carrying Code

Uno de los principales desafíos en el diseño e implementación de sistemas que involucran código móvil es garantizar la seguridad del receptor frente a la ejecución del código foráneo. La técnica de Proof-Carrying Code (PCC) establece una infraestructura que permite garantizar que los programas se ejecutarán de manera segura. En esta alternativa, el productor de código adjunta al código móvil una demostración, mediante la cual el consumidor del código puede verificar su seguridad antes de la ejecución del programa. Esto elimina la necesidad de validaciones en tiempo de ejecución y de identificación del emisor. Los esfuerzos de distintos grupos de investigación han logrado grandes avances en el tema y existen varias líneas de investigación tendientes a desarrollar una infraestructura flexible, escalable y confiable, quedando a´un muchos problemas por resolver. Partiendo del análisis de los resultados obtenidos y de los enfoques actuales se pretende diseñar e implementar una arquitectura PCC que permita su uso en el “mundo real”.Eje: Teoría (TEOR)Red de Universidades con Carreras en Informática (RedUNCI

Abstract interpretation-based code certification for pervasive systems: Preliminary experiments

Proof carrying code is a general methodology for certifying that the execution of an untrusted mobile code is safe, according to a predefined safety policy. The basic idea is that the code supplier attaches a certifícate (or proof) to the mobile code which, then, the consumer checks in order to ensure that the code is indeed safe. The potential benefit is that the consumer's task is reduced from the level of proving to the level of checking, a much simpler task. Recently, the abstract interpretation techniques developed in logic programming have been proposed as a basis for proof carrying code [1]. To this end, the certifícate is generated from an abstract interpretation-based proof of safety. Intuitively, the verification condition is extracted from a set of assertions guaranteeing safety and the answer table generated during the analysis. Given this information, it is relatively simple and fast to verify that the code does meet this proof and so its execution is safe. This extended abstract reports on experiments which illustrate several issues involved in abstract interpretation-based code certification. First, we describe the implementation of our system in the context of CiaoPP: the preprocessor of the Ciao multi-paradigm (constraint) logic programming system. Then, by means of some experiments, we show how code certification is aided in the implementation of the framework. Finally, we discuss the application of our method within the área of pervasive systems which may lack the necessary computing resources to verify safety on their own. We herein illustrate the relevance of the information inferred by existing cost analysis to control resource usage in this context. Moreover, since the (rather complex) analysis phase is replaced by a simpler, efficient checking process at the code consumer side, we believe that our abstract interpretation-based approach to proof-carrying code becomes practically applicable to this kind of systems