18 research outputs found
System M: A Program Logic for Code Sandboxing and Identification
Security-sensitive applications that execute untrusted code often check the
code's integrity by comparing its syntax to a known good value or sandbox the
code to contain its effects. System M is a new program logic for reasoning
about such security-sensitive applications. System M extends Hoare Type Theory
(HTT) to trace safety properties and, additionally, contains two new reasoning
principles. First, its type system internalizes logical equality, facilitating
reasoning about applications that check code integrity. Second, a confinement
rule assigns an effect type to a computation based solely on knowledge of the
computation's sandbox. We prove the soundness of system M relative to a
step-indexed trace-based semantic model. We illustrate both new reasoning
principles of system M by verifying the main integrity property of the design
of Memoir, a previously proposed trusted computing system for ensuring state
continuity of isolated security-sensitive applications