Proof-Carrying Code with Untrusted Proof Rules

  • George C. Necula
  • Robert R. Schneck
Conference paper

DOI: 10.1007/3-540-36532-X_18

Volume 2609 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Necula G.C., Schneck R.R. (2003) Proof-Carrying Code with Untrusted Proof Rules. In: Okada M., Pierce B.C., Scedrov A., Tokuda H., Yonezawa A. (eds) Software Security — Theories and Systems. Lecture Notes in Computer Science, vol 2609. Springer, Berlin, Heidelberg

Abstract

Proof-carrying code (PCC) allows a code producer to associate to a program a machine-checkable proof of its safety. In traditional implementations of PCC the producer negotiates beforehand, and in an unspecified way, with the consumer the permission to prove safety in whatever high-level way it chooses. In practice this has meant that highlevel rules for type safety have been hard-wired into the system as part of the trusted code base. This limits the security and flexibility of the PCC system.

In this paper, we exhibit an approach to removing the safety proof rules from the trusted base, with a technique by which the producer can convince the consumer that a given set of high-level safety rules enforce a strong global invariant that entails the trusted low-level memory safety policy.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • George C. Necula
    • 1
  • Robert R. Schneck
    • 2
  1. 1.Department of Electrical Engineering and Computer SciencesUniversity of CaliforniaBerkeley
  2. 2.Group in Logic and the Methodology of ScienceUniversity of CaliforniaBerkeley