The MOBIUS Proof Carrying Code Infrastructure

(An Overview)
  • Gilles Barthe
  • Pierre Crégut
  • Benjamin Grégoire
  • Thomas Jensen
  • David Pichardie
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5382)


The goal of the MOBIUS project is to develop a Proof Carrying Code architecture to secure global computers that consist of Java-enabled mobile devices. In this overview, we present the consumer side of the MOBIUS Proof Carrying Code infrastructure, for which we have developed formally certified, executable checkers. We consider wholesale Proof Carrying Code scenarios, in which a trusted authority verifies the certificate before cryptographically signing the application. We also discuss retail Proof Carrying Code, where the verification is performed on the consumer device.


Operational Semantic Abstract Interpretation Proof Obligation Proof Assistant Program Point 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [APH05]
    Albert, E., Puebla, G., Hermenegildo, M.V.: Abstraction-carrying code. In: Baader, F., Voronkov, A. (eds.) LPAR 2004. LNCS, vol. 3452, pp. 380–397. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. [App01]
    Appel, A.W.: Foundational proof-carrying code. In: Halpern, J. (ed.) Logic in Computer Science, p. 247. IEEE Press, Los Alamitos (2001)Google Scholar
  3. [BBC+06]
    Barthe, G., Beringer, L., Crégut, P., Grégoire, B., Hofmann, M., Müller, P., Poll, E., Puebla, G., Stark, I., Vétillard, E.: MOBIUS: Mobility, ubiquity, security. In: Montanari, U., Sannella, D., Bruni, R. (eds.) TGC 2006. LNCS, vol. 4661, pp. 10–29. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. [BGP08]
    Barthe, G., Grégoire, B., Pavlova, M.: Preservation of proof obligations from java to the java virtual machine. In: Armando, A., Baumgartner, P., Dowek, G. (eds.) IJCAR 2008. LNCS, vol. 5195, pp. 83–99. Springer, Heidelberg (2008) (to appear, 2008) CrossRefGoogle Scholar
  5. [BJP06a]
    Besson, F., Jensen, T., Pichardie, D.: A PCC architecture based on certified abstract interpretation. In: Emerging Applications of Abstract Interpretation. Elsevier, Amsterdam (2006)Google Scholar
  6. [BJP06b]
    Besson, F., Jensen, T., Pichardie, D.: Proof-Carrying Code from Certified Abstract Interpretation and Fixpoint Compression. Theoretical Computer Science 364(3), 273–291 (2006); Extended version of [BessonP06]MathSciNetCrossRefzbMATHGoogle Scholar
  7. [BJPT07]
    Besson, F., Jensen, T., Pichardie, D., Turpin, T.: Result certification for relational program analysis. Research Report 6333, IRISA (September 2007)Google Scholar
  8. [BPR07]
    Barthe, G., Pichardie, D., Rezk, T.: A certified lightweight non-interference java bytecode verifier. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 125–140. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. [CA05]
    Crégut, P., Alvarado, C.: Improving the security of downloadable Java applications with static analysis. In: Bytecode Semantics, Verification, Analysis and Transformation. Electronic Notes in Theoretical Computer Science, vol. 141. Elsevier, Amsterdam (2005)Google Scholar
  10. [CC77]
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Principles of Programming Languages, pp. 238–252 (1977)Google Scholar
  11. [Chl0x]
    Chlipala, A.: Modular development of certified program verifiers with a proof assistant. Journal of Functional Programming (to appear)Google Scholar
  12. [Coq04]
    Coq development team. The Coq proof assistant reference manual V8.0. Technical Report 255, INRIA, France (March 2004),
  13. [Gow04]
    Gowdiak, A.: Java 2 Micro Edition (J2ME) security vulnerabilities. In: Hack In The Box Conference, Kuala Lumpur, Malaysia (2004)Google Scholar
  14. [GS07]
    Grégoire, B., Sacchini, J.: Combining a verification condition generator for a bytecode language with static analyses. In: Barthe, G., Fournet, C. (eds.) TGC 2007 and FODO 2008. LNCS, vol. 4912, pp. 23–40. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. [Kil73]
    Kildall, G.A.: A unified approach to global program optimization. In: Principles of Programming Languages, pp. 194–206. ACM Press, New York (1973)Google Scholar
  16. [Ler03]
    Leroy, X.: Java bytecode verification: algorithms and formalizations. Journal of Automated Reasoning 30(3-4), 235–269 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  17. [LL05]
    Livshits, V., Lam, M.: Finding security vulnerabilities in java applications with static analysis. In: USENIX Security Symposium (2005)Google Scholar
  18. [LW94]
    Liskov, B., Wing, J.M.: A behavioral notion of subtyping. ACM Transactions on Programming Languages and Systems 16(6) (1994)Google Scholar
  19. [LY99]
    Lindholm, T., Yellin, F.: The JavaTM Virtual Machine Specification, 2nd edn. Sun Microsystems, Inc. (1999),
  20. [MN07]
    Müller, P., Nordio, M.: Proof-transforming compilation of programs with abrupt termination. In: SAVCBS 2007: Proceedings of the 2007 conference on Specification and verification of component-based systems, pp. 39–46. ACM, New York (2007)Google Scholar
  21. [Nec97]
    Necula, G.C.: Proof-carrying code. In: Principles of Programming Languages, pp. 106–119. ACM Press, New York (1997)Google Scholar
  22. [NL98]
    Necula, G.C., Lee, P.: The design and implementation of a certifying compiler. In: Programming Languages Design and Implementation, vol. 33, pp. 333–344. ACM Press, New York (1998)Google Scholar
  23. [PHM98]
    Poetzsch-Heffter, A., Müller, P.: Logical foundations for typed object-oriented languages. In: Gries, D., De Roever, W. (eds.) Programming Concepts and Methods (PROCOMET), pp. 404–423 (1998)Google Scholar
  24. [Ros03]
    Rose, E.: Lightweight bytecode verification. Journal of Automated Reasoning 31(3-4), 303–334 (2003)CrossRefzbMATHGoogle Scholar
  25. [SM03]
    Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communication 21, 5–19 (2003)CrossRefGoogle Scholar
  26. [Sun03]
    Sun Microsystems Inc., 4150 Network Circle, Santa Clara, California 95054. Connected Limited Device Configuration.Specification Version 1.1. JavaTM 2 Platform, Micro Edition (J2METM) (March 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Gilles Barthe
    • 1
  • Pierre Crégut
    • 3
  • Benjamin Grégoire
    • 2
  • Thomas Jensen
    • 4
  • David Pichardie
    • 4
  1. 1.IMDEA SoftwareMadridSpain
  2. 2.INRIA Sophia-Antipolis MéditerranéeFrance
  3. 3.France TélécomFrance
  4. 4.INRIA Rennes BretagneFrance

Personalised recommendations