Software Security — Theories and Systems pp 283-298
Proof-Carrying Code with Untrusted Proof Rules
- First Online:
- Cite this paper as:
- Necula G.C., Schneck R.R. (2003) Proof-Carrying Code with Untrusted Proof Rules. In: Okada M., Pierce B.C., Scedrov A., Tokuda H., Yonezawa A. (eds) Software Security — Theories and Systems. Lecture Notes in Computer Science, vol 2609. Springer, Berlin, Heidelberg
Proof-carrying code (PCC) allows a code producer to associate to a program a machine-checkable proof of its safety. In traditional implementations of PCC the producer negotiates beforehand, and in an unspecified way, with the consumer the permission to prove safety in whatever high-level way it chooses. In practice this has meant that highlevel rules for type safety have been hard-wired into the system as part of the trusted code base. This limits the security and flexibility of the PCC system.
In this paper, we exhibit an approach to removing the safety proof rules from the trusted base, with a technique by which the producer can convince the consumer that a given set of high-level safety rules enforce a strong global invariant that entails the trusted low-level memory safety policy.
Unable to display preview. Download preview PDF.