Proof-Carrying Code with Untrusted Proof Rules
Proof-carrying code (PCC) allows a code producer to associate to a program a machine-checkable proof of its safety. In traditional implementations of PCC the producer negotiates beforehand, and in an unspecified way, with the consumer the permission to prove safety in whatever high-level way it chooses. In practice this has meant that highlevel rules for type safety have been hard-wired into the system as part of the trusted code base. This limits the security and flexibility of the PCC system.
In this paper, we exhibit an approach to removing the safety proof rules from the trusted base, with a technique by which the producer can convince the consumer that a given set of high-level safety rules enforce a strong global invariant that entails the trusted low-level memory safety policy.
Unable to display preview. Download preview PDF.
- [AF00.]Andrew W. Appel and Amy P. Felty. A semantic model of types and machine instructions for proof-carrying code. In POPL’ 00: The 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 243–253. ACM Press, January 2000.Google Scholar
- [App01.]Andrew W. Appel. Foundational proof-carrying code. In Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science, pages 247–258, June 2001.Google Scholar
- [Coq02.]Coq Development Team. The Coq proof assistant reference manual, version 7.3. May 2002.Google Scholar
- [HST+02.]Nadeem A. Hamid, Zhong Shao, Valery Trifonov, Stefan Monnier, and Zhaozhong Ni. A syntactic approach to foundational proof-carrying code. In Proceedings of the Seventeenth Annual IEEE Symposium on Logic in Computer Science, pages 89–100, Copenhagen, Denmark, July 2002.Google Scholar
- [Nec97.]George C. Necula. Proof-carrying code. In The 24th Annual ACM Symposium on Principles of Programming Languages, pages 106–119. ACM, January 1997.Google Scholar
- [Nec98.]George C. Necula. Compiling with Proofs. PhD thesis, Carnegie Mellon University, September 1998. Also available as CMU-CS-98-154.Google Scholar
- [SN02.]Robert R. Schneck and George C. Necula. A gradual approach to a more trustworthy, yet scalable, proof-carrying code. In Proceedings of the 18th International Conference on Automated Deduction (CADE-18), pages 47–62, Copenhagen, Denmark, July 2002. Springer-Verlag.Google Scholar