A Gradual Approach to a More Trustworthy, Yet Scalable, Proof-Carrying Code

  • Robert R. Schneck
  • George C. Necula
Conference paper

DOI: 10.1007/3-540-45620-1_4

Part of the Lecture Notes in Computer Science book series (LNCS, volume 2392)
Cite this paper as:
Schneck R.R., Necula G.C. (2002) A Gradual Approach to a More Trustworthy, Yet Scalable, Proof-Carrying Code. In: Voronkov A. (eds) Automated Deduction—CADE-18. CADE 2002. Lecture Notes in Computer Science, vol 2392. Springer, Berlin, Heidelberg


Proof-carrying code (PCC) allows a code producer to associate to a program a machine-checkable proof of its safety. In the original approach to PCC, the safety policy includes proof rules which determine how various actions are to be proved safe. These proof rules have been considered part of the trusted code base (TCB) of the PCC system. We wish to remove the proof rules from the TCB by providing a formal proof of their soundness. This makes the PCC system more secure, by reducing the TCB; it also makes the system more flexible, by allowing code producers to provide their own safety-policy proof rules, if they can guarantee their soundness. Furthermore this security and flexibility are gained without any loss in the ability to handle large programs.

In this paper we discuss how to produce the necessary formal soundness theorem given a safety policy. As an application of the framework, we have used the Coq system to prove the soundness of the proof rules for a type-based safety policy for native machine code compiled from Java.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Robert R. Schneck
    • 1
  • George C. Necula
    • 2
  1. 1.Group in Logic and the Methodology of ScienceUniversity of CaliforniaBerkeley
  2. 2.Department of Electrical Engineering and Computer SciencesUniversity of CaliforniaBerkeley

Personalised recommendations