Abstract Interpretation-Based Mobile Code Certification
Current approaches to mobile code safety – inspired by the technique of Proof-Carrying Code (PCC)  – associate safety information (in the form of a certificate) to programs. The certificate (or proof) is created by the code supplier at compile time, and packaged along with the untrusted code. The consumer who receives the code+certificate package can then run a checker which, by a straightforward inspection of the code and the certificate, is able to verify the validity of the certificate and thus compliance with the safety policy. The main practical difficulty of PCC techniques is in generating safety certificates which at the same time: i) allow expressing interesting safety properties, ii) can be generated automatically and, iii) are easy and efficient to check.
- 1.Albert, E., Puebla, G., Hermenegildo, M.: An Abstract Interpretation-based Approach to Mobile Code Safety. TR CLIP8/2003.0, T. U. of Madrid (November 2003)Google Scholar
- 2.Cousot, P., Cousot, R.: Abstract Interpretation: a Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In: POPL 1977, pp. 238–252 (1977)Google Scholar