论文信息 - Research directions for automated software verification: using trusted hardware

Research directions for automated software verification: using trusted hardware

Service providers hosting software on servers at the request of content providers need assurance that the hosted software has no undesirable properties. This problem applies to browsers which host applets, networked software which can host software agents, etc. The hosted software's properties are currently verified by testing and/or verification processes by the hosting computer. This increases cost, causes delay, and leads to difficulties in version control. By furnishing content providers with a physically secure computing device with an embedded certified private key, such properties can be verified and/or enforced by the secure computing device at the content provider's site; the secure device can verify such properties, statically whenever possible, and by inserting checks into the executable binary when necessary. The resulting binary is attested by a trusted signature, and can be hosted with confidence. The position paper is a preliminary report that outlines scientific and engineering goals in this project.

Premkumar T. Devanbu | Stuart G. Stubblebine

[1] Stuart G. Stubblebine,et al. Recent-secure authentication: enforcing revocation in distributed systems , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[2] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3] Bennet S. Yee,et al. Secure Coprocessors in Electronic Commerce Applications , 1995, USENIX Workshop on Electronic Commerce.

[4] Virgil D. Gligor,et al. On the Identification of Covert Storage Channels in Secure Systems , 1990, IEEE Trans. Software Eng..

[5] Carl A. Gunter,et al. Infrastructure for Proof-Referencing Code , 1997 .

[6] Robert Wahbe,et al. Efficient software-based fault isolation , 1994, SOSP '93.

[7] John Rushby,et al. Critical system properties: survey and taxonomy , 1994 .

[8] Gary McGraw,et al. Java security: hostile applets, holes&antidotes , 1997 .

[9] Premkumar T. Devanbu,et al. Cryptographic verification of test coverage claims , 1997, ESEC '97/FSE-5.

[10] George C. Necula,et al. Proof-carrying code , 1997, POPL '97.