Reduced Certificates for Abstraction-Carrying Code

Abstraction-Carrying Code (ACC) has recently been proposed as a framework for mobile code safety in which the code supplier provides a program together with an abstraction whose validity entails compliance with a predefined safety policy. The abstraction plays thus the role of safety certificate and its generation is carried out automatically by a fixed-point analyzer. The advantage of providing a (fixed-point) abstraction to the code consumer is that its validity is checked in a single pass of an abstract interpretation-based checker. A main challenge is to reduce the size of certificates as much as possible while at the same time not increasing checking time. We introduce the notion of reduced certificate which characterizes the subset of the abstraction which a checker needs in order to validate (and re-construct) the full certificate in a single pass. Based on this notion, we instrument a generic analysis algorithm with the necessary extensions in order to identify the information relevant to the checker. We also provide a correct checking algorithm together with sufficient conditions for ensuring its completeness. The experimental results within the CiaoPP system show that our proposal is able to greatly reduce the size of certificates in practice.

[1]  Kristoffer Høgsbro Rose,et al.  Java access protection through typing , 2001, Concurr. Comput. Pract. Exp..

[2]  V HermenegildoManuel,et al.  Integrated program debugging, verification, and optimization using abstract interpretation (and the Ciao system preprocessor) , 2005 .

[3]  Ehud Shapiro,et al.  Third International Conference on Logic Programming , 1986 .

[4]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[5]  Daniel C. DuVarney,et al.  Model-carrying code: a practical approach for safe execution of untrusted applications , 2003, SOSP '03.

[6]  J. W. Lloyd,et al.  Foundations of logic programming; (2nd extended ed.) , 1987 .

[7]  Tobias Nipkow,et al.  Verified Bytecode Verifiers , 2001, FoSSaCS.

[8]  George C. Necula,et al.  Oracle-based checking of untrusted software , 2001, POPL '01.

[9]  Manuel V. Hermenegildo,et al.  Combined Determination of Sharing and Freeness of Program Variables through Abstract Interpretation , 1991, ICLP.

[10]  Manuel V. Hermenegildo,et al.  Optimized Algorithms for Incremental Analysis of Logic Programs , 1996, SAS.

[11]  Frank Wolter,et al.  Monodic fragments of first-order temporal logics: 2000-2001 A.D , 2001, LPAR.

[12]  Peter J. Stuckey,et al.  Programming with Constraints: An Introduction , 1998 .

[13]  J. Lloyd Foundations of Logic Programming , 1984, Symbolic Computation.

[14]  G. Barthe,et al.  Mobile Resource Guarantees for Smart Devices , 2005 .

[15]  George C. Necula,et al.  Efficient representation and validation of proofs , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[16]  Manuel V. Hermenegildo,et al.  Integrated program debugging, verification, and optimization using abstract interpretation (and the Ciao system preprocessor) , 2005, Sci. Comput. Program..

[17]  George C. Necula,et al.  A sound framework for untrusted verification-condition generators , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[18]  David Cachera,et al.  Extracting a Data Flow Analyser in Constructive Logic , 2004, ESOP.

[19]  Eva Rose,et al.  Lightweight Bytecode Verification , 2004, Journal of Automated Reasoning.

[20]  Manuel V. Hermenegildo,et al.  Abstraction-Carrying Code: a Model for Mobile Code Safety , 2008, New Generation Computing.

[21]  Thom W. Frühwirth,et al.  Logic programs as types for logic programs , 1991, [1991] Proceedings Sixth Annual IEEE Symposium on Logic in Computer Science.

[22]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[23]  Manuel V. Hermenegildo,et al.  Abstraction carrying code and resource-awareness , 2005, PPDP.

[24]  Xavier Leroy,et al.  Java bytecode verification : algorithms and formalizations Xavier Leroy INRIA Rocquencourt and Trusted Logic , 2003 .

[25]  Peter J. Stuckey,et al.  Incremental analysis of constraint logic programs , 2000, TOPL.

[26]  Manuel V. Hermenegildo,et al.  Abstraction-Carrying Code , 2005, LPAR.

[27]  Andrew W. Appel,et al.  A semantic model of types and machine instructions for proof-carrying code , 2000, POPL '00.

[28]  Maurice Bruynooghe,et al.  A Practical Framework for the Abstract Interpretation of Logic Programs , 1991, J. Log. Program..