Automated techniques for provably safe mobile code

We present a general framework for provably safe mobile code. It relies on a formal definition of a safety policy and explicit evidence for compliance with this policy which is attached to a binary. Concrete realizations of this framework are proof-carrying code, where the evidence for safety is a formal proof generated by a certifying compiler, and typed assembly language, where the evidence for safety is given via type annotations propagated throughout the compilation process in typed intermediate languages. Validity of the evidence is established via a small trusted type checker, either directly on the binary or indirectly on proof representations in a logical framework.

[1]  Frank Pfenning,et al.  Logical Frameworks , 2001, Handbook of Automated Reasoning.

[2]  F. Honsell,et al.  A Framework for De ning LogicsRobert Harper , 1987 .

[3]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[4]  Frank Pfenning,et al.  System Description: Twelf - A Meta-Logical Framework for Deductive Systems , 1999, CADE.

[5]  Frank Pfenning,et al.  Algorithms for Equality and Unification in the Presence of Notational Definitions , 1998, Proof Search in Type-Theoretic Languages@CADE.

[6]  Karl CraryCarnegie Resource Bound Certiication , 2000 .

[7]  Frank Pfenning,et al.  Dependent types in practical programming , 1999, POPL '99.

[8]  George C. Necula,et al.  Efficient Representation and Validation of Logical Proofs , 1997, LICS 1997.

[9]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[10]  Andrew W. Appel,et al.  A semantic model of types and machine instructions for proof-carrying code , 2000, POPL '00.

[11]  F. Pfenning Logic programming in the LF logical framework , 1991 .

[12]  Furio Honsell,et al.  A framework for defining logics , 1993, JACM.

[13]  George C. Necula,et al.  Safe, Untrusted Agents Using Proof-Carrying Code , 1998, Mobile Agents and Security.

[14]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[15]  John C. Reynolds Definitional Interpreters for Higher-Order Programming Languages , 1998, High. Order Symb. Comput..

[16]  Frank Pfenning,et al.  Eliminating array bound checking through dependent types , 1998, PLDI.

[17]  Frank Pfenning,et al.  On equivalence and canonical forms in the LF type theory , 2001, TOCL.

[18]  Frank Pfenning,et al.  Elf: A Meta-Language for Deductive Systems (System Descrition) , 1994, CADE.

[19]  David L. DillComputer Generating Proofs from a Decision Procedure , 1999 .

[20]  Dan Grossman,et al.  TALx86: A Realistic Typed Assembly Language∗ , 1999 .

[21]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[22]  T. Anderson,et al.  Eecient Software-based Fault Isolation , 1993 .

[23]  Frank Pfenning,et al.  An Empirical Study of the Runtime Behavior of Higher-Order Logic Programs , 1992 .

[24]  Robert Harper,et al.  A dependently typed assembly language , 2001, ICFP '01.

[25]  George C. Necula,et al.  Compiling with proofs , 1998 .

[26]  Karl Crary,et al.  Resource bound certification , 2000, POPL '00.

[27]  David Walker,et al.  Stack-based typed assembly language , 2002, J. Funct. Program..

[28]  David Walker,et al.  A type system for expressive security policies , 2000, POPL '00.

[29]  Roberto Virga,et al.  Higher-order rewriting with dependent types (lambda calculus) , 1999 .

[30]  Peter Lee,et al.  TIL: a type-directed, optimizing compiler for ML , 2004, SIGP.

[31]  John C. Reynolds,et al.  Definitional Interpreters for Higher-Order Programming Languages , 1972, ACM '72.

[32]  George C. Necula,et al.  A certifying compiler for Java , 2000, PLDI '00.

[33]  George C. Necula,et al.  Efficient representation and validation of proofs , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[34]  David Walker,et al.  Stack-based typed assembly language , 1998, Journal of Functional Programming.

[35]  Judith Hylton SAFE: , 1993 .

[36]  Richard Statman,et al.  Higher-Order Rewriting with Dependent Types , 1999 .

[37]  Greg Morrisett,et al.  Compiling with Types , 1995 .

[38]  George C. Necula,et al.  The design and implementation of a certifying compiler , 1998, PLDI.

[39]  Peter Lee,et al.  The TIL/ML Compiler: Performance and Safety through Types , 1996 .