Generation of reduced certificates in abstraction-carrying code

Abstraction-Carrying Code (ACC) has recently been proposed as a framework for mobile code safety in which the code supplier provides a program together with an abstraction whose validity entails compliance with a predeflned safety policy. The abstraction plays thus the role of safety certiflcate and its generation is carried out automatically by a flxed-point analyzer. The advantage of providing a (flxed- point) abstraction to the code consumer is that its validity is checked in a single pass of an abstract interpretation-based checker. A main challenge is to reduce the size of certiflcates as much as possible while at the same time not increasing checking time. In this paper, we flrst introduce the notion of reduced certiflcate which characterizes the subset of the abstraction which a checker needs in order to validate (and re-construct) the full certiflcate in a single pass. Based on this notion, we then instrument a generic analysis algorithm with the necessary extensions in order to identify the information relevant to the checker.

[1]  George C. Necula,et al.  Oracle-based checking of untrusted software , 2001, POPL '01.

[2]  G. Barthe,et al.  Mobile Resource Guarantees for Smart Devices , 2005 .

[3]  Maurice Bruynooghe,et al.  A Practical Framework for the Abstract Interpretation of Logic Programs , 1991, J. Log. Program..

[4]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[5]  John Wylie Lloyd,et al.  Foundations of Logic Programming , 1987, Symbolic Computation.

[6]  Peter J. Stuckey,et al.  Programming with Constraints: An Introduction , 1998 .

[7]  Manuel V. Hermenegildo,et al.  Reduced Certificates for Abstraction-Carrying Code , 2006, ICLP.

[8]  George C. Necula,et al.  Efficient representation and validation of proofs , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[9]  Kristoffer Høgsbro Rose,et al.  Java access protection through typing , 2001, Concurr. Comput. Pract. Exp..

[10]  Xavier Leroy,et al.  Java bytecode verification : algorithms and formalizations Xavier Leroy INRIA Rocquencourt and Trusted Logic , 2003 .

[11]  Manuel V. Hermenegildo,et al.  Integrated program debugging, verification, and optimization using abstract interpretation (and the Ciao system preprocessor) , 2005, Sci. Comput. Program..

[12]  Peter J. Stuckey,et al.  Incremental analysis of constraint logic programs , 2000, TOPL.

[13]  Manuel V. Hermenegildo,et al.  Abstraction-Carrying Code , 2005, LPAR.

[14]  Manuel V. Hermenegildo,et al.  Optimized Algorithms for Incremental Analysis of Logic Programs , 1996, SAS.