Abstract
We investigate the certification of temporal properties of untrusted code. This kind of certification has many potential applications, including high confidence extension of operating system kernels. The size of a traditional, proof-based certificate tends to expand drastically because of the state explosion problem. Abstraction-carrying Code (ACC) obtains smaller certificates at the expense of an increased verification time. In addition, a single ACC certificate may be used to certify multiple properties. ACC uses an abstract interpretation of the mobile program as a certificate. A client receiving the code and the certificate will first validate the abstraction and then run a model checker to verify the temporal property.
We have developed ACCEPT/C, a certifier of reachability properties for an intermediate language program compiled from C source code, demonstrating the practicality of ACC. Novel aspects of our implementation include: 1) the use of a Boolean program as a certificate; 2) the preservation of Boolean program abstraction during compilation; 3) the encoding of the Boolean program as program assertions in the intermediate program; and 4) the semantics-based validation of the Boolean program via a verification condition generator (VCGen). Our experience of applying ACCEPT/C to real programs, including Linux and NT drivers, shows a significant reduction in certificate size compared to other techniques of similar expressive power; the time spent on model checking is reasonable.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Appel, A.: Fundational Proof-carrying Code. In: Proceeding of 16th IEEE Symposium on Logics in Computer Science (June 2001)
Ball, T., Rajamani, S.: Automatically ValidatingTemporal Safety Properties of Interfaces. In: Dwyer, M.B. (ed.) SPIN 2001. LNCS, vol. 2057, pp. 103–122. Springer, Heidelberg (2001)
Bensalem, S., Lakhnech, Y., Owre, S.: Computing abstractions of infinite state systems compositionally and automatically. In: Y. Vardi, M. (ed.) CAV 1998. LNCS, vol. 1427, pp. 319–331. Springer, Heidelberg (1998)
Bernard, A., Lee, P.: Temporal Logic for Proof-carrying Code. In: Voronkov, A. (ed.) CADE 2002. LNCS (LNAI), vol. 2392, pp. 31–46. Springer, Heidelberg (2002)
Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-Guided Abstraction Refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 154–169. Springer, Heidelberg (2000)
Das, S., Dill, D., Park, S.J.: Experience with Predicate Abstraction. In: Halbwachs, N., Peled, D.A. (eds.) CAV 1999. LNCS, vol. 1633, pp. 160–171. Springer, Heidelberg (1999)
Graf, S., Saidi, H.: Construction of Abstract State Graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (1997)
Henzinger, T., Jhala, R., Majumdar, R., Necula, G., Sutre, G., Weimer, W.: Temporal-Safety Proofs for Systems Code. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 526–538. Springer, Heidelberg (2002)
Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: ACM SIGPLANSIGACT Conference on Principles of Programming Languages, pp. 58–70 (2002)
Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Software verification with BLAST. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 235–239. Springer, Heidelberg (2003)
Namjoshi, K.S.: Certifying Model Checkers. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, p. 2. Springer, Heidelberg (2001)
Namjoshi, K.S.: Lifting Temporal Proofs through Abstractions. In: Zuck, L.D., Attie, P.C., Cortesi, A., Mukhopadhyay, S. (eds.) VMCAI 2003. LNCS, vol. 2575, pp. 174–188. Springer, Heidelberg (2002)
Kozen, D.: Efficient Code Certification, Technical Report, Computer Science Department, Cornell University (1998)
Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems. Springer, Heidelberg (1992)
McPeak, S., Necula, G.C., Rahul, S.P., Weimer, W.: Cil: Intermediate languages and tools for c program analysis and transformation. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol. 2304, Springer, Heidelberg (2002)
Morrisett, G., Crary, K., Glew, N., Walker, D.: Stacked-based Typed Assembly Language. In: Leroy, X., Ohori, A. (eds.) TIC 1998. LNCS, vol. 1473, pp. 28–52. Springer, Heidelberg (1998)
Morrisett, G., Walker, D., Crary, K., Glew, N.: From System F toTyped Assembly Language. ACM Transactions on Programming Languages and Systems 21(3), 527–568 (1999)
Necula, G.: Compiling with Proofs. PhD thesis, Carnegie Mellon University (1998)
Necula, G.: A Scalable Architecture for Proof-Carrying Code (2001)
Kurshan, R.: Models Whose Checks Don’t Explode. In: Dill, D.L. (ed.) CAV 1994. LNCS, vol. 818, pp. 222–233. Springer, Heidelberg (1994)
Saidi, H.: Model-checking Guided Abstraction and Analysis. In: Palsberg, J. (ed.) SAS 2000. LNCS, vol. 1824, pp. 377–389. Springer, Heidelberg (2000)
Schwoon, S.: Moped software, available at http://wwwbrauer.informatik.tu-muenchen.de/~schwoon/moped/
Sekar, R., Ramakrishnan, C., Ramakrishnan, I., Smolka, S.: Model-carrying Code (MCC): A New Paradigm for Mobile Code Security. In: New Security Paradigm Workshop (2001)
Sekar, R., Venkatakrishnan, V., Basu, S., Bhatkar, S., DuVarney, D.: Model-carrying code: A practical approach for safe execution of untrusted applications. In: Proceedings of ACM Symposium on Operating System Principles, pp. 15–28 (2003)
Shao, Z., Saha, B., Trifonov, V., Papaspyrou, N.: Type System for Certified Binaries. In: Proc. 29th ACM Symposium on Principles of Programming Languages (POPL 2002), January 2002, pp. 217–232 (2002)
Tan, L., Cleaveland, R.: Evidence-based model checking. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 455–470. Springer, Heidelberg (2001)
Xi, H., Harper, R.: Dependently Typed Assembly Language. In: Proceedings of the Sixth ACM SIGPLAN International Conference on Functional Programming, September 2001, pp. 169–180 (2001)
Xia, S., Hook, J.: Experience with abstraction-carrying code. In: Proceedigns of Software Model Checking Workshop (2003)
Xia, S., Hook, J.: An implementation of abstraction-carrying code. In: Proceedings of Foundations of Computer Security Workshop (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xia, S., Hook, J. (2004). Certifying Temporal Properties for Compiled C Programs. In: Steffen, B., Levi, G. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2004. Lecture Notes in Computer Science, vol 2937. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24622-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-24622-0_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20803-7
Online ISBN: 978-3-540-24622-0
eBook Packages: Springer Book Archive