Skip to main content
SpringerLink
Log in
Book cover

Transactions on Computational Science XI pp 249–269Cite as

An Extended Proof-Carrying Code Framework for Security Enforcement

  • Chapter

Part of the book series: Lecture Notes in Computer Science ((TCOMPUTATSCIE,volume 6480))

Abstract

The rapid growth of the Internet has resulted in increased attention to security to protect users from being victims of security threats. In this paper, we focus on security mechanisms that are based on Proof-Carrying Code (PCC) techniques. In a PCC system, a code producer sends a code along with its safety proof to the consumer. The consumer executes the code only if the proof is valid. Although PCC has been shown to be a useful security framework, it suffers from the sheer size of typical proofs -proofs of even small programs can be considerably large. In this paper, we propose an extended PCC framework (EPCC) in which, instead of the proof, a proof generator for the program in question is transmitted. This framework enables the execution of the proof generator and the recovery of the proof on the consumer’s side in a secure manner using a newly created virtual machine called the VEP (Virtual Machine for Extended PCC).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Appel, W., Wang, D. C.: JVM TCB: Measurements of the trusted computing base of Java virtual machines, Tech. Rep. CS-TR-647-02, Princeton University (2002)

    Google Scholar 

  2. Cheney, J. R.: First-order term compression: techniques and applications, Master’s thesis, Carnegie Mellon University (August 1998)

    Google Scholar 

  3. Colby, C., Lee, P., Necula, G.C., Blau, F., Plesko, M., Cline, K.: A certifying compiler for Java. SIGPLAN Not. 35(5), 95–107 (2000)

    Article  Google Scholar 

  4. Davis, B., Beatty, A., Casey, K., Gregg, D., Waldron, J.: The case for virtual register machines. In: Proceedings of the 2003 Workshop on interpreters, Virtual Machines and Emulators, IVME 2003. San Diego, California, June 12 - 12, pp. 41–49. ACM, New York (2003)

    Chapter  Google Scholar 

  5. League, C., Shao, Z., Trifonov, V.: Precision in practice: a type-preserving java compiler. In: Hedin, G. (ed.) Proceedings of the 12th International Conference on Compiler Construction, Warsaw, Poland, April 07-11. Lecture Notes In Computer Science, pp. 106–120. Springer, Heidelberg (2003)

    Google Scholar 

  6. Lindholm, T., Yellin, F.: Java Virtual Machine Specification, 2nd edn. Addison-Wesley Longman Publishing Co., Inc. (1999)

    Google Scholar 

  7. Meijer, E., Gough, J.: Technical Overview of the Common Language Runtime (2000)

    Google Scholar 

  8. Necula, G.C.: Proof-carrying code. In: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1997. Paris, France, January 15-17, pp. 106–119. ACM, New York (1997)

    Chapter  Google Scholar 

  9. Necula, G.C.: A Scalable Architecture for Proof-Carrying Code. In: Kuchen, H., Ueda, K. (eds.) FLOPS 2001. LNCS, vol. 2024, pp. 21–39. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  10. Necula, G.C., Lee, P.: Safe kernel extensions without run-time checking. SIGOPS Oper. Syst. Rev. 30, 229–243 (1996)

    Article  Google Scholar 

  11. Necula, G.C., Rahul, S.P.: Oracle-based checking of untrusted software. In: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2001. London, United Kingdom, pp. 142–154. ACM, New York (2001)

    Chapter  Google Scholar 

  12. Pirzadeh, H., Dubé, D.: VEP: a virtual machine for extended proof-carrying code. In: Proceedings of the 1st ACM Workshop on Virtual Machine Security, VMSec 2008. Alexandria, Virginia, USA, October 27-27, pp. 9–18. ACM, New York (2008)

    Chapter  Google Scholar 

  13. Rahul, S.P., Necula, G.C.: Proof Optimization Using Lemma Extraction. Technical Report. UMI Order Number: CSD-01-1143., University of California at Berkeley (2001)

    Google Scholar 

  14. Wu, D., Appel, A.W., Stump, A.: Foundational proof checkers with small witnesses. In: Proceedings of the 5th ACM SIGPLAN International Conference on Principles and Practice of Declaritive Programming, PPDP 2003. Uppsala, Sweden, August 27-29, pp. 264–274. ACM, New York (2003)

    Chapter  Google Scholar 

  15. Stump, A.: Proof Checking Technology for Satisfiability Modulo Theories. Electron. Notes Theor. Comput. Sci. 228, 121–133 (2009)

    Article  Google Scholar 

  16. Li, M., Vitnyi, P.: An Introduction to Kolmogorov Complexity and its Applications, vol. 3. Springer Publishing Company, Heidelberg (2008) (incorporated)

    MATH  Google Scholar 

  17. Pirzadeh, H., Dubé, D.: Encoding the Program Correctness Proofs as Programs in PCC Technology. In: Proceedings of the 2008 Sixth Annual Conference on Privacy, Security and Trust, October 01-03, pp. 121–132. PST. IEEE Computer Society, Washington (2008)

    Chapter  Google Scholar 

  18. Hennessy, J.L., Patterson, D.A.: Computer Architecture: a Quantitative Approach, vol. 3. Morgan Kaufmann Publishers Inc., San Francisco (2003)

    Google Scholar 

  19. Jansen, W., Karygiannis, T.: NIST special publication 800-19 – mobile agent security. Technical report, National Institute of Standards and Technology, Computer Security Division, Gaithersburg, MD 20899. U.S. (2000)

    Google Scholar 

  20. American National Standards Institute, “Programming Language C,” Document ANSI X3.159-1989

    Google Scholar 

  21. Giunchiglia, E., Narizzano, M., Tacchella, A.: Quantified boolean formulas satisfiability library (qbflib) (2001), http://www.qbflib.org

  22. Deutsch, P.: GZIP File Format Specification Version 4.3. RFC. RFC Editor (1996)

    Google Scholar 

  23. Christopher, T.W.: Reference count garbage collection. Software – Practice and Experience 14(6), 503–507 (1984)

    Article  Google Scholar 

  24. Griffith, A.: GCC: the complete reference. McGraw-Hill/Osborne (2002)

    Google Scholar 

  25. Ireland, A.: On the Scalability of Proof Carrying Code for Software Certification. In: Proc. Workshop on Software Certificate Management, November 8, pp. 31–34 (2005)

    Google Scholar 

  26. Pfenning, F., Schürmann, C.: System Description: Twelf - A Meta-Logical Framework for Deductive Systems. In: Ganzinger, H. (ed.) CADE 1999. LNCS (LNAI), vol. 1632, pp. 202–206. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  27. Appel, A.W.: Foundational proof-carrying code. In: 16th Annual IEEE Symposium on Logic in Computer Science (LICS 2001), pp. 247–258 (2001)

    Google Scholar 

  28. Necula, G.C., Lee, P.: The design and implementation of a certifying compiler. SIGPLAN Not. 33(5), 333–344 (1998)

    Article  Google Scholar 

  29. Mobius, Public, Deliverable D4. 1: Scenarios for Proof-Carrying Code, FP6-015905, Information Society Technologies (2006)

    Google Scholar 

  30. Narizzano, M., Pulina, L., Tacchella, A.: Report of the third QBF solvers evaluation, Journal of Satisfiability. Boolean Modeling and Computation 2, 145–164 (2006)

    MATH  Google Scholar 

  31. Barthe, G., Crégut, P., Grégoire, B., Jensen, T., Pichardie, D.: The MOBIUS Proof Carrying Code Infrastructure. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2007. LNCS, vol. 5382, pp. 1–24. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  32. Chlipala, A.J.: Implementing Certified Programming Language Tools in Dependent Type Theory. Doctoral Thesis. UMI Order Number: AAI3311660, University of California at Berkeley (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, Concordia University, Montreal, QC, Canada

    Heidar Pirzadeh & Abdelwahab Hamou-Lhadj

  2. Department of Computer Science, Laval University, Quebec City, QC, Canada

    Danny Dubé

Authors
  1. Heidar Pirzadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Danny Dubé
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abdelwahab Hamou-Lhadj
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Calgary , 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  2. Exascala Ltd. , Unit 9, 97 Rickman Drive, B15 2AL, Birmingham, UK

    C. J. Kenneth Tan

  3. DCOMP/UFS - Federal University of Sergipe , Aracaju, SE, Brazil

    Edward David Moreno

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Pirzadeh, H., Dubé, D., Hamou-Lhadj, A. (2010). An Extended Proof-Carrying Code Framework for Security Enforcement. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science XI. Lecture Notes in Computer Science, vol 6480. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17697-5_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17697-5_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17696-8

  • Online ISBN: 978-3-642-17697-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation