By Topic

An implementation of a verification condition generator for foundational proof-carrying code

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Jiangong Weng ; Sch. of Inf. Technol. & Eng., Univ. of Ottawa, Ottawa, ON, Canada ; Felty, A.

Proof-carrying code (PCC) is a technique that addresses the problem of mobile code safety. It is a mechanism in which a code producer provides both code and a proof certifying that the code will run safely on a code consumer's machine. The code consumer or the host system will validate the proof against a safety policy before executing the source code. Foundational proof-carrying code (FPCC) aims to minimize the amount of code that must be trusted (the “trusted computing base” or TCB) with the goal of providing more flexibility and increased security. In both PCC and FPCC, the verification-condition generator (VCG) constructs the statement of the safety theorem from the source code, and is an important part of the TCB. This paper presents an implementation of a VCG based on a sound set of Hoare-style rules for machine instructions in the context of FPCC. The implementation in OCaml is described and examples illustrating the approach are given. The output of our VCG is a list of verification conditions that are directly inserted into a proof script that serves as input to the Coq proof assistant, and represents an important part of the safety proofs of our programs. We also present examples showing how these verification conditions are used to complete the proofs of safety. This work represents an important step in automating proofs for PCC.

Published in:

Privacy, Security and Trust (PST), 2011 Ninth Annual International Conference on

Date of Conference:

19-21 July 2011