By Topic

Research on proof-carrying code for untrusted-code security

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Necula, G. ; Carnegie Mellon Univ., Pittsburgh, PA, USA ; Lee, P.

A powerful method of interaction between two software systems is through mobile code. By allowing code to be installed dynamically and then executed, a host system can provide a flexible means of access to its internal resources and services. There are many problems to be solved before such uses of untrusted code can become practical. We focus on the problem of how to establish guarantees about the intrinsic behavior of untrusted programs. Of particular interest are the following: (1) How can the host system ensure that the untrusted code will not damage it, for example, by corrupting internal data structures? (2) How can the host ensure that the untrusted code will not use too many resources (such as CPU, memory, and so forth) or use them for too long a time period? (3) How can the host make these assurances without undue effort and deleterious effect on overall system performance? Our position is that the theory of programming languages, including formal semantics, type theory, and applications of logic, are critical to solving the untrusted code security problem. To illustrate the possibilities of programming language theory, we briefly describe one rather extreme but promising example, which is proof carrying code (PCC). This is a technique by which the host establishes a set of safety rules that guarantee safe behavior of programs, and the code producer creates a formal safety proof that proves, for the untrusted code, adherence to the safety rules. Then, the host is able to use a simple and fast proof validator to check, with certainty, that the proof is valid and hence the foreign code is safe to execute

Published in:

Security and Privacy, 1997. Proceedings., 1997 IEEE Symposium on

Date of Conference:

4-7 May 1997