Abstract
The rapid growth of the Internet has resulted in increased attention to security to protect users from being victims of security threats. In this paper, we focus on security mechanisms that are based on Proof-Carrying Code (PCC) techniques. In a PCC system, a code producer sends a code along with its safety proof to the consumer. The consumer executes the code only if the proof is valid. Although PCC has been shown to be a useful security framework, it suffers from the sheer size of typical proofs -proofs of even small programs can be considerably large. In this paper, we propose an extended PCC framework (EPCC) in which, instead of the proof, a proof generator for the program in question is transmitted. This framework enables the execution of the proof generator and the recovery of the proof on the consumer’s side in a secure manner using a newly created virtual machine called the VEP (Virtual Machine for Extended PCC).
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Appel, W., Wang, D. C.: JVM TCB: Measurements of the trusted computing base of Java virtual machines, Tech. Rep. CS-TR-647-02, Princeton University (2002)
Cheney, J. R.: First-order term compression: techniques and applications, Master’s thesis, Carnegie Mellon University (August 1998)
Colby, C., Lee, P., Necula, G.C., Blau, F., Plesko, M., Cline, K.: A certifying compiler for Java. SIGPLAN Not. 35(5), 95–107 (2000)
Davis, B., Beatty, A., Casey, K., Gregg, D., Waldron, J.: The case for virtual register machines. In: Proceedings of the 2003 Workshop on interpreters, Virtual Machines and Emulators, IVME 2003. San Diego, California, June 12 - 12, pp. 41–49. ACM, New York (2003)
League, C., Shao, Z., Trifonov, V.: Precision in practice: a type-preserving java compiler. In: Hedin, G. (ed.) Proceedings of the 12th International Conference on Compiler Construction, Warsaw, Poland, April 07-11. Lecture Notes In Computer Science, pp. 106–120. Springer, Heidelberg (2003)
Lindholm, T., Yellin, F.: Java Virtual Machine Specification, 2nd edn. Addison-Wesley Longman Publishing Co., Inc. (1999)
Meijer, E., Gough, J.: Technical Overview of the Common Language Runtime (2000)
Necula, G.C.: Proof-carrying code. In: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1997. Paris, France, January 15-17, pp. 106–119. ACM, New York (1997)
Necula, G.C.: A Scalable Architecture for Proof-Carrying Code. In: Kuchen, H., Ueda, K. (eds.) FLOPS 2001. LNCS, vol. 2024, pp. 21–39. Springer, Heidelberg (2001)
Necula, G.C., Lee, P.: Safe kernel extensions without run-time checking. SIGOPS Oper. Syst. Rev. 30, 229–243 (1996)
Necula, G.C., Rahul, S.P.: Oracle-based checking of untrusted software. In: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2001. London, United Kingdom, pp. 142–154. ACM, New York (2001)
Pirzadeh, H., Dubé, D.: VEP: a virtual machine for extended proof-carrying code. In: Proceedings of the 1st ACM Workshop on Virtual Machine Security, VMSec 2008. Alexandria, Virginia, USA, October 27-27, pp. 9–18. ACM, New York (2008)
Rahul, S.P., Necula, G.C.: Proof Optimization Using Lemma Extraction. Technical Report. UMI Order Number: CSD-01-1143., University of California at Berkeley (2001)
Wu, D., Appel, A.W., Stump, A.: Foundational proof checkers with small witnesses. In: Proceedings of the 5th ACM SIGPLAN International Conference on Principles and Practice of Declaritive Programming, PPDP 2003. Uppsala, Sweden, August 27-29, pp. 264–274. ACM, New York (2003)
Stump, A.: Proof Checking Technology for Satisfiability Modulo Theories. Electron. Notes Theor. Comput. Sci. 228, 121–133 (2009)
Li, M., Vitnyi, P.: An Introduction to Kolmogorov Complexity and its Applications, vol. 3. Springer Publishing Company, Heidelberg (2008) (incorporated)
Pirzadeh, H., Dubé, D.: Encoding the Program Correctness Proofs as Programs in PCC Technology. In: Proceedings of the 2008 Sixth Annual Conference on Privacy, Security and Trust, October 01-03, pp. 121–132. PST. IEEE Computer Society, Washington (2008)
Hennessy, J.L., Patterson, D.A.: Computer Architecture: a Quantitative Approach, vol. 3. Morgan Kaufmann Publishers Inc., San Francisco (2003)
Jansen, W., Karygiannis, T.: NIST special publication 800-19 – mobile agent security. Technical report, National Institute of Standards and Technology, Computer Security Division, Gaithersburg, MD 20899. U.S. (2000)
American National Standards Institute, “Programming Language C,” Document ANSI X3.159-1989
Giunchiglia, E., Narizzano, M., Tacchella, A.: Quantified boolean formulas satisfiability library (qbflib) (2001), http://www.qbflib.org
Deutsch, P.: GZIP File Format Specification Version 4.3. RFC. RFC Editor (1996)
Christopher, T.W.: Reference count garbage collection. Software – Practice and Experience 14(6), 503–507 (1984)
Griffith, A.: GCC: the complete reference. McGraw-Hill/Osborne (2002)
Ireland, A.: On the Scalability of Proof Carrying Code for Software Certification. In: Proc. Workshop on Software Certificate Management, November 8, pp. 31–34 (2005)
Pfenning, F., Schürmann, C.: System Description: Twelf - A Meta-Logical Framework for Deductive Systems. In: Ganzinger, H. (ed.) CADE 1999. LNCS (LNAI), vol. 1632, pp. 202–206. Springer, Heidelberg (1999)
Appel, A.W.: Foundational proof-carrying code. In: 16th Annual IEEE Symposium on Logic in Computer Science (LICS 2001), pp. 247–258 (2001)
Necula, G.C., Lee, P.: The design and implementation of a certifying compiler. SIGPLAN Not. 33(5), 333–344 (1998)
Mobius, Public, Deliverable D4. 1: Scenarios for Proof-Carrying Code, FP6-015905, Information Society Technologies (2006)
Narizzano, M., Pulina, L., Tacchella, A.: Report of the third QBF solvers evaluation, Journal of Satisfiability. Boolean Modeling and Computation 2, 145–164 (2006)
Barthe, G., Crégut, P., Grégoire, B., Jensen, T., Pichardie, D.: The MOBIUS Proof Carrying Code Infrastructure. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2007. LNCS, vol. 5382, pp. 1–24. Springer, Heidelberg (2008)
Chlipala, A.J.: Implementing Certified Programming Language Tools in Dependent Type Theory. Doctoral Thesis. UMI Order Number: AAI3311660, University of California at Berkeley (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Pirzadeh, H., Dubé, D., Hamou-Lhadj, A. (2010). An Extended Proof-Carrying Code Framework for Security Enforcement. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science XI. Lecture Notes in Computer Science, vol 6480. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17697-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-17697-5_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17696-8
Online ISBN: 978-3-642-17697-5
eBook Packages: Computer ScienceComputer Science (R0)