article

Oracle-based checking of untrusted software

Authors:

George C. Necula,

S. P. RahulAuthors Info & Claims

ACM SIGPLAN Notices, Volume 36, Issue 3

Pages 142 - 154

https://doi.org/10.1145/373243.360216

Published: 01 January 2001 Publication History

Abstract

We present a variant of Proof-Carrying Code (PCC) in which the trusted inference rules are represented as a higherorder logic program, the proof checker is replaced by a nondeterministic higher-order logic interpreter and the proof by an oracle implemented as a stream of bits that resolve the nondeterministic interpretation choices. In this setting, Proof-Carrying Code allows the receiver of the code the luxury of using nondeterminism in constructing a simple yet powerful checking procedure.This oracle-based variant of PCC is able to adapt quite naturally to situations when the property being checked is simple or there is a fairly directed search procedure for it. As an example, we demonstrate that if PCC is used to verify type safety of assembly language programs compiled from Java source programs, the oracles that are needed are on the average just 12% of the size of the code, which represents an improvement of a factor of 30 over previous syntactic representations of PCC proofs.

References

[1]

A. W. Appel and E. W. Felten. Proof-carrying authentication. In 5th ACM Conference on Computer and Communications Security: pages 52-62: Singapore: Nov. 1999. ACM Press.

Digital Library

[2]

A. Avron: F. A. Honsell: I. A. Mason: and R. Pollack. Using typed lambda calculus to implement formal systems on a machine. Journal of Automated Reasoning: 9(3):309-354: 1992. A preliminary version appeared as University of Edinburgh Report ECS-LFCS-87-31.

Digital Library

[3]

N. DeBruijn. Lambda-calculus notation with nameless dummies: a tool for automatic formula manipulation. Indag. Mat.: 34:381-392: 1972.

[4]

G. Dowek: A. Felty: H. Herbelin: G. P. Huet: C. Murthy: C. Parent: C. Paulin-Mohring: and B. Werner. The Coq proof assistant user's guide. Version 5.8. Technical report: INRIA - Rocquencourt: May 1993.

[5]

C. Elliott. Higher-order unification with dependent types. In N. Dershowitz: editor: Rewritin9 Techniques and Applications: pages 121-136: Chapel Hill: North Carolina: Apr. 1989. Springer-Verlag LNCS 355.

[6]

J.-Y. Girard. Une extension de Pinterpretation de GSdel h l'analyse: et son application h l'elimination des coupures dans l'analyse et la theorie des types. In J. E. Fenstad: editor: Proceedings 2nd Scandinavian Logic Symp., Oslo, Norway, 18-20 June 1970: volume 63 of Studies in Logic and the Foundations of Mathematics: pages 63-92. North-Holland: Amsterdam: 1971.

[7]

Girard: J.-Y. Interprdtation Fonctionnelle et Elimination des Coupures de l'Arithmgtique d'Ordre Supdrieur. These de doctorat d'etat: Universite Paris VII: June 1972.

[8]

R. Harper: F. Honsell: and G. Plotkin. A framework for defining logics. Journal of the Association for Computing Machinery: 40(1):143-184: Jan. 1993.

Digital Library

[9]

R. Harrop. Concerning formulas of the types A -+ B V C: A --4 (Ex)B(x) in intuitionistic formal systems. Journal of Symbolic Logic: pages 27-32: 1960.

[10]

G. Huet. A unification algorithm for typed lambda calculus. Theoretical Computer Science: 1(1):27-57: 1973.

[11]

T. Lindholm and F. Yellin. The Java Virtual Machine Specification. The Java Series. Addison-Wesley, Reading: MA: USA: Jan. 1997.

Digital Library

[12]

Z. Luo and R. Pollack. The LEGO proof development system: A user's manual. Technical Report ECS-LFCS- 92-211: University of Edinburgh: May 1992.

[13]

S. Michaylov and F. Pfenning. An empirical study of the runtime behavior of higher-order logic programs. In D. Miller: editor: Proceedings of the Workshop on the \Prolog Programming Language: pages 257-271: July 1992. Available as Technical Report MS-CIS-92-86.

[14]

Microsoft Corporation. Proposal for authenticating code via the Internet. http://www.microsoft.com- /security/tech/authcode/authcode-f.htm: Apr. 1996.

[15]

D. Miller. A logic programming language with lambdaabstraction: function variables: and simple unification. Journal of Logic and Computation: 1(4):497-536: Sept. 1991.

[16]

G. Morrisett: D. Walker: K. Crary: and N. Glew. From system F to typed assembly language. ACM Transactions on Programming Languages and Systems: 21(3):527-568: May 1999.

Digital Library

[17]

G. Nadathur. A proof procedure for the logic of hereditary Harrop formulas. Journal of Automated Reasoning: 11(1):115-145: Aug. 1993.

[18]

G. Nadathur and D. Miller. Higher-order logic programming. In D. M. Gabbay, C. J. Hogger, and J. A. Robinson, editors, Handbook of Logic in Artificial Intelli9ence and Logic Programmin9, volume 5, chapter 8. Oxford University Press, 1998.

[19]

G. C. Necula. Proof-carrying code. In The 24th Annual ACM Symposium on Principles of Programming Languages, pages 106-119. ACM, Jan. 1997.

Digital Library

[20]

G. C. Necula. Compiling with Proofs. PhD thesis, Carnegie Mellon University, Sept. 1998. Also available as CMU-CS-98-154.

Digital Library

[21]

G. C. Necula and P. Lee. The design and implementation of a certifying compiler. In ACM SIGPLAN'98 Conference on Programming Language Design and Implementation, pages 333-344, June 1998.

Digital Library

[22]

G. C. Necula and P. Lee. Efficient representation and validation of proofs. In Thirteenth Annual Symposium on Logic in Computer Science, pages 93-104, Indianapolis, June 1998. IEEE Computer Society Press.

Digital Library

[23]

F. Pfenning. Logic programming in the LF logical framework. In G. Huet and G. Plotkin, editors, Logical Frameworks, pages 149-181. Cambridge University Press, 1991.

Digital Library

[24]

F. Pfenning. Elf: A meta-language for deductive systems (system description). In A. Bundy, editor, lZth International Conference on Automated Deduction, LNAI 814, pages 811-815, Nancy, France, June 26-July 1, 1994. Springer-Verlag.

Digital Library

[25]

R. Ramesh, I. V. Ramakrishnan, and D. S. Warren. Automata-driven indexing of Prolog clauses. Journal of Logic Programming, 23(2):151-202, May 1995.

[26]

J. C. Reynolds. Towards a theory of type structures. In Pro9rammin9 Symposium (Colloque sur la Programmation, Paris), volume 19 of Lecture Notes in Computer Science, pages 408-425. Springer-Verlag, Berlin, Heidelberg, and New York, 1974.

[27]

J. B. Wells. Typability and type-checking in the secondorder \-calculus are equivalent and undecidable. In Proceedings, Ninth Annual IEEE Symposium on Logic in Computer Science, pages 176-185, Paris, France, 4-7 July 1994. IEEE Computer Society Press.

Cited By

Liu WWang WChen HWang XLu YChen KWang XShen QChen YTang H(2021)Practical and Efficient in-Enclave Verification of Privacy Compliance2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN48987.2021.00052(413-425)Online publication date: Jun-2021
https://doi.org/10.1109/DSN48987.2021.00052
Miller D(2019)A Distributed and Trusted Web of Formal ProofsDistributed Computing and Internet Technology10.1007/978-3-030-36987-3_2(21-40)Online publication date: 9-Dec-2019
https://doi.org/10.1007/978-3-030-36987-3_2
Jakobs MWehrheim H(2017)Compact Proof WitnessesNASA Formal Methods10.1007/978-3-319-57288-8_28(389-403)Online publication date: 9-Apr-2017
https://doi.org/10.1007/978-3-319-57288-8_28
Show More Cited By

Recommendations

Oracle-based checking of untrusted software
POPL '01: Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages

We present a variant of Proof-Carrying Code (PCC) in which the trusted inference rules are represented as a higherorder logic program, the proof checker is replaced by a nondeterministic higher-order logic interpreter and the proof by an oracle ...
Proof-checking metamathematics (theorem-proving)
Oracle semantics

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 36, Issue 3

March 2001

303 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/373243

Editors:
Cindy Norris
Appalachian State Univ., Boone, NC
,
James B. Fenwick
Appalachian State Univ., Boone, NC

Issue’s Table of Contents

POPL '01: Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
January 2001
304 pages
ISBN:1581133367
DOI:10.1145/360204
Chairmen:
Chris Hankin
Imperial College, London, U. K.
,
Dave Schmidt
Kansas State Univ., Manhattan

Copyright © 2001 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 January 2001

Published in SIGPLAN Volume 36, Issue 3

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

91
Total Citations
View Citations
397
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)1

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu WWang WChen HWang XLu YChen KWang XShen QChen YTang H(2021)Practical and Efficient in-Enclave Verification of Privacy Compliance2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN48987.2021.00052(413-425)Online publication date: Jun-2021
https://doi.org/10.1109/DSN48987.2021.00052
Miller D(2019)A Distributed and Trusted Web of Formal ProofsDistributed Computing and Internet Technology10.1007/978-3-030-36987-3_2(21-40)Online publication date: 9-Dec-2019
https://doi.org/10.1007/978-3-030-36987-3_2
Jakobs MWehrheim H(2017)Compact Proof WitnessesNASA Formal Methods10.1007/978-3-319-57288-8_28(389-403)Online publication date: 9-Apr-2017
https://doi.org/10.1007/978-3-319-57288-8_28
Jakobs M(2015)Speed Up Configurable Certificate Validation by Certificate Reduction and PartitioningSoftware Engineering and Formal Methods10.1007/978-3-319-22969-0_12(159-174)Online publication date: 21-Aug-2015
https://doi.org/10.1007/978-3-319-22969-0_12
Amtoft TDodds JZhang ZAppel ABeringer LHatcliff JOu XCousino A(2012)A certificate infrastructure for machine-checked proofs of conditional information flowProceedings of the First international conference on Principles of Security and Trust10.1007/978-3-642-28641-4_20(369-389)Online publication date: 24-Mar-2012
https://dl.acm.org/doi/10.1007/978-3-642-28641-4_20
Franz MChandra DGal AHaldar VProbst CReig FWang N(2005)A portable virtual machine target for proof-carrying codeScience of Computer Programming10.1016/j.scico.2004.09.00157:3(275-294)Online publication date: 1-Sep-2005
https://dl.acm.org/doi/10.1016/j.scico.2004.09.001
Hohenberger SLysyanskaya A(2005)How to securely outsource cryptographic computationsProceedings of the Second international conference on Theory of Cryptography10.1007/978-3-540-30576-7_15(264-282)Online publication date: 10-Feb-2005
https://dl.acm.org/doi/10.1007/978-3-540-30576-7_15
Glesner S(2003)Program Checking with Certificates: Separating Correctness-Critical CodeFME 2003: Formal Methods10.1007/978-3-540-45236-2_41(758-777)Online publication date: 2003
https://doi.org/10.1007/978-3-540-45236-2_41
Seo SYang HYi K(2003)Automatic Construction of Hoare Proofs from Abstract Interpretation ResultsProgramming Languages and Systems10.1007/978-3-540-40018-9_16(230-245)Online publication date: 2003
https://doi.org/10.1007/978-3-540-40018-9_16
Henzinger TNecula GJhala RSutre GMajumdar RWeimer W(2002)Temporal-Safety Proofs for Systems CodeComputer Aided Verification10.1007/3-540-45657-0_45(526-538)Online publication date: 20-Sep-2002
https://doi.org/10.1007/3-540-45657-0_45
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents