Article

Oracle-based checking of untrusted software

Authors:

George C. Necula and

S. P. RahulAuthors Info & Claims

POPL '01: Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages

January 2001

Pages 142 - 154

https://doi.org/10.1145/360204.360216

Published: 01 January 2001 Publication History

Abstract

We present a variant of Proof-Carrying Code (PCC) in which the trusted inference rules are represented as a higherorder logic program, the proof checker is replaced by a nondeterministic higher-order logic interpreter and the proof by an oracle implemented as a stream of bits that resolve the nondeterministic interpretation choices. In this setting, Proof-Carrying Code allows the receiver of the code the luxury of using nondeterminism in constructing a simple yet powerful checking procedure.This oracle-based variant of PCC is able to adapt quite naturally to situations when the property being checked is simple or there is a fairly directed search procedure for it. As an example, we demonstrate that if PCC is used to verify type safety of assembly language programs compiled from Java source programs, the oracles that are needed are on the average just 12% of the size of the code, which represents an improvement of a factor of 30 over previous syntactic representations of PCC proofs.

References

[1]

A. W. Appel and E. W. Felten. Proof-carrying authentication. In 5th ACM Conference on Computer and Communications Security: pages 52-62: Singapore: Nov. 1999. ACM Press.

Digital Library

[2]

A. Avron: F. A. Honsell: I. A. Mason: and R. Pollack. Using typed lambda calculus to implement formal systems on a machine. Journal of Automated Reasoning: 9(3):309-354: 1992. A preliminary version appeared as University of Edinburgh Report ECS-LFCS-87-31.

Digital Library

[3]

N. DeBruijn. Lambda-calculus notation with nameless dummies: a tool for automatic formula manipulation. Indag. Mat.: 34:381-392: 1972.

[4]

G. Dowek: A. Felty: H. Herbelin: G. P. Huet: C. Murthy: C. Parent: C. Paulin-Mohring: and B. Werner. The Coq proof assistant user's guide. Version 5.8. Technical report: INRIA - Rocquencourt: May 1993.

[5]

C. Elliott. Higher-order unification with dependent types. In N. Dershowitz: editor: Rewritin9 Techniques and Applications: pages 121-136: Chapel Hill: North Carolina: Apr. 1989. Springer-Verlag LNCS 355.

[6]

J.-Y. Girard. Une extension de Pinterpretation de GSdel h l'analyse: et son application h l'elimination des coupures dans l'analyse et la theorie des types. In J. E. Fenstad: editor: Proceedings 2nd Scandinavian Logic Symp., Oslo, Norway, 18-20 June 1970: volume 63 of Studies in Logic and the Foundations of Mathematics: pages 63-92. North-Holland: Amsterdam: 1971.

[7]

Girard: J.-Y. Interprdtation Fonctionnelle et Elimination des Coupures de l'Arithmgtique d'Ordre Supdrieur. These de doctorat d'etat: Universite Paris VII: June 1972.

[8]

R. Harper: F. Honsell: and G. Plotkin. A framework for defining logics. Journal of the Association for Computing Machinery: 40(1):143-184: Jan. 1993.

Digital Library

[9]

R. Harrop. Concerning formulas of the types A -+ B V C: A --4 (Ex)B(x) in intuitionistic formal systems. Journal of Symbolic Logic: pages 27-32: 1960.

[10]

G. Huet. A unification algorithm for typed lambda calculus. Theoretical Computer Science: 1(1):27-57: 1973.

[11]

T. Lindholm and F. Yellin. The Java Virtual Machine Specification. The Java Series. Addison-Wesley, Reading: MA: USA: Jan. 1997.

Digital Library

[12]

Z. Luo and R. Pollack. The LEGO proof development system: A user's manual. Technical Report ECS-LFCS- 92-211: University of Edinburgh: May 1992.

[13]

S. Michaylov and F. Pfenning. An empirical study of the runtime behavior of higher-order logic programs. In D. Miller: editor: Proceedings of the Workshop on the \Prolog Programming Language: pages 257-271: July 1992. Available as Technical Report MS-CIS-92-86.

[14]

Microsoft Corporation. Proposal for authenticating code via the Internet. http://www.microsoft.com- /security/tech/authcode/authcode-f.htm: Apr. 1996.

[15]

D. Miller. A logic programming language with lambdaabstraction: function variables: and simple unification. Journal of Logic and Computation: 1(4):497-536: Sept. 1991.

[16]

G. Morrisett: D. Walker: K. Crary: and N. Glew. From system F to typed assembly language. ACM Transactions on Programming Languages and Systems: 21(3):527-568: May 1999.

Digital Library

[17]

G. Nadathur. A proof procedure for the logic of hereditary Harrop formulas. Journal of Automated Reasoning: 11(1):115-145: Aug. 1993.

[18]

G. Nadathur and D. Miller. Higher-order logic programming. In D. M. Gabbay, C. J. Hogger, and J. A. Robinson, editors, Handbook of Logic in Artificial Intelli9ence and Logic Programmin9, volume 5, chapter 8. Oxford University Press, 1998.

[19]

G. C. Necula. Proof-carrying code. In The 24th Annual ACM Symposium on Principles of Programming Languages, pages 106-119. ACM, Jan. 1997.

Digital Library

[20]

G. C. Necula. Compiling with Proofs. PhD thesis, Carnegie Mellon University, Sept. 1998. Also available as CMU-CS-98-154.

Digital Library

[21]

G. C. Necula and P. Lee. The design and implementation of a certifying compiler. In ACM SIGPLAN'98 Conference on Programming Language Design and Implementation, pages 333-344, June 1998.

Digital Library

[22]

G. C. Necula and P. Lee. Efficient representation and validation of proofs. In Thirteenth Annual Symposium on Logic in Computer Science, pages 93-104, Indianapolis, June 1998. IEEE Computer Society Press.

Digital Library

[23]

F. Pfenning. Logic programming in the LF logical framework. In G. Huet and G. Plotkin, editors, Logical Frameworks, pages 149-181. Cambridge University Press, 1991.

Digital Library

[24]

F. Pfenning. Elf: A meta-language for deductive systems (system description). In A. Bundy, editor, lZth International Conference on Automated Deduction, LNAI 814, pages 811-815, Nancy, France, June 26-July 1, 1994. Springer-Verlag.

Digital Library

[25]

R. Ramesh, I. V. Ramakrishnan, and D. S. Warren. Automata-driven indexing of Prolog clauses. Journal of Logic Programming, 23(2):151-202, May 1995.

[26]

J. C. Reynolds. Towards a theory of type structures. In Pro9rammin9 Symposium (Colloque sur la Programmation, Paris), volume 19 of Lecture Notes in Computer Science, pages 408-425. Springer-Verlag, Berlin, Heidelberg, and New York, 1974.

[27]

J. B. Wells. Typability and type-checking in the secondorder \-calculus are equivalent and undecidable. In Proceedings, Ninth Annual IEEE Symposium on Logic in Computer Science, pages 176-185, Paris, France, 4-7 July 1994. IEEE Computer Society Press.

Cited By

Chihani ZMiller DRenaud F(2017)A Semantic Framework for Proof EvidenceJournal of Automated Reasoning10.1007/s10817-016-9380-659:3(287-330)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s10817-016-9380-6
Miller D(2017)Proof checking and logic programmingFormal Aspects of Computing10.1007/s00165-016-0393-z29:3(383-399)Online publication date: 1-May-2017
https://dl.acm.org/doi/10.1007/s00165-016-0393-z
Jakobs MWehrheim H(2017)Compact Proof WitnessesNASA Formal Methods10.1007/978-3-319-57288-8_28(389-403)Online publication date: 9-Apr-2017
https://doi.org/10.1007/978-3-319-57288-8_28
Show More Cited By

Recommendations

Oracle-based checking of untrusted software

We present a variant of Proof-Carrying Code (PCC) in which the trusted inference rules are represented as a higherorder logic program, the proof checker is replaced by a nondeterministic higher-order logic interpreter and the proof by an oracle ...
Read More
Proof-checking metamathematics (theorem-proving)
Read More
Bounded model checking of high-integrity software
HILT '13: Proceedings of the 2013 ACM SIGAda annual conference on High integrity language technology

Model checking [5] is an automated algorithmic technique for exhaustive verification of systems, described as finite state machines, against temporal logic [9] specifications. It has been used successfully to verify hardware at an industrial scale [6]. ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

POPL '01: Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages

January 2001

304 pages

ISBN:1581133367

DOI:10.1145/360204

Chairmen:
Chris Hankin
Imperial College, London, U. K.
,
Dave Schmidt
Kansas State Univ., Manhattan

ACM SIGPLAN Notices Volume 36, Issue 3
March 2001
303 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/373243
Editors:
Cindy Norris
Appalachian State Univ., Boone, NC
,
James B. Fenwick
Appalachian State Univ., Boone, NC
Issue’s Table of Contents

Copyright © 2001 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 January 2001

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

POPL01

Sponsor:

POPL01: The 28th Annual ACM SIGPLAN/SIGACT Symposium on Principles of Programming Languages

London, United Kingdom

Acceptance Rates

POPL '01 Paper Acceptance Rate 24 of 126 submissions, 19%;

Overall Acceptance Rate 824 of 4,130 submissions, 20%

Upcoming Conference

POPL '25

Sponsor:
sigplan

The 52nd Annual ACM SIGPLAN Symposium on Principles of Programming Languages

January 19 - 25, 2025

Denver , CO , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

91
Total Citations
View Citations
397
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)1

Other Metrics

View Author Metrics

Citations

Cited By

Chihani ZMiller DRenaud F(2017)A Semantic Framework for Proof EvidenceJournal of Automated Reasoning10.1007/s10817-016-9380-659:3(287-330)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s10817-016-9380-6
Miller D(2017)Proof checking and logic programmingFormal Aspects of Computing10.1007/s00165-016-0393-z29:3(383-399)Online publication date: 1-May-2017
https://dl.acm.org/doi/10.1007/s00165-016-0393-z
Jakobs MWehrheim H(2017)Compact Proof WitnessesNASA Formal Methods10.1007/978-3-319-57288-8_28(389-403)Online publication date: 9-Apr-2017
https://doi.org/10.1007/978-3-319-57288-8_28
Stewart GBeringer LAppel A(2012)Verified heap theorem prover by paramodulationACM SIGPLAN Notices10.1145/2398856.236453147:9(3-14)Online publication date: 9-Sep-2012
https://dl.acm.org/doi/10.1145/2398856.2364531
Stewart GBeringer LAppel AThiemann PFindler R(2012)Verified heap theorem prover by paramodulationProceedings of the 17th ACM SIGPLAN international conference on Functional programming10.1145/2364527.2364531(3-14)Online publication date: 9-Sep-2012
https://dl.acm.org/doi/10.1145/2364527.2364531
Kennedy AVytiniotis D(2012)Every bit countsJournal of Functional Programming10.1017/S095679681200026322:4-5(529-573)Online publication date: 1-Aug-2012
https://dl.acm.org/doi/10.1017/S0956796812000263
Amtoft TDodds JZhang ZAppel ABeringer LHatcliff JOu XCousino A(2012)A certificate infrastructure for machine-checked proofs of conditional information flowProceedings of the First international conference on Principles of Security and Trust10.1007/978-3-642-28641-4_20(369-389)Online publication date: 24-Mar-2012
https://dl.acm.org/doi/10.1007/978-3-642-28641-4_20
Henglein FNielsen LBall TSagiv M(2011)Regular expression containmentProceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages10.1145/1926385.1926429(385-398)Online publication date: 26-Jan-2011
https://dl.acm.org/doi/10.1145/1926385.1926429
Henglein FNielsen L(2011)Regular expression containmentACM SIGPLAN Notices10.1145/1925844.192642946:1(385-398)Online publication date: 26-Jan-2011
https://dl.acm.org/doi/10.1145/1925844.1926429
Pirzadeh HDubé DHamou-Lhadj A(2010)An extended proof-carrying code framework for security enforcementTransactions on computational science XI10.5555/1985653.1985666(249-269)Online publication date: 1-Jan-2010
https://dl.acm.org/doi/10.5555/1985653.1985666
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents