Principles of database and knowledge-base systems, Vol. I
Principles of database and knowledge-base systems, Vol. I
Extracting &ohgr;'s programs from proofs in the calculus of constructions
POPL '89 Proceedings of the 16th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A framework for defining logics
Journal of the ACM (JACM)
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From system F to typed assembly language
ACM Transactions on Programming Languages and Systems (TOPLAS)
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
PVS: A Prototype Verification System
CADE-11 Proceedings of the 11th International Conference on Automated Deduction: Automated Deduction
COLOG '88 Proceedings of the International Conference on Computer Logic
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Foundational Proof-Carrying Code
LICS '01 Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Cryptographic security architecture design and verification
Cryptographic security architecture design and verification
Interactive Theorem Proving and Program Development
Interactive Theorem Proving and Program Development
By Reason and Authority: A System for Authorization of Proof-Carrying Code
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Formal certification of a compiler back-end or: programming a compiler with a proof assistant
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Policies and proofs for code auditing
ATVA'07 Proceedings of the 5th international conference on Automated technology for verification and analysis
| Hi-index | 0.01 |
In previous work we have proposed a distributed security logic for authorizing code. To gain assurance about the correctness of the implementation of our system, we now present a series of security logics of increasing expressive power leading up to our logic. We encode each logic in Coq, develop an algorithm for deciding queries, and prove properties about the algorithm in Coq. By using Coq's automatic extraction mechanism, we are able to gain a high assurance about the resulting reference monitor implementations. Following this strategy yields reference monitors fully certified at the source code level for Datalog, Binder, Binder with a general extension mechanism, and a logic that combines Binder and the calculus of co-inductive constructions.