The source is the proof

Authors:
Vivek Haldar;Christian H. Stork;Michael Franz
Affiliations:
University of California, Irvine, CA;University of California, Irvine, CA;University of California, Irvine, CA
Venue:
Proceedings of the 2002 workshop on New security paradigms
Year:
2002

Citing 10
Cited 5

Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Slim binaries

Communications of the ACM
The design and implementation of a certifying compiler

PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Compressing Java class files

Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Escape analysis for Java

Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A certifying compiler for Java

PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Automated data-member layout of heap objects to improve memory-hierarchy performance

ACM Transactions on Programming Languages and Systems (TOPLAS)
Model-Carrying Code (MCC): a new paradigm for mobile-code security

Proceedings of the 2001 workshop on New security paradigms
Java Virtual Machine Specification

Java Virtual Machine Specification
Foundational Proof-Carrying Code

LICS '01 Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science

A portable Virtual Machine target for Proof-Carrying Code

Proceedings of the 2003 workshop on Interpreters, virtual machines and emulators
Interactive and Probabilistic Proof of Mobile Code Safety

Automated Software Engineering
A portable virtual machine target for proof-carrying code

Science of Computer Programming - Special issue on advances in interpreters, virtual machines and emulators (IVME'03)
Verifying data flow optimizations for just-in-time compilation

Verifying data flow optimizations for just-in-time compilation
Functional pearl: every bit counts

Proceedings of the 15th ACM SIGPLAN international conference on Functional programming

Quantified Score

Hi-index	0.00

Visualization

Abstract

We challenge the apparent consensus for using bytecode verification and techniques related to proof-carrying code for mobile code security. We propose an alternative to these two techniques that transports programs at a much higher level of abstraction. Our high-level encoding can achieve safe end-to-end transport of program source semantics. Moreover, our encoding is safe by construction, in the sense that unsafe programs cannot even be expressed in it. We contrast our encoding with certifying compilation and bytecode-based approaches, and describe how it overcomes some of their deficiencies.