An Introduction so that Proof-Carrying Code David Walker Princeton Universi

 www.phwiki.com

 

The Above Picture is Related Image of Another Journal

 

An Introduction so that Proof-Carrying Code David Walker Princeton Universi

California College of Podiatric Medicine, US has reference to this Academic Journal, An Introduction so that Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker) Motivation Extensible systems can be more flexible in addition to more efficient than client-server interaction client server client-server Motivation Extensible systems can be more flexible in addition to more efficient than client-server interaction extensible system client server client-server extension host

 Christian Goulding, Susan California College of Podiatric Medicine www.phwiki.com

 

Related University That Contributed for this Journal are Acknowledged in the above Image

 

Example: Deep-Space Onboard Analysis Source: NASA Jet Propulsion Lab Bandwidth: < 1KB/sec Latency: > hours Data: > 10MB/sec Note: efficiency (cycles, bandwidth) safety critical operation More Examples of Extensible Systems Device driver Operating system Applet Web browser Loaded procedure Database server DCOM Component DCOM client ? Code Concerns Regarding Extensibility Safety in addition to reliability concerns How so that protect the host from the extensions ? Extensions of unknown origin ) potentially malicious Extensions of known origin ) potentially erroneous Complexity concerns How can we do this without having so that trust a complex infrastructure? Performance concerns How can we do this without compromising performance? Other concerns (not addressed here) How so that ensure privacy in addition to authenticity? How so that protect the component from the host?

Approaches so that Component Safety Digital signatures Run-time monitoring in addition to checking Bytecode verification Proof-carrying code Assurance Support: Digital Signatures Example properties: ?Microsoft produced this software? ?Verisoft tested the software alongside test suite 17? No direct connection alongside program semantics Microsoft recently recommended that Microsoft be removed from one?s list of trusted code signers Code Run-Time Monitoring in addition to Checking A monitor detects attempts so that violate the safety policy in addition to stops the execution Hardware-enforced memory protection Software fault isolation (sandboxing) Java stack inspection Code Monitor Relatively simple; effective in consideration of many properties Either inflexible or expensive on its own

Why do a PhD? What is a PhD? Some Reasons More Reasons Some people?s reasons Some people?s reasons What so that expect What qualifications do you need? Reasons so that do a PhD Why not do a PhD? Some Figures about PhDs in addition to employment What do PhDs do? How so that choose a PhD? Where so that look in consideration of a PhD Books

Java Bytecode Code JVM bytecode Relatively simple; overall an excellent idea Large trusted computing base commercial, optimizing JIT: 200,000-500,000 LOC when is the last time you wrote a bug-free 200,000 line program? Java-specific; somewhat limited policies Code Compiler Proof-carrying code JVM bytecode Proof Code Compiler Flexible interfaces like the JVM model Small trusted computing base (minimum of 3000 LOC) Can be somewhat more language/policy independent Building an optimizing, type-preserving compiler is much harder than building an ordinary compiler Proof-carrying code JVM bytecode Proof Code Compiler Question: Isn?t it hard, perhaps impossible, so that check properties of assembly language?

Proof-carrying code JVM bytecode Proof Code Compiler Question: Isn?t it hard, perhaps impossible, so that check properties of assembly language? Actually, no, not really, provided we have a proof so that guide the checker. Proof-Carrying Code: An Analogy Proof-carrying code JVM bytecode Proof Code Compiler Question: Well, aren?t you just avoiding the real problem then? Isn?t it extremely hard so that generate the proof?

Proof-carrying code JVM bytecode Proof Code Compiler Question: Well, aren?t you just avoiding the real problem then? Isn?t it extremely hard so that generate the proof? Yes. But there is a trick. PCC + Type-Preserving Compilation JVM bytecode Proof Types Code Compiler Types Compiler The trick: we fool the programmer into doing our proof in consideration of us! We convince them so that program in a typesafe language. We design our compiler so that translate the typing derivation into a proof of safety We can always make this work in consideration of type safety properties Good Things About PCC Someone else does the really hard work (the compiler writer) Hard so that prove safety but easy so that check a proof Research over the last 5-10 years indicates we can produce proofs of type safety properties in consideration of assembly language Requires minimal trusted infrastructure Trust proof checker but not the compiler Again, recent research shows PCC TCB can be as small as ~3000 LOC Agnostic so that how the code in addition to proof are produced Not compiler specific; Hand-optimized code is Ok Can be much more general than the JVM type system Only limited by the logic that is used (and we can use very general logics) Coexists peacefully alongside cryptography Signatures are a syntactic checksum Proofs are a semantic checksum (see Appel & Felten?s proof-carrying authorization)

The Different Flavors of PCC Type Theoretic PCC [Morrisett, Walker, et al. 1998] source-level types are translated into low-level types in consideration of machine language or assembly language programs the proof of safety is a typing derivation that is verified by a type checker Logical PCC [Necula, Lee, 1996, 1997] low-level types are encoded as logical predicates a verification-condition generator runs over the program in addition to emits a theorem, which if true, implies the safety of the program the proof of safety is a proof of this theorem Foundational PCC [Appel et al. 2000] the semantics of the machine is encoded directly in logic a type system in consideration of the machine is built up directly from the machine semantics in addition to proven correct using a general-purpose logic (eg: higher-order logic) the total TCB is approximately 3000 LOC The Common Theme Every general-purpose system in consideration of proof carrying code relies upon a type system in consideration of checking low-level program safety why? building a proof of safety in consideration of low-level programs is hard success depends upon being able so that structure these proofs in a uniform, modular fashion types provide the framework in consideration of developing well-structured safety proofs In the following lectures, we will study the low-level typing mechanisms that are the basis in consideration of powerful systems of proof carrying code

Christian Goulding, Susan Host

Christian Goulding, Susan is from United States and they belong to Host and work for Dr. Bob Martin Show – KGME-AM, The in the AZ state United States got related to this Particular Article.

Journal Ratings by California College of Podiatric Medicine

This Particular Journal got reviewed and rated by and short form of this particular Institution is US and gave this Journal an Excellent Rating.