Spelling suggestions: "subject:"ofcarrying core"" "subject:"toolcarrying core""
1 |
Probabilistic Proof-carrying CodeSharkey, Michael Ian 17 April 2012 (has links)
Proof-carrying code is an application of software verification techniques to the problem of ensuring the safety of mobile code. However, previous proof-carrying code systems have assumed that mobile code will faithfully execute the instructions of the program. Realistic implementations of computing systems are susceptible to probabilistic behaviours that can alter the execution of a program in ways that can result in corruption or security breaches. We investigate the use of a probabilistic bytecode language to model deterministic programs that are executed on probabilistic computing systems. To model probabilistic safety properties, a probabilistic logic is adapted to out bytecode instruction language, and soundness is proven. A sketch of a completeness proof of the logic is also shown.
|
2 |
Probabilistic Proof-carrying CodeSharkey, Michael Ian 17 April 2012 (has links)
Proof-carrying code is an application of software verification techniques to the problem of ensuring the safety of mobile code. However, previous proof-carrying code systems have assumed that mobile code will faithfully execute the instructions of the program. Realistic implementations of computing systems are susceptible to probabilistic behaviours that can alter the execution of a program in ways that can result in corruption or security breaches. We investigate the use of a probabilistic bytecode language to model deterministic programs that are executed on probabilistic computing systems. To model probabilistic safety properties, a probabilistic logic is adapted to out bytecode instruction language, and soundness is proven. A sketch of a completeness proof of the logic is also shown.
|
3 |
Probabilistic Proof-carrying CodeSharkey, Michael Ian January 2012 (has links)
Proof-carrying code is an application of software verification techniques to the problem of ensuring the safety of mobile code. However, previous proof-carrying code systems have assumed that mobile code will faithfully execute the instructions of the program. Realistic implementations of computing systems are susceptible to probabilistic behaviours that can alter the execution of a program in ways that can result in corruption or security breaches. We investigate the use of a probabilistic bytecode language to model deterministic programs that are executed on probabilistic computing systems. To model probabilistic safety properties, a probabilistic logic is adapted to out bytecode instruction language, and soundness is proven. A sketch of a completeness proof of the logic is also shown.
|
4 |
Strong-DISM: A First Attempt to a Dynamically Typed Assembly Language (D-TAL)Hernandez, Ivory 03 November 2017 (has links)
Dynamically Typed Assembly Language (D-TAL) is not only a lightweight and effective solution to the gap generated by the drop in security produced by the translation of high-level language instructions to low-level language instructions, but it considerably eases up the burden generated by the level of complexity required to implement typed assembly languages statically. Although there are tradeoffs between the static and dynamic approaches, focusing on a dynamic approach leads to simpler, easier to reason about, and more feasible ways to understand deployment of types over monomorphically-typed or untyped intermediate languages. On this occasion, DISM, a simple but powerful and mature untyped assembly language, is extended by the addition of type annotations (on memory and registers) to produce an instance of D-TAL. Strong-DISM, the resulting language, statically, lends itself to simpler analysis about type access and security as the correlation between datatypes and instructions with their respective memory and registers becomes simpler to observe; while dynamically, it disallows operations and further eliminates conditions that from high level languages could be used to violate/circumvent security.
|
5 |
[en] TECHNIQUES FOR THE USE OF HOARE LOGIC IN PCC / [pt] TÉCNICAS PARA O USO DO CÁLCULO DE HOARE EM PCCJULIANA CARPES IMPERIAL 22 January 2004 (has links)
[pt] Atualmente, a maioria dos programas para computadores é
obtida através da WEB. Como muitas vezes a procedência
são fontes desconhecidas, é preciso se certificar de que
o código se comporta como o esperado. A solução ideal
seria verificar o código contra uma especificação de
políticas de segurança ,contudo, isso pode consumir muito
tempo.Uma outra alternativa é fazer com que o próprio
código prove ser seguro. O conceito de proof-carryng code
(PCC)é baseado nessa idéia : um programa carrega consigo
uma prova de sua conformidade com certas políticas de
segurança. Ou seja ,ele carrega uma prova a respeito de
propriedades do próprio código. Portanto, os mesmos
métodos froamsi usados para a verificação de programs
podem se utilizados para esta tecnolgia. Considerando
este fato,neste trabalho é estudado como cálculo de
Hoare, em método formal para realizar a verificação de
programas, aplicado a códigos-fonte escritos em uma
linguagem de programação imperativa, pode ser útil
á tecnica de PCC. Conseqüentemente, são pesquisados
métodos para a geração de provas de correção de programas
utilizando o método citado, para tornar possível a
geração de provas de segurança para PCC utilizando o
cálculo de Hoare. / [en] Nowdays most computer programs are obtained from the
WEB. Since their source is usually unknown, it is necessary
to be sure that the code of the program behaves as
expected.The ideal solution would be verify the code
against a specification of safety policies.However, this
can take too much time.Another approach is making the code
itself prove that it is safe. The concept os proof-carryng
code (PCC) is based on this idea: a program carries a proof
of its conformity with certain safety policies. That is ,
it carries a proof cencerning properties related to the
code itself. Therefore, the same formal methods employed in
formal verification of programs can be used in this
tecnology. Due to this fact, in this work it is studied how
Hoare logic applied to source codes written in an
imperative programming language, which is a formal methods
are researched to generate proofs of program correctness
using the method explained, so that it can be possible to
generate PCC safety programs with Hoare logic.
|
6 |
Abstract Certification of Java Programs in Rewriting LogicAlba Castro, Mauricio Fernando 28 November 2011 (has links)
In this thesis we propose an abstraction based certification technique for Java programs which is based on rewriting logic, a very general logical and semantic framework efficiently implemented in the functional programming language Maude. We focus on safety properties, i.e. properties of a system that are defined in terms of certain events not happening, which we characterize as unreachability problems in rewriting logic. The safety policy is expressed in the style of JML, a standard property specification language for Java modules.
In order to provide a decision procedure, we enforce finite-state models of programs by using abstract interpretation.
Starting from a specification of the Java semantics written in Maude, we develop an abstraction based,
finite-state operational semantics also written in Maude which is appropriate for program verification.
As a by-product of the verification based on abstraction, a dependable safety certificate is delivered which consists of a set of rewriting proofs that can be easily checked by the code consumer by using a standard rewriting logic engine. The abstraction based proof-carrying code technique, called JavaPCC, has been implemented and successfully tested on several examples, which demonstrate the feasibility of our approach.
We analyse local properties of Java methods: i.e. properties of methods regarding their parameters and results. We also study global confidentiality properties of complete Java classes, by initially considering non--interference and, then, erasure with and without non--interference. Non--interference is a semantic program property that assigns confidentiality levels to data objects and prevents illicit information flows from occurring from high to low security levels. In this thesis, we present a novel security model for global non--interference which approximates non--interference as a safety property. / Alba Castro, MF. (2011). Abstract Certification of Java Programs in Rewriting Logic [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/13617
|
Page generated in 0.0925 seconds