ProofCarrying Code - PowerPoint PPT Presentation

About This Presentation
Title:

ProofCarrying Code

Description:

The 'Proof-Carrying Code' paper is an extension on Tuesday's presentation on ... Can Professor Simha trust me that my code is safe to run on his computer? ... – PowerPoint PPT presentation

Number of Views:67
Avg rating:3.0/5.0
Slides: 28
Provided by: Stu6164
Category:

less

Transcript and Presenter's Notes

Title: ProofCarrying Code


1
Proof-Carrying Code Proof-Carrying
Authentication
  • Stuart Pickard CSCI 297
  • June 2, 2005

2
Papers
Proof-Carrying Code George C. Necula. POPL97,
January 1997. Proof-Carrying Authentication
Andrew W. Appel and Edward W. Felten. 6th ACM
Conference on Computer and Communications
Security, November 1999.
3
The Proof-Carrying Code paper is an extension
on Tuesdays presentation on Certifying
Compilers. However, the Proof-Carrying
Authentication is a new topic that uses similar
logic to Proof-Carrying Code to prove the right
of authentication.
4
Proof-Carrying Code (quick review)
Prof. Simha
Stuart
code
proof
Can Professor Simha trust me that my code is safe
to run on his computer?
5
Diagram from Proof-Carrying Code paper
6
The Basic ideas of the paper
  • General Proof Carrying Technique With Specific
    Implementations
  • Safety Policy
  • Safety Proofs
  • Validation of Safety Proofs

7
The implementation in the paper uses First-Order
Predicate Logic as a basis to formalize the
safety policy. The safety rules are expressed as
a Floyd-style verification condition
generator When given a program and a set of
preconditions and postconditions the system can
produce a verification condition predicate (VC)
in FirstOrder Logic. If the VC can be proven
using the proof rules associated with the logic,
then the program satisfies the safety
invariants. If the VC cannot be proven, then the
program does not satisfy the safety invariants
and is unsafe to run.
8
So what is First-Order Predicate Logic?
  • First-order predicate calculus or first-order
    logic (FOL) permits the formulation of quantified
    statements such as "there exists an x such
    that..."
  • In our case The statements that need to be
    quantified are the annotated lines of code where
    type verification is needed.

9
The Typing Rules
10
Theorem 3.1
  • Any program with a valid verification condition
    starting in a state that satisfies the
    preconditions will only reference valid memory
    locations
  • Theorem For any program ?, set of invariants Inv
  • and postcondition Post such that ?0 INV Pre, if
  • ?VC (?, Inv, Post) and the initial state
    satisfies the
  • precondition Pre, then the program reads only
    from
  • valid memory locations as they are defined by the
  • typing rules, and if it terminates, it does so in
    a state
  • satisfying the postcondition.

11
Theorem 3.2 Corollary
  • These theorems can be used to help prove adequacy
    of the first-order logic to guarantee type safety
    as defined by the safety policy

12
Recap of Paper
  • Proof-Carrying code is a mechanism to allow code
    users to be guaranteed safe code in regards to
    their safety policy.
  • The main contribution of the paper was the fact
    that they implemented a system of program
    verification using certification (creating the
    proof on the code producer side) and proof
    validation (on the code user side)

13
Paper number 2
Proof-Carrying Authentication
  • Main Idea Say for example a client desired
    access to a server, but needed to be
    authenticated. The authors are purposing a
    strategy, analogous to Proof-Carrying Code, that
    makes the user construct a proof that shows they
    should have access. The server then verifies
    correctness of the proof and lets the user proceed

14
Proof-Carrying Authentication
Check Proof
proof
Access?
Grant Access
15
Example of Proof-Carrying Authentication Protocol
  • Suppose Stuart wanted to access an email server
    named GWU. The server receives a request from
    Stuart to read Stuarts email. GWUs control
    list says that Stuart can read his email.
  • But is the request really from Stuart?
  • How do we solve this?

16
Add a Certificate Authority
  • The server GWU trusts the CA to guarantee
    key-to-name bindings, and the server also knows
    the CAs public key.
  • Stuart then obtains a certificate signed by CAs
    private key that says Ks is Stuarts public
    key. Stuart then signs the message read
    Stuarts email with his private key.
  • With this information GWU can safely grant the
    request to read Stuarts email.

17
Constructing the Proof
  • The server GWU starts with the following
    assumptions
  • A1 trustedCA(CA)
  • A2 keybind(Kc, CA)
  • A3 Stuart controls read Stuarts email
  • With these assumptions published to Stuart,
    Stuart can prove to the server GWU that he should
    be able to read his email using high-order logic.

18
Proof
19
How the Proof is checked
  • First check the two digital signatures to
    establish the fact that Ks signed read Stuarts
    email and Kc signed the keybind(Ks, S)
  • From assumption A1 we can prove C controls
    keybind(Ks, S) by the lemma trustedCA_e.
  • From A2 and a digital signature we prove
    C(keybind(Ks, S)) by the keybind_e lemma.

20
Proof Check continued
  • Now from the last two results (C controls
    keybind(Ks, S) and C(keybind(Ks, S))) we prove
    keybind(Ks, S) by the controls_e lemma.
  • From this result and a signature we prove S(read
    Stuarts email) by the keybind_e lemma.
  • Finally, from assumption A3 and S(read Stuarts
    email) we prove read Stuarts email by
    controls_e.
  • Thus, the server GWU authenticates the user
    Stuart and allows him access to his email

21
Note All parts of the proof need to be true/
checked in order for authentication to occur
22
Advantages
  • Just like Proof-Carrying Code, the burden is
    placed on one side.
  • It is easy to check a proof, but hard to create a
    proof.
  • The user takes the burden and leaves the server
    to perform the easy proof checking

23
Implementation of previous example in Twelf
  • Twelf is an implementation of the Edinburgh
    Logical Framework.
  • A standard way of representing this protocol is
    needed and the code on the next slide is an
    example of the standard used in this paper.

24
Twelf representation
25
Overview
  • Overall, this example has shown that higher-order
    logic can be used for authentication purposes
  • The proofs can be small and not too difficult to
    create.
  • Also, proof checking is easy in comparison to
    proof creation.

26
Sources
  • George C. Necula. Proof-Carrying Code POPL97,
    January 1997.
  • Andrew W. Appel and Edward W. Felten.
    Proof-Carrying Authentication 6th ACM Conference
    on Computer and Communications Security, November
    1999.
  • Peter Lee http//www-2.cs.cmu.edu/Groups/fox/paper
    s/necula-osdi96/node2.html Tue Sep 17 153744
    EDT 1996

27
Discussion
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "ProofCarrying Code" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!