A framework for execution of secure mobile code based on static analysis
| Autor Principal: | |
|---|---|
| Otros autores o Colaboradores: | , , , |
| Formato: | Capítulo de libro |
| Lengua: | inglés |
| Series: | ^p Datos electrónicos (1 archivo : 355 KB)
|
| Temas: | |
| Acceso en línea: | ieeexplore.ieee.org/ielx5/9447/29997/01372105.pdf?arnumber1372105 Consultar en el Cátalogo |
| Resumen: | Since its conception, Proof-Carrying Code (PCC) woke up the interest of the research community and several methods based on this technique were developed. This technique guarantees that untrusted programs run safely in a host machine. In a PCC framework, the code producer equips the produced code with a formal proof establishing that the code satisfy the consumer’s security policies. So, the code consumer only needs to verify such proof before the execution of themobile code.On the other hand, static analysis is a technique useful for the production of the information required to construct the mentioned proof. Based on these two techniques, PCC and static analysis, we developed a framework that guarantees the safe execution of mobile code. This framework uses a high-level intermediate language to verify the security of the code. Acontrol flow graph or an abstract syntax tree with type annotations could be used. Such intermediate representations of the code enable us to use static analysis techniques to generate and verify the type information needed.Moreover, we implemented a prototype as a proof of concept for our framework. -- Keywords: Mobile Code, Proof-Carrying Code, Certifying Compilation, Security Properties, Automated Program Verification. |
| Notas: | Formato de archivo: PDF. -- Este documento es producción intelectual de la Facultad de Informática-UNLP (Colección BIPA / Biblioteca.) -- Disponible también en línea (Cons. 06/03/2009) |