A Trustworthy Proof Checker

Andrew W. Appel; Neophytos Michael; Aaron Stump; Roberto Virga

doi:10.1023/b:jars.0000021013.61329.58

A Trustworthy Proof Checker

Andrew W. Appel, Neophytos Michael, Aaron Stump, Roberto Virga

Research output: Contribution to journal › Article › peer-review

21 Scopus citations

Abstract

Proof-carrying code (PCC) and other applications in computer security require machine-checkable proofs of properties of machine-language programs. The main advantage of the PCC approach is that the amount of code that must be explicitly trusted is very small: it consists of the logic in which predicates and proofs are expressed, the safety predicate, and the proof checker. We have built a minimal proof checker, and we explain its design principles and the representation issues of the logic, safety predicate, and safety proofs. We show that the trusted computing base (TCB) in such a system can indeed be very small. In our current system the TCB is less than 2,700 lines of code (an order of magnitude smaller even than other PCC systems), which adds to our confidence of its correctness.

Original language	English (US)
Pages (from-to)	231-260
Number of pages	30
Journal	Journal of Automated Reasoning
Volume	31
Issue number	3-4
DOIs	https://doi.org/10.1023/b:jars.0000021013.61329.58
State	Published - 2003

All Science Journal Classification (ASJC) codes

Software
Computational Theory and Mathematics
Artificial Intelligence

Keywords

Proof checker
Proof-carrying code

Access to Document

10.1023/b:jars.0000021013.61329.58

Cite this

@article{895869ae57aa481880eef5e8aa6846b2,

title = "A Trustworthy Proof Checker",

abstract = "Proof-carrying code (PCC) and other applications in computer security require machine-checkable proofs of properties of machine-language programs. The main advantage of the PCC approach is that the amount of code that must be explicitly trusted is very small: it consists of the logic in which predicates and proofs are expressed, the safety predicate, and the proof checker. We have built a minimal proof checker, and we explain its design principles and the representation issues of the logic, safety predicate, and safety proofs. We show that the trusted computing base (TCB) in such a system can indeed be very small. In our current system the TCB is less than 2,700 lines of code (an order of magnitude smaller even than other PCC systems), which adds to our confidence of its correctness.",

keywords = "Proof checker, Proof-carrying code",

author = "Appel, {Andrew W.} and Neophytos Michael and Aaron Stump and Roberto Virga",

year = "2003",

doi = "10.1023/b:jars.0000021013.61329.58",

language = "English (US)",

volume = "31",

pages = "231--260",

journal = "Journal of Automated Reasoning",

issn = "0168-7433",

publisher = "Springer Netherlands",

number = "3-4",

}

TY - JOUR

T1 - A Trustworthy Proof Checker

AU - Appel, Andrew W.

AU - Michael, Neophytos

AU - Stump, Aaron

AU - Virga, Roberto

PY - 2003

Y1 - 2003

N2 - Proof-carrying code (PCC) and other applications in computer security require machine-checkable proofs of properties of machine-language programs. The main advantage of the PCC approach is that the amount of code that must be explicitly trusted is very small: it consists of the logic in which predicates and proofs are expressed, the safety predicate, and the proof checker. We have built a minimal proof checker, and we explain its design principles and the representation issues of the logic, safety predicate, and safety proofs. We show that the trusted computing base (TCB) in such a system can indeed be very small. In our current system the TCB is less than 2,700 lines of code (an order of magnitude smaller even than other PCC systems), which adds to our confidence of its correctness.

AB - Proof-carrying code (PCC) and other applications in computer security require machine-checkable proofs of properties of machine-language programs. The main advantage of the PCC approach is that the amount of code that must be explicitly trusted is very small: it consists of the logic in which predicates and proofs are expressed, the safety predicate, and the proof checker. We have built a minimal proof checker, and we explain its design principles and the representation issues of the logic, safety predicate, and safety proofs. We show that the trusted computing base (TCB) in such a system can indeed be very small. In our current system the TCB is less than 2,700 lines of code (an order of magnitude smaller even than other PCC systems), which adds to our confidence of its correctness.

KW - Proof checker

KW - Proof-carrying code

UR - http://www.scopus.com/inward/record.url?scp=1942420162&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=1942420162&partnerID=8YFLogxK

U2 - 10.1023/b:jars.0000021013.61329.58

DO - 10.1023/b:jars.0000021013.61329.58

M3 - Article

AN - SCOPUS:1942420162

SN - 0168-7433

VL - 31

SP - 231

EP - 260

JO - Journal of Automated Reasoning

JF - Journal of Automated Reasoning

IS - 3-4

ER -

A Trustworthy Proof Checker

Abstract

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this