proof-carrying code for mobile code security

7/29/2019 Proof-Carrying Code for Mobile Code Security

1/15

1

Guided By:

Prof. M. M. Naoghare

Presented By:

Piyush R.Chahande


2/15

CONTENTS

Mobile code safety

Proof carrying code

PCC architecture

PCC & computation techniques

PCC Advantages & limitations

Conclusion Bibliography

2"Proof Carrying Code For Mobile Code Security"


3/15

INTRODUCTION

Mobile code is code which traverses through the network

in its Life time and executes at the destination machine.

Proof carrying code is a technique by which a host canverify the code adheres to a predefined set of safety

rules. These rules (safety policy) are chosen by the host

in such way that they are sufficient guarantees for safe

behavior of mobile code programs. The key idea behind

proof-carrying code is that the code producer is required

to create a formal safety proof that assets to the fact that

that the code respects the defined safety policy.



4/15

MOBILE CODE SAFETY

About Mobile Code

Mobile Code Safety

Types Of Attacks

CheckCryptographic Security

Security Threats

Trojan Horse Concept

sum Security



5/15

PROOF CARRYING CODE

(OVERVIEW)



6/15

PROOF CARRYING CODE

Implementation

A formal specification of language.

A formal semantics of language used by

untrusted code.

A language used to express proofs.

An algorithm for validating proofs.

A method for the safety proofs.



7/15

ARCHITECTURE

PCC architectureLogic to describe allowable agent.

Function specification.

The PCC process.

Linear logical framework

VC Generator



8/15

COMPUTATION TECHNIQUE



9/15

COMPUTATION TECHNIQUE

Privacy Of Computation

Cryptography Based Integrity Proof.

Holographic Proof.

Function Hiding.



10/15

ADVANTAGES

For codeconsumer its very fast &simple.

He doesnt have to trust proof generation

process.PCC programs are tamperproof.

PCC programs are Self Certifying

Untrusted code is verified statically.



11/15

LIMITATIONS

Theorems proving is time consuming.

PCC only verifies program code.

Though tasks are to the client side users.

Size of proof may be concern in practice.



12/15

CONCLUSION

Potential way to solve security problem of mobile code ingeneral.

It possesses the whole target code beforehand so thattheoretically it can analyze the code for any security

requirements including safety properties. guarantees its theoretical soundness. If a program can pass

PCC verification, there is absolutely no hole for theimposed policies.

This also brings a drawback: a security policy is notenforceable if it cannot be expressed in some logic, and asafe program cannot pass PCC verification if its safety isnot provable.



13/15

BIBLIOGRAPHY

[1] Peter Lee & George Necula,Research on Proof-

carrying Code for Mobile Code Security, Carrige

Mellon University, Pennylvaivia 15213.

[2] Mark Plesko and Frank Pfenning,A Formalization

of the PCC Architecture in a Linear Logical

Framework, Department of Computer Science,

Carnegie Mellon University.[3] Sergio Loureiro, Refik Molva and Yves

Roudier,Mobile Code Security, Institute Eurecom



14/15



15/15

"Proof Carrying Code For Mobile CodeSecurity" 15

proof-carrying code for mobile code security

Documents