Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
Policies and Proofs for Code Auditing Nathan Whitehead1
 

Summary: Policies and Proofs for Code Auditing
Nathan Whitehead1
, Jordan Johnson1
, and Mart´in Abadi1,2
1
University of California, Santa Cruz
2
Microsoft Research
Abstract. Both proofs and trust relations play a role in security deci-
sions, in particular in determining whether to execute a piece of code.
We have developed a language, called BCIC, for policies that combine
proofs and trusted assertions about code. In this paper, using BCIC, we
suggest an approach to code auditing that bases auditing decisions on
logical policies and tools.
1 Introduction
Deciding to execute a piece of software can have substantial security implica-
tions. Accordingly, a variety of criteria and techniques have been proposed and
deployed for making such decisions. These include the use of digital signatures (as
in ActiveX [12]) and of code analysis (as in typed low-level languages [5,9,10]).
The digital signatures can be the basis of practical policies that reflect trust

  

Source: Abadi, Martín - Department of Computer Science, University of California at Santa Cruz

 

Collections: Computer Technologies and Information Sciences