Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Policies and Proofs for Code Auditing Nathan Whitehead1

Summary: Policies and Proofs for Code Auditing
Nathan Whitehead1
, Jordan Johnson1
, and Mart´in Abadi1,2
University of California, Santa Cruz
Microsoft Research
Abstract. Both proofs and trust relations play a role in security deci-
sions, in particular in determining whether to execute a piece of code.
We have developed a language, called BCIC, for policies that combine
proofs and trusted assertions about code. In this paper, using BCIC, we
suggest an approach to code auditing that bases auditing decisions on
logical policies and tools.
1 Introduction
Deciding to execute a piece of software can have substantial security implica-
tions. Accordingly, a variety of criteria and techniques have been proposed and
deployed for making such decisions. These include the use of digital signatures (as
in ActiveX [12]) and of code analysis (as in typed low-level languages [5,9,10]).
The digital signatures can be the basis of practical policies that reflect trust


Source: Abadi, Martín - Department of Computer Science, University of California at Santa Cruz


Collections: Computer Technologies and Information Sciences