Summary: Policies and Proofs for Code Auditing
, Jordan Johnson1
, and Mart´in Abadi1,2
University of California, Santa Cruz
Abstract. Both proofs and trust relations play a role in security deci-
sions, in particular in determining whether to execute a piece of code.
We have developed a language, called BCIC, for policies that combine
proofs and trusted assertions about code. In this paper, using BCIC, we
suggest an approach to code auditing that bases auditing decisions on
logical policies and tools.
Deciding to execute a piece of software can have substantial security implica-
tions. Accordingly, a variety of criteria and techniques have been proposed and
deployed for making such decisions. These include the use of digital signatures (as
in ActiveX ) and of code analysis (as in typed low-level languages [5,9,10]).
The digital signatures can be the basis of practical policies that reflect trust