Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

A Trustworthy Proof Checker Andrew W. Appel and Neophytos Michael

Summary: A Trustworthy Proof Checker
Andrew W. Appel and Neophytos Michael
Princeton University
Aaron Stump
Washington University in St. Louis
Roberto Virga
Princeton Universixxty
Abstract. Proof-Carrying Code (PCC) and other applications in computer security require
machine-checkable proofs of properties of machine-language programs. The main advantage
of the PCC approach is that the amount of code that must be explicitly trusted is very small: it
consists of the logic in which predicates and proofs are expressed, the safety predicate, and the
proof checker. We have built a minimal proof checker, and we explain its design principles,
and the representation issues of the logic, safety predicate, and safety proofs. We show that
the trusted computing base (TCB) in such a system can indeed be very small. In our current
system the TCB is less than 2,700 lines of code (an order of magnitude smaller even than other
PCC systems) which adds to our confidence of its correctness.
1. Introduction
Machine-verified proofs have applications in computer security, program ver-
ification, and the formalization of mathematics. We are particularly interested
in security applications such as proof-carrying code, in which an untrusted


Source: Appel, Andrew W. - Department of Computer Science, Princeton University


Collections: Computer Technologies and Information Sciences