Results 1  10
of
518
ProofCarrying Code
, 1997
"... This paper describes proofcarrying code (PCC), a mechanism by which a host system can determine with certainty thatitissafetoexecute a program supplied (possibly in binary form) by anuntrusted source. For this to be possible, the untrusted code producer must supply with the code a safety proof that ..."
Abstract

Cited by 1090 (24 self)
 Add to MetaCart
This paper describes proofcarrying code (PCC), a mechanism by which a host system can determine with certainty thatitissafetoexecute a program supplied (possibly in binary form) by anuntrusted source. For this to be possible, the untrusted code producer must supply with the code a safety proof that attests to the code's adherence to a previously de ned safety policy. The host can then easily and quickly validate the proof without using cryptography and without consulting any external agents. In order to gain preliminary experience with PCC, we have performed several case studies. We showinthis paper how proofcarrying code mightbeusedtodevelop safe assemblylanguage extensions of ML programs. In the context of this case study, we present and prove the adequacy of concrete representations for the safety policy, the safety proofs, and the proof validation. Finally, we brie y discuss how we use proofcarrying code to develop network packet lters that are faster than similar lters developed using other techniques and are formally guaranteed to be safe with respect to a given operating system safety policy.
System Description: Twelf  A MetaLogical Framework for Deductive Systems
 Proceedings of the 16th International Conference on Automated Deduction (CADE16
, 1999
"... . Twelf is a metalogical framework for the specification, implementation, and metatheory of deductive systems from the theory of programming languages and logics. It relies on the LF type theory and the judgmentsastypes methodology for specification [HHP93], a constraint logic programming interp ..."
Abstract

Cited by 314 (49 self)
 Add to MetaCart
. Twelf is a metalogical framework for the specification, implementation, and metatheory of deductive systems from the theory of programming languages and logics. It relies on the LF type theory and the judgmentsastypes methodology for specification [HHP93], a constraint logic programming interpreter for implementation [Pfe91], and the metalogic M2 for reasoning about object languages encoded in LF [SP98]. It is a significant extension and complete reimplementation of the Elf system [Pfe94]. Twelf is written in Standard ML and runs under SML of New Jersey and MLWorks on Unix and Window platforms. The current version (1.2) is distributed with a complete manual, example suites, a tutorial in the form of online lecture notes [Pfe], and an Emacs interface. Source and binary distributions are accessible via the Twelf home page http://www.cs.cmu.edu/~twelf. 1 The Twelf System The Twelf system is a tool for experimentation in the theory of programming languages and logics. It supports...
Logic Programming in a Fragment of Intuitionistic Linear Logic
"... When logic programming is based on the proof theory of intuitionistic logic, it is natural to allow implications in goals and in the bodies of clauses. Attempting to prove a goal of the form D ⊃ G from the context (set of formulas) Γ leads to an attempt to prove the goal G in the extended context Γ ..."
Abstract

Cited by 303 (40 self)
 Add to MetaCart
When logic programming is based on the proof theory of intuitionistic logic, it is natural to allow implications in goals and in the bodies of clauses. Attempting to prove a goal of the form D ⊃ G from the context (set of formulas) Γ leads to an attempt to prove the goal G in the extended context Γ ∪ {D}. Thus during the bottomup search for a cutfree proof contexts, represented as the lefthand side of intuitionistic sequents, grow as stacks. While such an intuitionistic notion of context provides for elegant specifications of many computations, contexts can be made more expressive and flexible if they are based on linear logic. After presenting two equivalent formulations of a fragment of linear logic, we show that the fragment has a goaldirected interpretation, thereby partially justifying calling it a logic programming language. Logic programs based on the intuitionistic theory of hereditary Harrop formulas can be modularly embedded into this linear logic setting. Programming examples taken from theorem proving, natural language parsing, and data base programming are presented: each example requires a linear, rather than intuitionistic, notion of context to be modeled adequately. An interpreter for this logic programming language must address the problem of splitting contexts; that is, when attempting to prove a multiplicative conjunction (tensor), say G1 ⊗ G2, from the context ∆, the latter must be split into disjoint contexts ∆1 and ∆2 for which G1 follows from ∆1 and G2 follows from ∆2. Since there is an exponential number of such splits, it is important to delay the choice of a split as much as possible. A mechanism for the lazy splitting of contexts is presented based on viewing proof search as a process that takes a context, consumes part of it, and returns the rest (to be consumed elsewhere). In addition, we use collections of Kripke interpretations indexed by a commutative monoid to provide models for this logic programming language and show that logic programs admit a canonical model.
A logic programming language with lambdaabstraction, function variables, and simple unification
 Extensions of Logic Programming. Springer Lecture Notes in Artificial Intelligence
, 1990
"... A meta programming language must be able to represent and manipulate such syntactic structures as programs, formulas, types, and proofs. A common characteristic of all these structures is that they involve notions of abstractions, scope, bound and free variables, substitution instances, and equality ..."
Abstract

Cited by 287 (24 self)
 Add to MetaCart
A meta programming language must be able to represent and manipulate such syntactic structures as programs, formulas, types, and proofs. A common characteristic of all these structures is that they involve notions of abstractions, scope, bound and free variables, substitution instances, and equality up to alphabetic changes of bound variables.
Foundational ProofCarrying Code
, 2001
"... Proofcarrying code is a framework for the mechanical verification of safety properties of machine language programs, but the problem arises of quis custodiat ipsos custodeswho will verify the verifier itself? Foundational proofcarrying code is verification from the smallest possible set of axio ..."
Abstract

Cited by 229 (9 self)
 Add to MetaCart
Proofcarrying code is a framework for the mechanical verification of safety properties of machine language programs, but the problem arises of quis custodiat ipsos custodeswho will verify the verifier itself? Foundational proofcarrying code is verification from the smallest possible set of axioms, using the simplest possible verifier and the smallest possible runtime system. I will describe many of the mathematical and engineering problems to be solved in the construction of a foundational proofcarrying code system.
A Linear Logical Framework
, 1996
"... We present the linear type theory LLF as the forAppeared in the proceedings of the Eleventh Annual IEEE Symposium on Logic in Computer Science  LICS'96 (E. Clarke editor), pp. 264275, New Brunswick, NJ, July 2730 1996. mal basis for a conservative extension of the LF logical framework. LLF c ..."
Abstract

Cited by 215 (44 self)
 Add to MetaCart
We present the linear type theory LLF as the forAppeared in the proceedings of the Eleventh Annual IEEE Symposium on Logic in Computer Science  LICS'96 (E. Clarke editor), pp. 264275, New Brunswick, NJ, July 2730 1996. mal basis for a conservative extension of the LF logical framework. LLF combines the expressive power of dependent types with linear logic to permit the natural and concise representation of a whole new class of deductive systems, namely those dealing with state. As an example we encode a version of MiniML with references including its type system, its operational semantics, and a proof of type preservation. Another example is the encoding of a sequent calculus for classical linear logic and its cut elimination theorem. LLF can also be given an operational interpretation as a logic programming language under which the representations above can be used for type inference, evaluation and cutelimination. 1 Introduction A logical framework is a formal system desig...
Logic Programming in the LF Logical Framework
, 1991
"... this paper we describe Elf, a metalanguage intended for environments dealing with deductive systems represented in LF. While this paper is intended to include a full description of the Elf core language, we only state, but do not prove here the most important theorems regarding the basic building b ..."
Abstract

Cited by 175 (50 self)
 Add to MetaCart
this paper we describe Elf, a metalanguage intended for environments dealing with deductive systems represented in LF. While this paper is intended to include a full description of the Elf core language, we only state, but do not prove here the most important theorems regarding the basic building blocks of Elf. These proofs are left to a future paper. A preliminary account of Elf can be found in [26]. The range of applications of Elf includes theorem proving and proof transformation in various logics, definition and execution of structured operational and natural semantics for programming languages, type checking and type inference, etc. The basic idea behind Elf is to unify logic definition (in the style of LF) with logic programming (in the style of Prolog, see [22, 24]). It achieves this unification by giving types an operational interpretation, much the same way that Prolog gives certain formulas (Hornclauses) an operational interpretation. An alternative approach to logic programming in LF has been developed independently by Pym [28]. Here are some of the salient characteristics of our unified approach to logic definition and metaprogramming. First of all, the Elf search process automatically constructs terms that can represent objectlogic proofs, and thus a program need not construct them explicitly. This is in contrast to logic programming languages where executing a logic program corresponds to theorem proving in a metalogic, but a metaproof is never constructed or used and it is solely the programmer's responsibility to construct objectlogic proofs where they are needed. Secondly, the partial correctness of many metaprograms with respect to a given logic can be expressed and proved by Elf itself (see the example in Section 5). This creates the possibilit...
ProofCarrying Authentication
 In Proceedings of the 6th ACM Conference on Computer and Communications Security
, 1999
"... We have designed and implemented a general and powerful distributed authentication framework based on higherorder logic. Authentication frameworks  including Taos, SPKI, SDSI, and X.509  have been explained using logic. We show that by starting with the logic, we can implement these framework ..."
Abstract

Cited by 173 (6 self)
 Add to MetaCart
We have designed and implemented a general and powerful distributed authentication framework based on higherorder logic. Authentication frameworks  including Taos, SPKI, SDSI, and X.509  have been explained using logic. We show that by starting with the logic, we can implement these frameworks, all in the same concise and efficient system. Because our logic has no decision procedure  although proof checking is simple  users of the framework must submit proofs with their requests.
Rewriting Logic as a Logical and Semantic Framework
, 1993
"... Rewriting logic [72] is proposed as a logical framework in which other logics can be represented, and as a semantic framework for the specification of languages and systems. Using concepts from the theory of general logics [70], representations of an object logic L in a framework logic F are und ..."
Abstract

Cited by 147 (52 self)
 Add to MetaCart
Rewriting logic [72] is proposed as a logical framework in which other logics can be represented, and as a semantic framework for the specification of languages and systems. Using concepts from the theory of general logics [70], representations of an object logic L in a framework logic F are understood as mappings L ! F that translate one logic into the other in a conservative way. The ease with which such maps can be defined for a number of quite different logics of interest, including equational logic, Horn logic with equality, linear logic, logics with quantifiers, and any sequent calculus presentation of a logic for a very general notion of "sequent," is discussed in detail. Using the fact that rewriting logic is reflective, it is often possible to reify inside rewriting logic itself a representation map L ! RWLogic for the finitely presentable theories of L. Such a reification takes the form of a map between the abstract data types representing the finitary theories of...