[cap-talk] Backwater: some small progress

Fred Spiessens fred at evoluware.eu
Mon Apr 30 05:21:34 EDT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Op 29-apr-07, om 02:55 heeft Matej Kosik het volgende geschreven:

> I like the idea that applications (in my case untrusted modules)  
> should declare the authority they need in order to be able to what  
> is expected from them. I would like to evaluate SCOLL, whether it  
> can be used for these purposes, if it can bring something that is  
> not obvious. I am far from that now yet, because the two problems I  
> mentioned in my previous mail

Hi Matej,

It was (is) my intention to use SCOLL for exactly that purpose.

 From seciion 11.4.1 of my thesis: "SCOLL Carrying Code"
In analogy to abstraction carrying code [HALGP05] and model carrying  
code [SRRS01],  source code could also be adorned with a SCOLL model  
and a proof that the model  safely approximates the actual code. A  
simple and fast automated inspection of the proof would reveal its  
validity: whether the SCOLL model is indeed a safe approximation of  
the program. Integration of several such programs would result in a  
composed SCOLL model of which we can immediately inspect the safety  
properties.
The approach could provide automated acceptance or rejection of a  
software component to be integrated into existing software.
- -----

Unfortunately, SCOLLAR would need to improve its scalability to be  
practically applicable in this domain. I am sorry to say that I did  
not make any progress at all recently. I  still hope I will find the  
time in my professional environment to do so soon. Maybe the  
following references can give you a better idea about the feasibility.

- -----
[HALGP05]
Manuel V. Hermenegildo, Elvira Albert, Pedro  López-García, and  
Germán Puebla,. Abstraction carrying code and resource-awareness. In  
PPDP ’05: Proceedings of the 7th
ACM SIGPLAN international conference on Principles and practice of  
declarative programming, pages 1–11, New York, NY, USA, 2005. ACM  
Press. 11.4.1

[SRRS01] R. Sekar, C. R. Ramakrishnan, I. V. Ramakrishnan, and S. A.  
Smolka.  Model-carrying code (mcc): a new paradigm for mobile-code  
security. In NSPW ’01: Proceedings of the 2001 workshop on New  
security paradigms, pages 23–30, New York, NY, USA, 2001. ACM Press.  
11.4.1
- -----

BTW, very interesting line of research!

cheers,
Fred.


- ---------------------
Fred Spiessens
IT Research & Consultancy
Evoluware
http://www.evoluware.eu/



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)

iD8DBQFGNbUfSWNhOKhPVF0RAhCDAKCmXPOAY5mtZbVO/J/zrYPjx3q0WACfcpbz
P4IQm+KFykdZoiJkLayhcT8=
=M42w
-----END PGP SIGNATURE-----

More information about the cap-talk mailing list