Objective
The use of mobile code in a global environment aggravates existing security problems and presents altogether new ones, one of which is the maintenance of bounds on quantitative resources. Without some technological foundations for providing such guarantees, global computing will be confined to applications where malfunction due to resource bound violation is accepted as normal and has little consequence. With more serious applications, resource awareness will be a crucial asset. This project aims at developing the infrastructure needed to endow mobile code with independently verifiable certificates describing resource behaviour. These certificates will be condensed and formalised mathematical proofs of a resource-related property, which are by their very nature self-evident and un-forgeable. Arbitrarily complex methods may be used to construct these certificates, but their verification will always be a simple computation.
DESCRIPTION OF WORK
This project aims at developing the infrastructure needed to endow mobile code with independently verifiable certificates describing resource behaviour. These certificates will be condensed and formalised mathematical proofs of a resource-related property, which are by their very nature self-evident and un-forgeable. Arbitrarily complex methods may be used to construct these certificates, but their verification will always be a simple computation.
The work plan consists of the following central tasks:
1. Define expressive formalised resource policy (cost models);
2. Define notions of independently verifiable certificate (resource sensitive program logic with proof objects);
3. Foundations for efficient generation of certificates (type systems, identification of useful programmer annotations);
4. Foundations for alternatives to generation of full certificates (proof-theoretic compression, probabilistically checkable proofs, game-theoretic approaches).
Where appropriate, each foundational task is accompanied by a prototype implementation and case studies.
In addition, the project includes the following separate engineering-oriented tasks:
1. Design of runtime environment including virtual machine, byte code, implemented program logic;
2. Design and implementation of a high-level programming language in which to write resource-certified code;
3. Generation and integrated use of formalised certificates;
4. Parameterisation by arbitrary runtime environment.
The deliverables are research papers describing our solutions to foundational problems and a working prototype which will be made available as free downloadable software.
Fields of science
Not validated
Not validated
Call for proposal
Data not availableFunding Scheme
CSC - Cost-sharing contractsCoordinator
EH8 9YL EDINBURGH
United Kingdom