Abstract

Since its conception, Proof-Carrying Code (PCC) woke up the interest of the research community and several methods based on this technique were developed. This technique guarantees that untrusted programs run safely in a host machine. In a PCC framework, the code producer equips the produced code with a formal proof establishing that the code satisfy the consumer's security policies. So, the code consumer only needs to verify such proof before the execution of the mobile code.

On the other hand, static analysis is a technique useful for the production of the information required to construct the mentioned proof.This framework uses a high-level intermediate language to verify the security of the code. Acontrol flow graph or an abstract syntax tree with type annotations could be used. Such intermediate representations of the code enable us to use static analysis techniques to generate and verify the type information needed.

<< back