A framework for execution of secure mobile code based on static analysis

Since its conception, proof-carrying code (PCC) woke up the interest of the research community and several methods based on this technique were developed. This technique guarantees that untrusted programs run safely in a host machine. In a PCC framework, the code producer equips the produced code with a formal proof establishing that the code satisfies the consumer´s security policies. So, the code consumer only needs to verify such proof before the execution of the mobile code. On the other hand, static analysis is a technique useful for the production of the information required to construct the mentioned proof. Based on these two techniques, PCC and static analysis, we developed a framework that guarantees the safe execution of mobile code. This framework uses a high-level intermediate language to verify the security of the code. A control flow graph or an abstract syntax tree with type annotations could be used. Such intermediate representations of the code enable us to use static analysis techniques to generate and verify the type information needed. Moreover, we implemented a prototype as a proof of concept for our framework.