Proofware: establishing trustworthy computing through programming with proofs

Proofware：通过证明编程建立可信计算

• 批准号: 298177-2012
• 负责人: Pientka, Brigitte
• 金额: $ 2.04万
• 依托单位: McGill University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2015
• 资助国家: 加拿大
• 起止时间: 2015-01-01 至 2016-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=571444
• 关键词: Proofware; establishing; trustworthy; computing; through; Proofware; establishing; trustworthy; computing; through

Software systems are an integral part of our infrastructure and our society more and more depends on them: Software monitors medical devices, manages our financial assets, and controls power plants. But as consumers take more and more advantage of online services, they are also becoming more concerned about whether their personal information, such as financial and medical records, are kept safe. If computing is to become truly ubiquitous, we will have to make software systems and services sufficiently trustworthy that people do not worry about its fallibility or unreliability the way they do today. Proof-carrying architectures for trustworthy computing advocate establishing trust by verifying compliance of the software with a formal safety policy. However, existing programming environments are inadequate to track and verify complex safety properties about programs. This is a major obstacle for this paradigm to become mainstream. The Proofware project aims to change the way we develop and implement software systems by extending a general purpose programming language with the ability to directly represent, generate, and manipulate proof certificates. The objectives are: Design a foundation for certifying programs based on dependent types, build a proof-of-concept programming environment where proofs are seamlessly integrated into programs, and evaluate its effectiveness in two main areas, certified meta-programming and meta-reasoning. Our goal is twofold: 1) to make it routine work for the programmer to specify and mechanically verify complex behavioral properties of their programs and ensure that these properties are preserved during compilation. 2) to make it common practice to communicate, exchange, and verify proofs to establish trust and guarantee reliability and safety of software systems and services.

软件系统是我们基础设施不可或缺的一部分，我们的社会越来越依赖于它们：软件监视医疗设备，管理我们的金融资产并控制发电厂。但是，随着消费者越来越多地利用在线服务，他们也越来越关注他们的个人信息（例如财务和医疗记录）是否保持安全。如果计算变得真正无处不在，我们将不得不使软件系统和服务充分值得信赖，以至于人们不必像今天这样担心其谬误或不可靠性。 通过正式的安全政策验证软件的合规性来建立信任，以提供可信赖的计算架构来建立信任。 但是，现有的编程环境不足以跟踪和验证有关程序的复杂安全性。这是该范式成为主流的主要障碍。 验证软件项目旨在通过扩展具有直接表示，生成和操纵证明证书的能力的通用编程语言来改变我们开发和实施软件系统的方式。 目标是：设计基础，用于根据依赖类型进行认证计划，建立概念验证的编程环境，在该环境中，证明证明是无缝集成到程序中的，并在两个主要领域评估了其有效性，并认证的元编程和元结构。 我们的目标是双重的：1）使程序员常规工作，以指定和机械地验证程序的复杂行为属性，并确保在编译过程中保留这些属性。 2）使沟通，交换和验证证据以建立信任和保证软件系统和服务的可靠性以及安全性。