程序执行的可信分布式认证

IF 5.6 1区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

IEEE Transactions on Software Engineering Pub Date : 2025-02-13 DOI:10.1109/TSE.2025.3541810

Alex Wolf;Marco Edoardo Palma;Pasquale Salza;Harald C. Gall

{"title":"程序执行的可信分布式认证","authors":"Alex Wolf;Marco Edoardo Palma;Pasquale Salza;Harald C. Gall","doi":"10.1109/TSE.2025.3541810","DOIUrl":null,"url":null,"abstract":"Verifying the execution of a program is complicated and often limited by the inability to validate the code's correctness. It is a crucial aspect of scientific research, where it is needed to ensure the reproducibility and validity of experimental results. Similarly, in customer software testing, it is difficult for customers to verify that their specific program version was tested or executed at all. Existing state-of-the-art solutions, such as hardware-based approaches, constraint solvers, and verifiable computation systems, do not provide definitive proof of execution, which hinders reliable testing and analysis of program results. In this paper, we propose an innovative approach that combines a prototype programming language called Mona with a certification protocol OCCP to enable the distributed and decentralized re-execution of program segments. Our protocol allows for certification of program segments in a distributed, immutable, and trustworthy system without the need for naive re-execution, resulting in significant improvements in terms of time and computational resources used. We also explore the use of blockchain technology to manage the protocol workflow following other approaches in this space. Our approach offers a promising solution to the challenges of program execution verification and opens up opportunities for further research and development in this area. Our findings demonstrate the efficiency of our approach in reducing the number of program executions by up to 20-fold, while maintaining resilience against various malicious attacks compared to existing state-of-the-art methods, thus improving the efficiency of certifying program executions. Additionally, our approach handles up to 40% malicious workers effectively, showcasing resilience in detecting and mitigating malicious behavior. In the <small>EquivalentRegistersAttack</small> scenario, it successfully identifies divergent executions even when register values and results appear identical. Moreover, our findings highlight improvements in time and gas efficiency for longer-running problems (scaled with a multiplier of <inline-formula><tex-math>$1{,}000$</tex-math></inline-formula>) compared to baseline methods. Specifically, adopting an informed step size reduces execution time by up to 43-fold and gas costs by up to 12-fold compared to the baseline. Similarly, the informed step size approach reduces execution time by up to 6-fold and gas costs by up to 26-fold compared to a non-informed variation using a step size of <inline-formula><tex-math>$1{,}000$</tex-math></inline-formula>.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 4","pages":"1134-1152"},"PeriodicalIF":5.6000,"publicationDate":"2025-02-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Trustworthy Distributed Certification of Program Execution\",\"authors\":\"Alex Wolf;Marco Edoardo Palma;Pasquale Salza;Harald C. Gall\",\"doi\":\"10.1109/TSE.2025.3541810\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Verifying the execution of a program is complicated and often limited by the inability to validate the code's correctness. It is a crucial aspect of scientific research, where it is needed to ensure the reproducibility and validity of experimental results. Similarly, in customer software testing, it is difficult for customers to verify that their specific program version was tested or executed at all. Existing state-of-the-art solutions, such as hardware-based approaches, constraint solvers, and verifiable computation systems, do not provide definitive proof of execution, which hinders reliable testing and analysis of program results. In this paper, we propose an innovative approach that combines a prototype programming language called Mona with a certification protocol OCCP to enable the distributed and decentralized re-execution of program segments. Our protocol allows for certification of program segments in a distributed, immutable, and trustworthy system without the need for naive re-execution, resulting in significant improvements in terms of time and computational resources used. We also explore the use of blockchain technology to manage the protocol workflow following other approaches in this space. Our approach offers a promising solution to the challenges of program execution verification and opens up opportunities for further research and development in this area. Our findings demonstrate the efficiency of our approach in reducing the number of program executions by up to 20-fold, while maintaining resilience against various malicious attacks compared to existing state-of-the-art methods, thus improving the efficiency of certifying program executions. Additionally, our approach handles up to 40% malicious workers effectively, showcasing resilience in detecting and mitigating malicious behavior. In the <small>EquivalentRegistersAttack</small> scenario, it successfully identifies divergent executions even when register values and results appear identical. Moreover, our findings highlight improvements in time and gas efficiency for longer-running problems (scaled with a multiplier of <inline-formula><tex-math>$1{,}000$</tex-math></inline-formula>) compared to baseline methods. Specifically, adopting an informed step size reduces execution time by up to 43-fold and gas costs by up to 12-fold compared to the baseline. Similarly, the informed step size approach reduces execution time by up to 6-fold and gas costs by up to 26-fold compared to a non-informed variation using a step size of <inline-formula><tex-math>$1{,}000$</tex-math></inline-formula>.\",\"PeriodicalId\":13324,\"journal\":{\"name\":\"IEEE Transactions on Software Engineering\",\"volume\":\"51 4\",\"pages\":\"1134-1152\"},\"PeriodicalIF\":5.6000,\"publicationDate\":\"2025-02-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Software Engineering\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10884710/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Software Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10884710/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

摘要

验证程序的执行是复杂的，而且常常由于无法验证代码的正确性而受到限制。它是科学研究的一个重要方面，需要确保实验结果的可重复性和有效性。类似地，在客户软件测试中，客户很难验证他们特定的程序版本是否被测试或执行。现有的最先进的解决方案，如基于硬件的方法、约束求解器和可验证的计算系统，不能提供执行的明确证明，这阻碍了对程序结果的可靠测试和分析。在本文中，我们提出了一种创新的方法，将称为Mona的原型编程语言与认证协议OCCP相结合，以实现程序段的分布式和分散重新执行。我们的协议允许在分布式、不可变和可信的系统中对程序段进行认证，而不需要简单的重新执行，从而在时间和计算资源使用方面得到显着改善。我们还探索了区块链技术的使用，以遵循该领域的其他方法来管理协议工作流。我们的方法为程序执行验证的挑战提供了一个有前途的解决方案，并为该领域的进一步研究和开发开辟了机会。我们的研究结果表明，与现有的最先进的方法相比，我们的方法可以有效地将程序执行次数减少20倍，同时保持对各种恶意攻击的弹性，从而提高认证程序执行的效率。此外，我们的方法可以有效地处理高达40%的恶意工作者，展示了检测和减轻恶意行为的弹性。在EquivalentRegistersAttack场景中，即使寄存器值和结果看起来相同，它也能成功识别不同的执行。此外，我们的研究结果强调了与基线方法相比，在时间和气体效率方面对长期运行问题的改进（以1{，}000$的乘数进行缩放）。具体来说，与基线相比，采用明智的步长可将执行时间减少43倍，天然气成本减少12倍。同样，与步长为$1{,}000$的非知情变化相比，知情步长方法可将执行时间减少多达6倍，气体成本减少多达26倍。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Trustworthy Distributed Certification of Program Execution

Verifying the execution of a program is complicated and often limited by the inability to validate the code's correctness. It is a crucial aspect of scientific research, where it is needed to ensure the reproducibility and validity of experimental results. Similarly, in customer software testing, it is difficult for customers to verify that their specific program version was tested or executed at all. Existing state-of-the-art solutions, such as hardware-based approaches, constraint solvers, and verifiable computation systems, do not provide definitive proof of execution, which hinders reliable testing and analysis of program results. In this paper, we propose an innovative approach that combines a prototype programming language called Mona with a certification protocol OCCP to enable the distributed and decentralized re-execution of program segments. Our protocol allows for certification of program segments in a distributed, immutable, and trustworthy system without the need for naive re-execution, resulting in significant improvements in terms of time and computational resources used. We also explore the use of blockchain technology to manage the protocol workflow following other approaches in this space. Our approach offers a promising solution to the challenges of program execution verification and opens up opportunities for further research and development in this area. Our findings demonstrate the efficiency of our approach in reducing the number of program executions by up to 20-fold, while maintaining resilience against various malicious attacks compared to existing state-of-the-art methods, thus improving the efficiency of certifying program executions. Additionally, our approach handles up to 40% malicious workers effectively, showcasing resilience in detecting and mitigating malicious behavior. In the EquivalentRegistersAttack scenario, it successfully identifies divergent executions even when register values and results appear identical. Moreover, our findings highlight improvements in time and gas efficiency for longer-running problems (scaled with a multiplier of

$1{,}000$

) compared to baseline methods. Specifically, adopting an informed step size reduces execution time by up to 43-fold and gas costs by up to 12-fold compared to the baseline. Similarly, the informed step size approach reduces execution time by up to 6-fold and gas costs by up to 26-fold compared to a non-informed variation using a step size of

$1{,}000$

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Software Engineering 工程技术-工程：电子与电气

CiteScore

9.70

自引率

10.80%

发文量

724

审稿时长

6 months

期刊介绍： IEEE Transactions on Software Engineering seeks contributions comprising well-defined theoretical results and empirical studies with potential impacts on software construction, analysis, or management. The scope of this Transactions extends from fundamental mechanisms to the development of principles and their application in specific environments. Specific topic areas include: a) Development and maintenance methods and models: Techniques and principles for specifying, designing, and implementing software systems, encompassing notations and process models. b) Assessment methods: Software tests, validation, reliability models, test and diagnosis procedures, software redundancy, design for error control, and measurements and evaluation of process and product aspects. c) Software project management: Productivity factors, cost models, schedule and organizational issues, and standards. d) Tools and environments: Specific tools, integrated tool environments, associated architectures, databases, and parallel and distributed processing issues. e) System issues: Hardware-software trade-offs. f) State-of-the-art surveys: Syntheses and comprehensive reviews of the historical development within specific areas of interest.