“…Our proposed binary-rewriter implementation will be based on SPoX (Security Policy XML) (Hamlen, 2008), which we developed to enforce declarative, XML-based, IRM policies for Java byte code programs. In order to provide strong security guarantees for our system, we will apply automated software verification technologies, including type and model-checking, which we have previously used to certify the output of binary-rewriters (Hamlen, 2006;DeVries, 2009). Such certification allows a small, trusted verifier to independently prove that rewritten binary code satisfies the original security policy, thereby shifting the comparatively larger binaryrewriter out of the trusted computing base of the system…”