The auction evaluation algorithm can be introduced to SAM in three ways:
The evaluation algorithm is published before the auction starts as part of the auction advertisement. The signed auction advertisement needs to bind the evaluation algorithm to the auction. This binding can be achieved with many techniques, such as having the auction controller include a hash of the program, or even the full source, in the auction specification.
The evaluation algorithm can be written in a specification language which will then be interpreted by an interpreter in the auction controller. Alternatively, the evaluation algorithm can be in a real program such as Java bytecode or C program. In any case, the language that the evaluation algorithm is specified in needs to be well restricted in the sense that it is guaranteed that a valid evaluation algorithm cannot do anything bad such as manipulate the bids table. Many solutions can be possible, such as simple sand-boxing. Architectures such as Java 1.2 may provide an avenue to address this problem. We also need to make sure the correctness of the implementation of the specification language in the sense that the implementation matches the specification. Covert channels can also be an issue.
Also the implementation of the evaluation algorithm needs to be correct. This can either be checked by the auction participants since the program is published, or be verified by a trusted third party.
It is an interesting research question how to design this specification language or a subset of an existing programming language such as Java or C to evaluate bids. (Of course, the question of how to safely and securely sandbox downloaded programs is an area of ongoing research in the broader community.)