Refinement types for secure implementations

Refinement types for secure implementations (2008)

Cached

Download Links

Other Repositories/Bibliography

DBLP

by Jesper Bengtson , Karthikeyan Bhargavan , Cédric Fournet , Sergio Maffeis , Andrew D. Gordon

Venue:	In 21st IEEE Computer Security Foundations Symposium (CSF’08
Citations:	43 - 14 self

BibTeX

@INPROCEEDINGS{Bengtson08refinementtypes,
    author = {Jesper Bengtson and Karthikeyan Bhargavan and Cédric Fournet and Sergio Maffeis and Andrew D. Gordon},
    title = {Refinement types for secure implementations},
    booktitle = {In 21st IEEE Computer Security Foundations Symposium (CSF’08},
    year = {2008},
    pages = {17--32},
    publisher = {IEEE}
}

Bookmark

OpenURL

Abstract

We present the design and implementation of a typechecker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. The underlying type theory is a λ-calculus equipped with refinement types for expressing pre- and post-conditions within first-order logic. We derive formal cryptographic primitives and represent active adversaries within the type theory. Well-typed programs enjoy assertion-based security properties, with respect to a realistic threat model including key compromise. The implementation amounts to an enhanced typechecker for the general purpose functional language F#; typechecking generates verification conditions that are passed to an SMT solver. We describe a series of checked examples. This is the first tool to verify authentication properties of cryptographic protocols by typechecking their source code. 1

Citations

1130	Random oracles are practical: A paradigm for designing efficient protocols - Bellare, Rogaway - 1993
783	Using encryption for authentication in large networks of computers - Needham, Schroeder - 1978
699	A.D.: A calculus for cryptographic protocols: The Spi calculus - Abadi, Gordon - 1997
455	Extended static checking for Java - Flanagan, Leino, et al.
380	The Spec# programming system: An overview - Barnett, Leino, et al. - 2005
379	Jflow: practical mostly-static information flow control - Myers - 1999
332	Prudent engineering practice for cryptographic protocols - Abadi, Needham - 1990
315	A calculus for access control in distributed systems - Abadi, Burrows, et al. - 1993
296	Simplify: a theorem prover for program checking - Detlefs, Nelson, et al.
278	Lambda-calculus notation with nameless dummies: a tool for automatic formula manipulation with application to the Church-Rosser theorem - Bruijn - 1972
272	Dependent types in practical programming - Xi, Pfenning - 1999
244	Z3: An efficient SMT solver - Moura, Bjørner - 2008
228	Typing and subtyping for mobile processes - Pierce, Sangiorgi - 1996
221	Secrecy by typing in security protocols - Abadi - 1999
191	Information flow inference for ML - Pottier, Simonet - 2002
186	An Efficient Cryptographic Protocol Verifier Based on Prolog Rules - Blanchet - 2001
186	Java security: From HotJava to Netscape and beyond - Dean, Felten, et al. - 1996
160	Isabelle: A Generic Theorem Prover, volume 828 - Paulson - 1994
157	Logic and Computation: Interactive proof with Cambridge LCF - Paulson - 1987
151	Refinement types for ML - Freeman, Pfenning - 1991
150	Reasoning about programs in continuation-passing style - Sabry, Felleisen - 1993
138	Semantics of Programming Languages - Gunter - 1993
135	Implementing mathematics with the Nuprl proof development system - Constable, Allen, et al. - 1986
131	A semantic model for authentication protocols - Woo, Lam - 1993
123	Intuitionistic type theory. Bibliopolis - Martin-Löf - 1984
118	Elements of Intuitionism - Dummett - 1977
97	Authenticity by typing for security protocols - Gordon, Jeffrey - 2003
89	Access control based on execution history - Abadi, Fournet - 2003
83	Analyzing security protocols with secrecy types and logic programs - Abadi, Blanchet - 2002
64	ESC/Java2: Uniting ESC/Java and JML - Cok, Kiniry - 2004
62	S.: Engineering formal metatheory - Aydemir, Charguéraud, et al. - 2008
59	Dependent types - Aspinall, Hofmann - 2005
58	Types and effects for asymmetric cryptographic protocols - Gordon, Jeffrey - 2004
56	Multi-prover verification of C programs - Filliâtre, Marché - 2004
53	A computationally sound mechanized prover for security protocols - Blanchet - 2006
52	Access control in a core calculus of dependency - Abadi
48	Links: web programming without tiers - Cooper, Lindley, et al. - 2007
47	A compositional logic for proving security properties of protocols - Durgin, Mitchell, et al.
44	Automated Verification of Selected Equivalences for Security Protocols - Blanchet, Abadi, et al. - 2005
44	Protection in programming languages - Morris - 1973
38	Verified Interoperable Implementations of Security Protocols - Bhargavan, Fournet, et al. - 2008
37	A type discipline for authorization policies - Fournet, Gordon, et al. - 1986
37	Fable: A language for enforcing user-defined security policies - Swamy, Corcoran, et al. - 2008
31	Subtypes for specifications: Predicate subtyping in PVS - Rushby, Owre, et al. - 1998
28	Typechecking dependent types and subtypes - Cardelli - 1988
28	A bisimulation for dynamic sealing - Sumii, Pierce - 2004
28	Evidence-based audit - Vaughan, Jia, et al. - 2008
27	Cryptographic protocol analysis on real C code - Goubault-Larrecq, Parrennes - 2005
27	Aura: a programming language for authorization and audit - Jia, Vaughan, et al.
26	Sage: Hybrid checking for flexible specifications - Gronski, Knowles, et al. - 2006