31,089 research outputs found
Programming and Proving with Distributed Protocols
Distributed systems play a crucial role in modern infrastructure, but are notoriously difficult to
implement correctly. This difficulty arises from two main challenges: (a) correctly implementing
core system components (e.g., two-phase commit), so all their internal invariants hold, and (b)
correctly composing standalone system components into functioning trustworthy applications (e.g.,
persistent storage built on top of a two-phase commit instance). Recent work has developed several
approaches for addressing (a) by means of mechanically verifying implementations of core distributed
components, but no methodology exists to address (b) by composing such verified components into
larger verified applications. As a result, expensive verification efforts for key system components are
not easily reusable, which hinders further verification efforts.
In this paper, we present Disel, the first framework for implementation and compositional
verification of distributed systems and their clients, all within the mechanized, foundational context
of the Coq proof assistant. In Disel, users implement distributed systems using a domain specific
language shallowly embedded in Coq and providing both high-level programming constructs as well
as low-level communication primitives. Components of composite systems are specified in Disel as
protocols, which capture system-specific logic and disentangle system definitions from implementation
details. By virtue of Disel’s dependent type system, well-typed implementations always satisfy
their protocols’ invariants and never go wrong, allowing users to verify system implementations
interactively using Disel’s Hoare-style program logic, which extends state-of-the-art techniques for
concurrency verification to the distributed setting. By virtue of the substitution principle and frame
rule provided by Disel’s logic, system components can be composed leading to modular, reusable
verified distributed systems.
We describe Disel, illustrate its use with a series of examples, outline its logic and metatheory,
and report on our experience using it as a framework for implementing, specifying, and verifying
distributed systems
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
Programming with Quantum Communication
This work develops a formal framework for specifying, implementing, and
analysing quantum communication protocols. We provide tools for developing
simple proofs and analysing programs which involve communication, both via
quantum channels and exhibiting the LOCC (local operations, classical
communication) paradigm
Computer-aided proofs for multiparty computation with active security
Secure multi-party computation (MPC) is a general cryptographic technique
that allows distrusting parties to compute a function of their individual
inputs, while only revealing the output of the function. It has found
applications in areas such as auctioning, email filtering, and secure
teleconference. Given its importance, it is crucial that the protocols are
specified and implemented correctly. In the programming language community it
has become good practice to use computer proof assistants to verify correctness
proofs. In the field of cryptography, EasyCrypt is the state of the art proof
assistant. It provides an embedded language for probabilistic programming,
together with a specialized logic, embedded into an ambient general purpose
higher-order logic. It allows us to conveniently express cryptographic
properties. EasyCrypt has been used successfully on many applications,
including public-key encryption, signatures, garbled circuits and differential
privacy. Here we show for the first time that it can also be used to prove
security of MPC against a malicious adversary. We formalize additive and
replicated secret sharing schemes and apply them to Maurer's MPC protocol for
secure addition and multiplication. Our method extends to general polynomial
functions. We follow the insights from EasyCrypt that security proofs can be
often be reduced to proofs about program equivalence, a topic that is well
understood in the verification of programming languages. In particular, we show
that in the passive case the non-interference-based definition is equivalent to
a standard game-based security definition. For the active case we provide a new
NI definition, which we call input independence
APTE: An Algorithm for Proving Trace Equivalence
This paper presents APTE, a new tool for automatically proving the security of cryptographic protocols. It focuses on proving trace equivalence between processes, which is crucial for specifying privacy type properties such as anonymity and unlinkability.
The tool can handle protocols expressed in a calculus similar to the applied-pi calculus, which allows us to capture most existing protocols that rely on classical cryptographic primitives. In particular, APTE handles private channels and else branches in protocols with bounded number of sessions. Unlike most equivalence verifier tools, APTE is guaranteed to terminate
Moreover, APTE is the only tool that extends the usual notion of trace equivalence by considering ``side-channel'' information leaked to the attacker such as the length of messages and the execution times. We illustrate APTE on different case studies which allowed us to automatically (re)-discover attacks on protocols such as the Private Authentication protocol or the protocols of the electronic passports
Certified Impossibility Results for Byzantine-Tolerant Mobile Robots
We propose a framework to build formal developments for robot networks using
the COQ proof assistant, to state and to prove formally various properties. We
focus in this paper on impossibility proofs, as it is natural to take advantage
of the COQ higher order calculus to reason about algorithms as abstract
objects. We present in particular formal proofs of two impossibility results
forconvergence of oblivious mobile robots if respectively more than one half
and more than one third of the robots exhibit Byzantine failures, starting from
the original theorems by Bouzid et al.. Thanks to our formalization, the
corresponding COQ developments are quite compact. To our knowledge, these are
the first certified (in the sense of formally proved) impossibility results for
robot networks
Execution Models for Choreographies and Cryptoprotocols
A choreography describes a transaction in which several principals interact.
Since choreographies frequently describe business processes affecting
substantial assets, we need a security infrastructure in order to implement
them safely. As part of a line of work devoted to generating cryptoprotocols
from choreographies, we focus here on the execution models suited to the two
levels.
We give a strand-style semantics for choreographies, and propose a special
execution model in which choreography-level messages are faithfully delivered
exactly once. We adapt this model to handle multiparty protocols in which some
participants may be compromised.
At level of cryptoprotocols, we use the standard Dolev-Yao execution model,
with one alteration. Since many implementations use a "nonce cache" to discard
multiply delivered messages, we provide a semantics for at-most-once delivery
- …