28 research outputs found
Programming and Proving with Distributed Protocols
Distributed systems play a crucial role in modern infrastructure, but are notoriously difficult to
implement correctly. This difficulty arises from two main challenges: (a) correctly implementing
core system components (e.g., two-phase commit), so all their internal invariants hold, and (b)
correctly composing standalone system components into functioning trustworthy applications (e.g.,
persistent storage built on top of a two-phase commit instance). Recent work has developed several
approaches for addressing (a) by means of mechanically verifying implementations of core distributed
components, but no methodology exists to address (b) by composing such verified components into
larger verified applications. As a result, expensive verification efforts for key system components are
not easily reusable, which hinders further verification efforts.
In this paper, we present Disel, the first framework for implementation and compositional
verification of distributed systems and their clients, all within the mechanized, foundational context
of the Coq proof assistant. In Disel, users implement distributed systems using a domain specific
language shallowly embedded in Coq and providing both high-level programming constructs as well
as low-level communication primitives. Components of composite systems are specified in Disel as
protocols, which capture system-specific logic and disentangle system definitions from implementation
details. By virtue of Disel’s dependent type system, well-typed implementations always satisfy
their protocols’ invariants and never go wrong, allowing users to verify system implementations
interactively using Disel’s Hoare-style program logic, which extends state-of-the-art techniques for
concurrency verification to the distributed setting. By virtue of the substitution principle and frame
rule provided by Disel’s logic, system components can be composed leading to modular, reusable
verified distributed systems.
We describe Disel, illustrate its use with a series of examples, outline its logic and metatheory,
and report on our experience using it as a framework for implementing, specifying, and verifying
distributed systems
On the Security of Cryptographic Protocols Using the Little Theorem of Witness Functions
In this paper, we show how practical the little theorem of witness functions
is in detecting security flaws in some category of cryptographic protocols. We
convey a formal analysis of the Needham-Schroeder symmetric-key protocol in the
theory of witness functions. We show how it helps to teach about a security
vulnerability in a given step of this protocol where the value of security of a
particular sensitive ticket in a sent message unexpectedly plummets compared
with its value when received. This vulnerability may be exploited by an
intruder to mount a replay attack as described by Denning and Sacco.Comment: Accepted at the 2019 IEEE Canadian Conference on Electrical &
Computer Engineering (CCECE) on March 1, 201