56 research outputs found
Refinement Types for Secure Implementations
We present the design and implementation of a typechecker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. The underlying type theory is a λ-calculus equipped with refinement types for expressing pre- and post-conditions within first-order logic. We derive formal cryptographic primitives and represent active adversaries within the type theory. Well-typed programs enjoy assertion-based security properties, with respect to a realistic threat model including key compromise. The implementation amounts to an enhanced typechecker for the general purpose functional language F#; typechecking generates verification conditions that are passed to an SMT solver. We describe a series of checked examples. This is the first tool to verify authentication properties of cryptographic protocols by typechecking their source code. © 2008 IEEE
Gradual Certified Programming in Coq
Expressive static typing disciplines are a powerful way to achieve
high-quality software. However, the adoption cost of such techniques should not
be under-estimated. Just like gradual typing allows for a smooth transition
from dynamically-typed to statically-typed programs, it seems desirable to
support a gradual path to certified programming. We explore gradual certified
programming in Coq, providing the possibility to postpone the proofs of
selected properties, and to check "at runtime" whether the properties actually
hold. Casts can be integrated with the implicit coercion mechanism of Coq to
support implicit cast insertion a la gradual typing. Additionally, when
extracting Coq functions to mainstream languages, our encoding of casts
supports lifting assumed properties into runtime checks. Much to our surprise,
it is not necessary to extend Coq in any way to support gradual certified
programming. A simple mix of type classes and axioms makes it possible to bring
gradual certified programming to Coq in a straightforward manner.Comment: DLS'15 final version, Proceedings of the ACM Dynamic Languages
Symposium (DLS 2015
Bounded Refinement Types
We present a notion of bounded quantification for refinement types and show
how it expands the expressiveness of refinement typing by using it to develop
typed combinators for: (1) relational algebra and safe database access, (2)
Floyd-Hoare logic within a state transformer monad equipped with combinators
for branching and looping, and (3) using the above to implement a refined IO
monad that tracks capabilities and resource usage. This leap in expressiveness
comes via a translation to "ghost" functions, which lets us retain the
automated and decidable SMT based checking and inference that makes refinement
typing effective in practice.Comment: 14 pages, International Conference on Functional Programming, ICFP
201
Formally based semi-automatic implementation of an open security protocol
International audienceThis paper presents an experiment in which an implementation of the client side of the SSH Transport Layer Protocol (SSH-TLP) was semi-automatically derived according to a model-driven development paradigm that leverages formal methods in order to obtain high correctness assurance. The approach used in the experiment starts with the formalization of the protocol at an abstract level. This model is then formally proved to fulfill the desired secrecy and authentication properties by using the ProVerif prover. Finally, a sound Java implementation is semi-automatically derived from the verified model using an enhanced version of the Spi2Java framework. The resulting implementation correctly interoperates with third party servers, and its execution time is comparable with that of other manually developed Java SSH-TLP client implementations. This case study demonstrates that the adopted model-driven approach is viable even for a real security protocol, despite the complexity of the models needed in order to achieve an interoperable implementation
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
Trust, but Verify: Two-Phase Typing for Dynamic Languages
A key challenge when statically typing so-called dynamic languages is the
ubiquity of value-based overloading, where a given function can dynamically
reflect upon and behave according to the types of its arguments. Thus, to
establish basic types, the analysis must reason precisely about values, but in
the presence of higher-order functions and polymorphism, this reasoning itself
can require basic types. In this paper we address this chicken-and-egg problem
by introducing the framework of two-phased typing. The first "trust" phase
performs classical, i.e. flow-, path- and value-insensitive type checking to
assign basic types to various program expressions. When the check inevitably
runs into "errors" due to value-insensitivity, it wraps problematic expressions
with DEAD-casts, which explicate the trust obligations that must be discharged
by the second phase. The second phase uses refinement typing, a flow- and
path-sensitive analysis, that decorates the first phase's types with logical
predicates to track value relationships and thereby verify the casts and
establish other correctness properties for dynamically typed languages
Partitioning Strategies for Distributed SMT Solving
For many users of Satisfiability Modulo Theories (SMT) solvers, the solver's
performance is the main bottleneck in their application. One promising approach
for improving performance is to leverage the increasing availability of
parallel and cloud computing. However, despite many efforts, the best parallel
approach to date consists of running a portfolio of solvers, meaning that
performance is still limited by the best possible sequential performance. In
this paper, we revisit divide-and-conquer approaches to parallel SMT, in which
a challenging problem is partitioned into several subproblems. We introduce
several new partitioning strategies and evaluate their performance, both alone
as well as within portfolios, on a large set of difficult SMT benchmarks. We
show that hybrid portfolios that include our new strategies can significantly
outperform traditional portfolios for parallel SMT.Comment: Submitted to FMCAD 202
- …