Refinement Types for Secure Implementations

We present the design and implementation of a typechecker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. The underlying type theory is a λ-calculus equipped with refinement types for expressing pre- and post-conditions within first-order logic. We derive formal cryptographic primitives and represent active adversaries within the type theory. Well-typed programs enjoy assertion-based security properties, with respect to a realistic threat model including key compromise. The implementation amounts to an enhanced typechecker for the general purpose functional language F#; typechecking generates verification conditions that are passed to an SMT solver. We describe a series of checked examples. This is the first tool to verify authentication properties of cryptographic protocols by typechecking their source code. © 2008 IEEE

Acute: high-level programming language design for distributed computation

Existing languages provide good support for typeful programming of standalone programs. In a distributed system, however, there may be interaction between multiple instances of many distinct programs, sharing some (but not necessarily all) of their module structure, and with some instances rebuilt with new versions of certain modules as time goes on. In this paper we discuss programming language support for such systems, focussing on their typing and naming issues. We describe an experimental language, Acute, which extends an ML core to support distributed development, deployment, and execution, allowing type-safe interaction between separately-built programs. The main features are: (1) type-safe marshalling of arbitrary values; (2) type names that are generated (freshly and by hashing) to ensure that type equality tests suffice to protect the invariants of abstract types, across the entire distributed system; (3) expression-level names generated to ensure that name equality tests suffice for type-safety of associated values, e.g. values carried on named channels; (4) controlled dynamic rebinding of marshalled values to local resources; and (5) thunkification of threads and mutexes to support computation mobility. These features are a large part of what is needed for typeful distributed programming. They are a relatively lightweight extension of ML, should be efficiently implementable, and are expressive enough to enable a wide variety of distributed infrastructure layers to be written as simple library code above the byte-string network and persistent store APIs. This disentangles the language runtime from communication intricacies. This paper highlights the main design choices in Acute. It is supported by a full language definition (of typing, compilation, and operational semantics), by a prototype implementation, and by example distribution libraries

Gradual C Programming for Typed Lua

The work presented in this thesis deals with the problem of enhancing the performance of dynamically-typed programming languages by integrating features from statically-typed programming languages. Statically-typed languages focus on security and performance, but dynamically-typed languages focus on flexibility and automation. Optional type-systems and gradual type-systems realize some of the security benefits offered in statically-typed languages by adding a static type-system to a dynamically-typed language. However, these approaches generally do not provide the performance advantages of statically-typed languages. In this thesis, a programming language named Poseidon Lua is proposed. It extends Typed Lua, an optionally-typed programming language, with language features that are only available from statically-typed languages. A Poseidon Lua program is able to use manual memory management to bypass the performance costs related to automatic garbage collection. A Poseidon Lua program is also able to use direct memory programming using its C pointers to avoid the performance overhead of using Lua tables. Note that Lua does not allow a program to directly manipulate raw memory. This thesis presents an extension of the compiler and virtual machine of Lua, named Modified Lua, that does allow the direct manipulation of raw memory. All Poseidon Lua programs are translated to Modified Lua programs before execution. In addition, for calling external C functions, a Modified LuaFFI library is provided for Poseidon Lua. The Modified LuaFFI library is an extension of the luaffifb library that avoids the performance overhead of the extra dynamic typechecking that is carried out by the cdata values. Poseidon Lua, Modifed Lua, and the Modified LuaFFI library are implemented by modifying the compiler of Typed Lua, the compiler and the virtual machine of Lua, and the luaffifb library, respectively. Poseidon Lua is tested using a benchmark suite and a feature test suite. In the benchmark suite, Poseidon Lua programs achieve a speedup of 0.98X with respect to corresponding Lua programs and a speedup of 6.82X with respect to corresponding luaffifb programs, which is a Lua program that uses the luaffifb library. One Poseidon Lua program of the suite is able to achieve a maximum speedup of 10.76X with respect to the corresponding luaffifb program. In the feature test suite, relative to a Lua program, a Poseidon Lua program is able to achieve a speedup of 4.18X and 1.31X due to manual memory management and direct memory programming, respectively. A Poseidon Lua program that uses the Modified LuaFFI library is able to achieve a speedup of 10.32X over a luaffifb program. Poseidon Lua along with its components achieves significant performance advantages over the dynamically-typed language Lua using features from the statically-typed programming language C

Modular code-based cryptographic verification

International audienceType systems are effective tools for verifying the security of cryptographic programs. They provide automation, modularity and scalability, and have been applied to large security protocols. However, they traditionally rely on abstract assumptions on the underlying cryptographic primitives, expressed in symbolic models. Cryptographers usually reason on security assumptions using lower level, computational models that precisely account for the complexity and success probability of attacks. These models are more realistic, but they are harder to formalize and automate. We present the first modular automated program verification method based on standard cryptographic assumptions. We show how to verify ideal functionalities and protocols written in ML by typing them against new cryptographic interfaces using F7, a refinement type checker coupled with an SMT-solver. We develop a probabilistic core calculus for F7 and formalize its type safety in Coq. We build typed module and interfaces for MACs, signatures, and encryptions, and establish their authenticity and secrecy properties. We relate their ideal functionalities and concrete implementations, using game-based program transformations behind typed interfaces. We illustrate our method on a series of protocol implementations

PLACES'10: The 3rd Workshop on Programmng Language Approaches to concurrency and Communication-Centric Software

Paphos, Cyprus. March 201

Type checking cryptography implementations

Proceedings da conferência Fundamentals of Software Engineering 2011Cryptographic software development is a challenging field: high performance must be achieved, while ensuring correctness and compliance with low-level security policies. CAO is a domain specific language designed to assist development of cryptographic software. An important feature of this language is the design of a novel type system introducing native types such as predefined sized vectors, matrices and bit strings, residue classes modulo an integer, finite fields and finite field extensions, allowing for extensive static validation of source code. We present the formalisation, validation and implementation of this type system.(undefined