research-article

Type-preserving compilation of end-to-end verification of security enforcement

Authors:

Nikhil SwamyAuthors Info & Claims

PLDI '10: Proceedings of the 31st ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 412 - 423

https://doi.org/10.1145/1806596.1806643

Published: 05 June 2010 Publication History

Abstract

A number of programming languages use rich type systems to verify security properties of code. Some of these languages are meant for source programming, but programs written in these languages are compiled without explicit security proofs, limiting their utility in settings where proofs are necessary, e.g., proof-carrying authorization. Others languages do include explicit proofs, but these are generally lambda calculi not intended for source programming, that must be further compiled to an executable form. A language suitable for source programming backed by a compiler that enables end-to-end verification is missing.

In this paper, we present a type-preserving compiler that translates programs written in FINE, a source-level functional language with dependent refinements and affine types, to DCIL, a new extension of the .NET Common Intermediate Language. FINE is type checked using an external SMT solver to reduce the proof burden on source programmers. We extract explicit LCF-style proof terms from the solver and carry these proof terms in the compilation to DCIL, thereby removing the solver from the trusted computing base. Explicit proofs enable DCIL to be used in a number of important scenarios, including the verification of mobile code, proof-carrying authorization, and evidence-based auditing. We report on our experience using FINE to build reference monitors for several applications, ranging from a plugin-based email client to a conference management server.

References

[1]

A. W. Appel and E. W. Felten. Proof-carrying authentication. In phCCS. ACM, 1999.

Digital Library

[2]

K. Avijit, A. Datta, and R. Harper. Distributed programming with distributed authorization. In TLDI. ACM, 2010.

Digital Library

[3]

G. Barthe, D. Pichardie, and T. Rezk. A certified lightweight non-interference Java bytecode verifier. In phESOP. Springer, 2007.

Digital Library

[4]

J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis. Refinement types for secure implementations. In phCSF. IEEE, 2008.

Digital Library

[5]

Y. Bertot and P. Castéran. Coq'Art: Interactive Theorem Proving and Program Development. Springer Verlag, 2004.

Digital Library

[6]

S. Böhme. Proof reconstruction for Z3 in Isabelle/HOL. In SMT Workshop. Springer, 2009.

[7]

L. de Moura and N. Bjorner. Z3: An efficient SMT solver. In TACAS. Springer, 2008.

Digital Library

[8]

D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Specifying and reasoning about dynamic access-control policies. In LNCS. Springer, 2006.

Digital Library

[9]

ECMA. Standard ECMA-335: Common language infrastructure, 2006.

[10]

C. Flanagan. Hybrid type checking. In POPL. ACM, 2006.

Digital Library

[11]

C. Flanagan, A. Sabry, B. F. Duba, and M. Felleisen. The essence of compiling with continuations. In PLDI. ACM, 1993.

Digital Library

[12]

C. Flanagan, S. N. Freund, and A. Tomb. Hybrid types, invariants, and refinements for imperative objects. In phFOOL/WOOD '06, 2006.

[13]

L. Jia, J. Vaughan, K. Mazurak, J. Zhao, L. Zarko, J. Schorr, and S. Zdancewic. Aura: A programming language for authorization and audit. In ICFP. ACM, 2008.

Digital Library

[14]

A. Kennedy and D. Syme. Transposing F to C#: Expressivity of polymorphism in an object-oriented language. Concurrency and Computation: Practice and Experience, 16 (7), 2004.

Digital Library

[15]

S. Krishnamurthi. The Continue server. In PADL. Springer, 2003.

[16]

R. Milner. LCF: A way of doing proofs with a machine. In MFCS, 1979.

[17]

G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to typed assembly language. ACM TOPLAS, 21 (3), 1999.

Digital Library

[18]

G. C. Necula. Proof-carrying code. In POPL'97. ACM, 1997.

Digital Library

[19]

N. Nystrom, V. Saraswat, J. Palsberg, and C. Grothoff. Constrained types for object-oriented languages. In OOPSLA'08. ACM, 2008.

Digital Library

[20]

A. Sabelfeld and A. C. Myers. Language-based information-flow security. JSAC, 21 (1): 5--19, Jan. 2003.

Digital Library

[21]

A. Stump, M. Deters, A. Petcher, T. Schiller, and T. Simpson. Verified programming in Guru. In PLPV. ACM, 2008.

Digital Library

[22]

N. Swamy, B. J. Corcoran, and M. Hicks. Fable: A language for enforcing user--defined security policies. In S&P. IEEE, 2008.

[23]

N. Swamy, J. Chen, and R. Chugh. End-to-end verification of security enforcement is fine. Technical Report MSR-TR-2009-98, MSR, 2009.

[24]

N. Swamy, J. Chen, and R. Chugh. Enforcing stateful authorization and information flow policies in Fine. In phESOP. Springer, 2010.

Digital Library

[25]

D. Syme, A. Granicz, and A. Cisternino. Expert F#. Apress, 2007.

[26]

J. A. Vaughan, L. Jia, K. Mazurak, and S. Zdancewic. Evidence-based audit. In CSF. IEEE, 2008.

Digital Library

[27]

D. Yu and N. Islam. A typed assembly language for confidentiality. In ESOP. Springer, 2006.

Digital Library

[28]

L. Zheng and A. C. Myers. Dynamic security labels and noninterference. In FAST'04. Springer, 2004.

Cited By

Watanabe YGopinathan KPîrlea GPolikarpova NSergey I(2021)Certifying the synthesis of heap-manipulating programsProceedings of the ACM on Programming Languages10.1145/34735895:ICFP(1-29)Online publication date: 19-Aug-2021
https://dl.acm.org/doi/10.1145/3473589
Barthe GGrégoire BLaporte VPriya SKim YKim JVigna GShi E(2021)Structured Leakage and Applications to Cryptographic Constant-Time and CostProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484761(462-476)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484761
Kalhauge CPalsberg JFreund SYahav E(2021)Logical bytecode reductionProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454091(1003-1016)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454091
Show More Cited By

Index Terms

Type-preserving compilation of end-to-end verification of security enforcement
1. Software and its engineering
  1. Software notations and tools
    1. Formal language definitions
2. Theory of computation
  1. Formal languages and automata theory

Recommendations

Type-preserving compilation of end-to-end verification of security enforcement
PLDI '10

A number of programming languages use rich type systems to verify security properties of code. Some of these languages are meant for source programming, but programs written in these languages are compiled without explicit security proofs, limiting ...
Combinators and type-driven transformers in Objective Caml

We describe an implementation of LDTA 2011 Tool Challenge tasks in Objective Caml language. Instead of using some dedicated domain-specific tools we utilize typical functional programming machinery such as polymorphic functions, monads and combinators; ...
A simple separate compilation mechanism for block-structured languages

A very simple and efficient technique for the introduction of separate compilation facilities into compilers for block-structured languages is presented. Using this technique, programs may be compiled in parts while the compile-time checking advantages ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI '10: Proceedings of the 31st ACM SIGPLAN Conference on Programming Language Design and Implementation

June 2010

514 pages

ISBN:9781450300193

DOI:10.1145/1806596

General Chair:
Ben Zorn
Microsoft Research
,
Program Chair:
Alex Aiken
Stanford University

ACM SIGPLAN Notices Volume 45, Issue 6
PLDI '10
June 2010
496 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1809028
Issue’s Table of Contents

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 June 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

PLDI '10

Sponsor:

SIGPLAN

PLDI '10: ACM SIGPLAN Conference on Programming Language Design and Implementation

June 5 - 10, 2010

Ontario, Toronto, Canada

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

51
Total Citations
View Citations
400
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)1

Reflects downloads up to 28 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Watanabe YGopinathan KPîrlea GPolikarpova NSergey I(2021)Certifying the synthesis of heap-manipulating programsProceedings of the ACM on Programming Languages10.1145/34735895:ICFP(1-29)Online publication date: 19-Aug-2021
https://dl.acm.org/doi/10.1145/3473589
Barthe GGrégoire BLaporte VPriya SKim YKim JVigna GShi E(2021)Structured Leakage and Applications to Cryptographic Constant-Time and CostProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484761(462-476)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484761
Kalhauge CPalsberg JFreund SYahav E(2021)Logical bytecode reductionProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454091(1003-1016)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454091
Polikarpova NStefan DYang JItzhaky SHance TSolar-Lezama A(2020)Liquid information flow controlProceedings of the ACM on Programming Languages10.1145/34089874:ICFP(1-30)Online publication date: 3-Aug-2020
https://dl.acm.org/doi/10.1145/3408987
Barthe GBlazy SGrégoire BHutin RLaporte VPichardie DTrieu A(2019)Formal verification of a constant-time preserving C compilerProceedings of the ACM on Programming Languages10.1145/33710754:POPL(1-30)Online publication date: 20-Dec-2019
https://dl.acm.org/doi/10.1145/3371075
Patrignani MAhmed AClarke D(2019)Formal Approaches to Secure CompilationACM Computing Surveys10.1145/328098451:6(1-36)Online publication date: 4-Feb-2019
https://dl.acm.org/doi/10.1145/3280984
Bowman WAhmed A(2018)Typed closure conversion for the calculus of constructionsACM SIGPLAN Notices10.1145/3296979.319237253:4(797-811)Online publication date: 11-Jun-2018
https://dl.acm.org/doi/10.1145/3296979.3192372
Li PZhang D(2018)A derivation framework for dependent security label inferenceProceedings of the ACM on Programming Languages10.1145/32764852:OOPSLA(1-26)Online publication date: 24-Oct-2018
https://dl.acm.org/doi/10.1145/3276485
Bowman WAhmed AFoster JGrossman D(2018)Typed closure conversion for the calculus of constructionsProceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3192366.3192372(797-811)Online publication date: 11-Jun-2018
https://dl.acm.org/doi/10.1145/3192366.3192372
Vazou NTondwalkar AChoudhury VScott RNewton RWadler PJhala R(2017)Refinement reflection: complete verification with SMTProceedings of the ACM on Programming Languages10.1145/31581412:POPL(1-31)Online publication date: 27-Dec-2017
https://dl.acm.org/doi/10.1145/3158141
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents