Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
research-article

Secure distributed programming with value-dependent types

Published: 19 September 2011 Publication History

Abstract

Distributed applications are difficult to program reliably and securely. Dependently typed functional languages promise to prevent broad classes of errors and vulnerabilities, and to enable program verification to proceed side-by-side with development. However, as recursion, effects, and rich libraries are added, using types to reason about programs, specifications, and proofs becomes challenging.
We present F*, a full-fledged design and implementation of a new dependently typed language for secure distributed programming. Unlike prior languages, F* provides arbitrary recursion while maintaining a logically consistent core; it enables modular reasoning about state and other effects using affine types; and it supports proofs of refinement properties using a mixture of cryptographic evidence and logical proof terms. The key mechanism is a new kind system that tracks several sub-languages within F* and controls their interaction. F* subsumes two previous languages, F7 and Fine. We prove type soundness (with proofs mechanized in Coq) and logical consistency for F*.
We have implemented a compiler that translates F* to .NET bytecode, based on a prototype for Fine. F* provides access to libraries for concurrency, networking, cryptography, and interoperability with C#, F#, and the other .NET languages. The compiler produces verifiable binaries with 60% code size overhead for proofs and types, as much as a 45x improvement over the Fine compiler, while still enabling efficient bytecode verification.
To date, we have programmed and verified more than 20,000 lines of F* including (1) new schemes for multi-party sessions; (2) a zero-knowledge privacy-preserving payment protocol; (3) a provenance-aware curated database; (4) a suite of 17 web-browser extensions verified for authorization properties; and (5) a cloud-hosted multi-tier web application with a verified reference monitor.

Supplementary Material

MP4 File (_talk1.mp4)

References

[1]
K. Avijit, A. Datta, and R. Harper. Distributed programming with distributed authorization. In TLDI, 2010.
[2]
M. Backes, C. Hritcu, and M. Maffei. Type-checking zero-knowledge. In CCS, 2008.
[3]
J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis. Refinement types for secure implementations. In CSF, 2008.
[4]
Y. Bertot and P. Castéran. Coq'Art: Interactive Theorem Proving and Program Development. Springer Verlag, 2004.
[5]
K. Bhargavan, R. Corin, P.-M. Dénielou, C. Fournet, and J. Leifer. Cryptographic protocol synthesis and verification for multiparty sessions. In CSF, 2009.
[6]
K. Bhargavan, C. Fournet, and A. D. Gordon. Modular verification of security protocol code by typing. In POPL, 2010.
[7]
J. Borgstrom, J. Chen, and N. Swamy. Verifying stateful programs with substructural state and hoare types. In PLPV '11, Jan. 2011.
[8]
I. Cervesato and F. Pfenning. A linear logical framework. Inf. Comput., 179 (1), 2002.
[9]
P. C. Chapin, C. Skalka, and X. S. Wang. Authorization in trust management: Features and foundations. ACM Comput. Surv., 40, 2008.
[10]
J. Chen, R. Chugh, and N. Swamy. Type-preserving compilation of end-to-end verification of security enforcement. In PLDI '10. ACM, 2010.
[11]
L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, 2008.
[12]
P.-M. Deniélou and N. Yoshida. Dynamic multirole session types. In POPL, 2011.
[13]
G. Gonthier, A. Mahboubi, and E. Tassi. Research Report RR-6455, 2011.
[14]
A. D. Gordon and A. Jeffrey. Authenticity by typing for security protocols. Journal of Computer Security, 11 (4): 451--520, 2003.
[15]
A. Guha, M. Fredrikson, B. Livshits, and N. Swamy. Verified security for browser extensions. In IEEE Symposium on Security and Privacy (Oakland), 2011.
[16]
N. Guts, C. Fournet, and F. Z. Nardelli. Reliable evidence: Auditability by typing. In ESORICS, 2009.
[17]
K. Honda, N. Yoshida, and M. Carbone. Multiparty asynchronous session types. In POPL, 2008.
[18]
L. Jia and S. Zdancewic. Encoding information flow in aura. In PLAS, 2009.
[19]
L. Jia, J. Vaughan, K. Mazurak, J. Zhao, L. Zarko, J. Schorr, and S. Zdancewic. Aura: A programming language for authorization and audit. In ICFP, 2008.
[20]
O. Kiselyov, S. P. Jones, and C. chieh Shan. Fun with type functions, 2010. Unpub.
[21]
S. K. Lahiri, S. Qadeer, and D. Walker. Linear maps. PLPV '11. ACM, 2011.
[22]
U. Norell. Towards a practical programming language based on dependent type theory. PhD thesis, Chalmers Institute of Technology, 2007.
[23]
A. Rial and G. Danezis. Privacy-friendly smart metering. Technical report, Microsoft Research, nov 2010.
[24]
P. Sewell, F. Z. Nardelli, S. Owens, G. Peskine, T. Ridge, S. Sarkar, and R. Strnisa. Ott: Effective tool support for the working semanticist. JFP, 20 (1), 2010.
[25]
M. Sozeau. Subset coercions in coq. In TYPES, 2007.
[26]
N. Swamy, B. J. Corcoran, and M. Hicks. Fable: A language for enforcing user-defined security policies. In S&P, 2008.
[27]
N. Swamy, J. Chen, and R. Chugh. Enforcing stateful authorization and information flow policies in Fine. In ESOP, 2010.
[28]
The Coq Development Team. Chapter 4: Calculus of Inductive Constructions. Technical report, 2010. URL http://coq.inria.fr.
[29]
J. A. Vaughan, L. Jia, K. Mazurak, and S. Zdancewic. Evidence-based audit. In CSF, 2008.
[30]
D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4 (3): 167--187, 1996.

Cited By

View all
  • (2024)Sesame: Practical End-to-End Privacy Compliance with Policy Containers and Privacy RegionsProceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles10.1145/3694715.3695984(709-725)Online publication date: 4-Nov-2024
  • (2024)Full Iso-Recursive TypesProceedings of the ACM on Programming Languages10.1145/36897188:OOPSLA2(192-221)Online publication date: 8-Oct-2024
  • (2022)Synchronous Programming and Refinement Types in Robotics: From Verification to ImplementationProceedings of the 8th ACM SIGPLAN International Workshop on Formal Techniques for Safety-Critical Systems10.1145/3563822.3568015(68-79)Online publication date: 29-Nov-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices
ACM SIGPLAN Notices  Volume 46, Issue 9
ICFP '11
September 2011
456 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2034574
Issue’s Table of Contents
  • cover image ACM Conferences
    ICFP '11: Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
    September 2011
    470 pages
    ISBN:9781450308656
    DOI:10.1145/2034773
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 September 2011
Published in SIGPLAN Volume 46, Issue 9

Check for updates

Author Tags

  1. refinement types
  2. security types

Qualifiers

  • Research-article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)79
  • Downloads (Last 6 weeks)10
Reflects downloads up to 28 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Sesame: Practical End-to-End Privacy Compliance with Policy Containers and Privacy RegionsProceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles10.1145/3694715.3695984(709-725)Online publication date: 4-Nov-2024
  • (2024)Full Iso-Recursive TypesProceedings of the ACM on Programming Languages10.1145/36897188:OOPSLA2(192-221)Online publication date: 8-Oct-2024
  • (2022)Synchronous Programming and Refinement Types in Robotics: From Verification to ImplementationProceedings of the 8th ACM SIGPLAN International Workshop on Formal Techniques for Safety-Critical Systems10.1145/3563822.3568015(68-79)Online publication date: 29-Nov-2022
  • (2022)Diaframe: automated verification of fine-grained concurrent programs in IrisProceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3519939.3523432(809-824)Online publication date: 9-Jun-2022
  • (2022)A type-theoretic model on NDN-TLV encodingProceedings of the 9th ACM Conference on Information-Centric Networking10.1145/3517212.3558093(91-102)Online publication date: 6-Sep-2022
  • (2021)Verified functional programming of an IoT operating system's bootloaderProceedings of the 19th ACM-IEEE International Conference on Formal Methods and Models for System Design10.1145/3487212.3487347(89-97)Online publication date: 20-Nov-2021
  • (2019)Safety at speed: in-place array algorithms from pure functional programs by safely re-using storageProceedings of the 8th ACM SIGPLAN International Workshop on Functional High-Performance and Numerical Computing10.1145/3331553.3342616(34-46)Online publication date: 18-Aug-2019
  • (2019)Implicit Computational Complexity of Subrecursive Definitions and Applications to Cryptographic ProofsJournal of Automated Reasoning10.1007/s10817-019-09530-2Online publication date: 31-Jul-2019
  • (2018)A Security Analysis Method for Security Protocol Implementations Based on Message ConstructionApplied Sciences10.3390/app81225438:12(2543)Online publication date: 8-Dec-2018
  • (2016)Unified Syntax with Iso-typesProgramming Languages and Systems10.1007/978-3-319-47958-3_14(251-270)Online publication date: 9-Oct-2016
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media