Foundational Integration Verification of a Cryptographic Server
Authors: 
Andres Erbsen, Jade Philipoom, Dustin Jamner, Ashley Lin, Samuel Gruetter, 
Clément Pit-Claudel, 
Adam ChlipalaAuthors Info & Claims
Andres Erbsen, Jade Philipoom, Dustin Jamner, Ashley Lin, Samuel Gruetter, Clément Pit-Claudel, Adam ChlipalaAuthors Info & ClaimsArticle No.: 216, Pages 1704 - 1729
Abstract
We present verification of a bare-metal server built using diverse implementation techniques and languages against a whole-system input-output specification in terms of machine code, network packets, and mathematical specifications of elliptic-curve cryptography. We used very different formal-reasoning techniques throughout the stack, ranging from computer algebra, symbolic execution, and verification-condition generation to interactive verification of functional programs including compilers for C-like and functional languages. All these component specifications and domain-specific reasoning techniques are defined and justified against common foundations in the Coq proof assistant. Connecting these components is a minimalistic specification style based on functional programs and assertions over simple objects, omnisemantics for program execution, and basic separation logic for memory layout. This design enables us to bring the components together in a top-level correctness theorem that can be audited without understanding or trusting the internal interfaces and tools. Our case study is a simple cryptographic server for flipping of a bit of state through public-key authenticated network messages, and its proof shows total functional correctness including static bounds on memory usage. This paper also describes our experiences with the specific verification tools we build upon, along with detailed analysis of reasons behind the widely varying levels of productivity we experienced between combinations of tools and tasks.
References
[1]
Eyad Alkassar, Mark A. Hillebrand, Dirk Leinenbach, Norbert W. Schirmer, and Artem Starostin. 2008. The Verisoft Approach to Systems Verification. In 2nd IFIP Working Conference on Verified Software: Theories, Tools, and Experiments (VSTTE’08), Natarajan Shankar and Jim Woodcock (Eds.) (LNCS, Vol. 5295). Springer, 209–224. https://doi.org/10.1007/978-3-540-87873-5_18
[2]
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, and Pierre-Yves Strub. 2017. Jasmin: High-Assurance and High-Speed Cryptography. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ’17). Association for Computing Machinery, New York, NY, USA. 1807–1823. isbn:9781450349468 https://doi.org/10.1145/3133956.3134078
[3]
Andrew W. Appel. 2014. Program Logics - for Certified Compilers. Cambridge University Press. isbn:978-1-10-704801-0 https://www.cs.princeton.edu/~appel/papers/plcc.pdf
[4]
Anish Athalye, Adam Belay, M. Frans Kaashoek, Robert Morris, and Nickolai Zeldovich. 2019. Notary: A Device for Secure Transaction Approval. In Proceedings of the 27th ACM Symposium on Operating Systems Principles (SOSP ’19). Association for Computing Machinery, New York, NY, USA. 97–113. isbn:9781450368735 https://doi.org/10.1145/3341301.3359661
[5]
Anish Athalye, M. Frans Kaashoek, and Nickolai Zeldovich. 2022. Verifying Hardware Security Modules with Information-Preserving Refinement. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22). USENIX Association, Carlsbad, CA. 503–519. isbn:978-1-939133-28-1 https://www.usenix.org/conference/osdi22/presentation/athalye
[6]
Lennart Beringer, Adam Petcher, Katherine Q. Ye, and Andrew W. Appel. 2015. Verified Correctness and Security of OpenSSL HMAC. In Proceedings of the 24th USENIX Conference on Security Symposium (SEC’15). USENIX Association, USA. 207–221. isbn:9781931971232
[7]
William R. Bevier, Warren A. Hunt, Jr., J. Strother Moore, and William D. Young. 1989. An approach to systems verification. J. Autom. Reasoning, 411–428. https://doi.org/10.1007/BF00243131
[8]
Rose Bohrer, Yong Kiam Tan, Stefan Mitsch, Magnus O. Myreen, and André Platzer. 2018. VeriPhy: Verified Controller Executables from Verified Cyber-Physical System Models. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2018). Association for Computing Machinery, New York, NY, USA. 617–630. isbn:9781450356985 https://doi.org/10.1145/3192366.3192406
[9]
Thomas Bourgeat, Ian Clester, Andres Erbsen, Samuel Gruetter, Pratap Singh, Andrew Wright, and Adam Chlipala. 2023. Flexible Instruction-Set Semantics via Abstract Monads (Experience Report). In ICFP’23: Proceedings of the 28th ACM SIGPLAN International Conference on Functional Programming. http://adam.chlipala.net/papers/RiscvICFP23/
[10]
Tej Chajed, Joseph Tassarotti, M. Frans Kaashoek, and Nickolai Zeldovich. 2019. Verifying Concurrent, Crash-Safe Systems with Perennial. In Proceedings of the 27th ACM Symposium on Operating Systems Principles (SOSP ’19). Association for Computing Machinery, New York, NY, USA. 243–258. isbn:9781450368735 https://doi.org/10.1145/3341301.3359632
[11]
Arthur Charguéraud, Adam Chlipala, Andres Erbsen, and Samuel Gruetter. 2023. Omnisemantics: Smooth Handling of Nondeterminism. ACM Trans. Program. Lang. Syst., 45, 1 (2023), Article 5, mar, 43 pages. issn:0164-0925 https://doi.org/10.1145/3579834
[12]
Haogang Chen, Tej Chajed, Alex Konradi, Stephanie Wang, Atalay Ileri, Adam Chlipala, M. Frans Kaashoek, and Nickolai Zeldovich. 2017. Verifying a High-Performance Crash-Safe File System Using a Tree Specification. In Proceedings of the 26th Symposium on Operating Systems Principles (SOSP ’17). Association for Computing Machinery, New York, NY, USA. 270–286. isbn:9781450350853 https://doi.org/10.1145/3132747.3132776
[13]
Haogang Chen, Daniel Ziegler, Tej Chajed, Adam Chlipala, M. Frans Kaashoek, and Nickolai Zeldovich. 2015. Using Crash Hoare Logic for Certifying the FSCQ File System. In Proceedings of the 25th Symposium on Operating Systems Principles (SOSP ’15). Association for Computing Machinery, New York, NY, USA. 18–37. isbn:9781450338349 https://doi.org/10.1145/2815400.2815402
[14]
Yu-Fang Chen, Chang-Hong Hsu, Hsin-Hung Lin, Peter Schwabe, Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang, and Shang-Yi Yang. 2014. Verifying Curve25519 Software. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS’14. ACM, 299–309. http://cryptojedi.org/papers/#verify25519 Document ID: 55ab8668ce87d857c02a5b2d56d7da38
[15]
Adam Chlipala. 2008. Parametric higher-order abstract syntax for mechanized semantics. In Proceedings of the 13th ACM SIGPLAN International Conference on Functional Programming (ICFP ’08). Association for Computing Machinery, New York, NY, USA. 143–156. isbn:9781595939197 http://adam.chlipala.net/papers/PhoasICFP08/ 10.1145/1411204.1411226
[16]
Andres Erbsen. 2022. Foundational Integration Verification of Diverse Software and Hardware Components. Ph. D. Dissertation. Massachusetts Institute of Technology. http://adam.chlipala.net/theses/andreser.pdf
[17]
Andres Erbsen, Samuel Gruetter, Joonwon Choi, Clark Wood, and Adam Chlipala. 2021. Integration Verification across Software and Hardware for a Simple Embedded System. In 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation. Association for Computing Machinery, New York, NY, USA. 604–619. isbn:9781450383912 https://doi.org/10.1145/3453483.3454065
[18]
Andres Erbsen, Jade Philipoom, Jason Gross, Robert Sloan, and Adam Chlipala. 2019. Simple High-Level Code for Cryptographic Arithmetic - With Proofs, Without Compromises. 2019 IEEE Symposium on Security and Privacy (SP), May, https://doi.org/10.1109/sp.2019.00005
[19]
Andres Erbsen, Jade Philipoom, Dustin Jamner, Ashley Lin, Samuel Gruetter, Adam Chlipala, and Clément Pit-Claudel. 2024. Foundational Integration Verification of a Cryptographic Server. https://doi.org/10.5281/zenodo.10807084
[20]
Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, and Bryan Parno. 2017. Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software. In Proceedings of the 26th Symposium on Operating Systems Principles (SOSP ’17). Association for Computing Machinery, New York, NY, USA. 287–305. isbn:9781450350853 https://www.microsoft.com/en-us/research/wp-content/uploads/2017/10/komodo.pdf 10.1145/3132747.3132782
[21]
Nathan Fulton, Stefan Mitsch, Jan-David Quesel, Marcus Völp, and André Platzer. 2015. KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems. In Automated Deduction - CADE-25, Amy P. Felty and Aart Middeldorp (Eds.). Springer International Publishing, Cham. 527–538. isbn:978-3-319-21401-6
[22]
Jason Gross, Andres Erbsen, Jade Philipoom, Miraya Poddar-Agrawal, and Adam Chlipala. 2022. Accelerating Verified-Compiler Development with a Verified Rewriting Engine. Schloss Dagstuhl - Leibniz-Zentrum für Informatik. https://doi.org/10.4230/LIPICS.ITP.2022.17
[23]
Ronghui Gu, Zhong Shao, Hao Chen, Xiongnan Wu, Jieung Kim, Vilhelm Sjöberg, and David Costanzo. 2016. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI’16). USENIX Association, USA. 653–669. isbn:9781931971331 https://www.usenix.org/conference/osdi16/technical-sessions/presentation/gu
[24]
Chris Hawblitzel, Jon Howell, Manos Kapritsos, Jacob R. Lorch, Bryan Parno, Michael L. Roberts, Srinath Setty, and Brian Zill. 2017. IronFleet: Proving Safety and Liveness of Practical Distributed Systems. Commun. ACM, 60, 7 (2017), June, 83–92. issn:0001-0782 https://doi.org/10.1145/3068608
[25]
Chris Hawblitzel, Jon Howell, Jacob R. Lorch, Arjun Narayan, Bryan Parno, Danfeng Zhang, and Brian Zill. 2014. Ironclad Apps: End-to-End Security via Automated Full-System Verification. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14). USENIX Association, Broomfield, CO. 165–181. isbn:978-1-931971-16-4 https://www.usenix.org/conference/osdi14/technical-sessions/presentation/hawblitzel
[26]
Son Ho, Jonathan Protzenko, Abhishek Bichhawat, and Karthikeyan Bhargavan. 2022. Noise^*: A Library of Verified High-Performance Secure Channel Protocol Implementations. In 2022 IEEE Symposium on Security and Privacy (SP). 107–124. https://doi.org/10.1109/SP46214.2022.9833621
[27]
Mirai Ikebuchi, Andres Erbsen, and Adam Chlipala. 2022. Certifying derivation of state machines from coroutines. Proc. ACM Program. Lang., 6, POPL (2022), Article 24, jan, 31 pages. https://doi.org/10.1145/3498685
[28]
Atalay Ileri, Tej Chajed, Adam Chlipala, M. Frans Kaashoek, and Nickolai Zeldovich. 2018. Proving Confidentiality in a File System Using DISKSEC. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI’18). USENIX Association, USA. 323–338. isbn:9781931971478
[29]
Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’15). Association for Computing Machinery, New York, NY, USA. 637–650. isbn:9781450333009 https://doi.org/10.1145/2676726.2676980
[30]
Nicolas Koh, Yao Li, Yishuai Li, Li-yao Xia, Lennart Beringer, Wolf Honoré, William Mansky, Benjamin C. Pierce, and Steve Zdancewic. 2019. From C to Interaction Trees: Specifying, Verifying, and Testing a Networked Server. In Proceedings of the 8th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP 2019). Association for Computing Machinery, New York, NY, USA. 234–248. isbn:9781450362221 https://doi.org/10.1145/3293880.3294106
[31]
Ramana Kumar, Magnus O. Myreen, Michael Norrish, and Scott Owens. 2014. CakeML: A Verified Implementation of ML. In Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’14). Association for Computing Machinery, New York, NY, USA. 179–191. isbn:9781450325448 https://www.cse.chalmers.se/~myreen/popl14.pdf 10.1145/2535838.2535841
[32]
Andreas Lööw, Ramana Kumar, Yong Kiam Tan, Magnus O Myreen, Michael Norrish, Oskar Abrahamsson, and Anthony Fox. 2019. Verified compilation on a verified processor. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation. 1041–1053. https://cakeml.org/pldi19.pdf 10.1145/3314221.3314622
[33]
Luke Nelson, James Bornholt, Ronghui Gu, Andrew Baumann, Emina Torlak, and Xi Wang. 2019. Scaling Symbolic Evaluation for Automated Verification of Systems Code with Serval. In Proceedings of the 27th ACM Symposium on Operating Systems Principles (SOSP ’19). Association for Computing Machinery, New York, NY, USA. 225–242. isbn:9781450368735 https://doi.org/10.1145/3341301.3359641
[34]
Luke Nelson, Helgi Sigurbjarnarson, Kaiyuan Zhang, Dylan Johnson, James Bornholt, Emina Torlak, and Xi Wang. 2017. Hyperkernel: Push-Button Verification of an OS Kernel. In Proceedings of the 26th Symposium on Operating Systems Principles (SOSP ’17). Association for Computing Machinery, New York, NY, USA. 252–269. isbn:9781450350853 https://doi.org/10.1145/3132747.3132748
[35]
Liam O’Connor, Zilin Chen, Christine Rizkallah, Vincent Jackson, Sidney Amani, Gerwin Klein, Toby Murray, Thomas Sewell, and Gabriele Keller. 2021. Cogent: uniqueness types and certifying compilation. Journal of Functional Programming, 31 (2021), 25. https://doi.org/10.1017/S095679682100023X
[36]
Clément Pit-Claudel, Jade Philipoom, Dustin Jamner, Andres Erbsen, and Adam Chlipala. 2022. Relational Compilation for Performance-Critical Applications: Extensible Proof-Producing Translation of Functional Models into Low-Level Code. In Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI 2022). Association for Computing Machinery, New York, NY, USA. 918–933. isbn:9781450392655 https://doi.org/10.1145/3519939.3523706
[37]
Clément Pit-Claudel, Peng Wang, Benjamin Delaware, Jason Gross, and Adam Chlipala. 2020. Extensible Extraction of Efficient Imperative Programs with Foreign Functions, Manually Managed Memory, and Proofs. In Automated Reasoning: 10th International Joint Conference, IJCAR 2020, Paris, France, July 1–4, 2020, Proceedings, Part II, Nicolas Peltier and Viorica Sofronie-Stokkermans (Eds.) (Lecture Notes in Computer Science, Vol. 12167). Springer International Publishing, 119–137. isbn:978-3-030-51054-1 https://doi.org/10.1007/978-3-030-51054-1_7
[38]
Jonathan Protzenko, Bryan Parno, Aymeric Fromherz, Chris Hawblitzel, Marina Polubelova, Karthikeyan Bhargavan, Benjamin Beurdouche, Joonwon Choi, Antoine Delignat-Lavaud, Cédric Fournet, Natalia Kulatova, Tahina Ramananandro, Aseem Rastogi, Nikhil Swamy, Christoph M. Wintersteiger, and Santiago Zanella-Beguelin. 2020. EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider. In 2020 IEEE Symposium on Security and Privacy (SP). 983–1002. https://doi.org/10.1109/SP40000.2020.00114
[39]
Jonathan Protzenko, Jean-Karim Zinzindohoué, Aseem Rastogi, Tahina Ramananandro, Peng Wang, Santiago Zanella-Béguelin, Antoine Delignat-Lavaud, Cătălin Hritcu, Karthikeyan Bhargavan, Cédric Fournet, and Nikhil Swamy. 2017. Verified Low-Level Programming Embedded in F*. Proc. ACM Program. Lang., 1, ICFP (2017), Article 17, Aug., 29 pages. https://doi.org/10.1145/3110261
[40]
Peter Schwabe, Benoît Viguier, Timmy Weerwag, and Freek Wiedijk. 2021. A Coq proof of the correctness of X25519 in TweetNaCl. In 2021 IEEE 34th Computer Security Foundations Symposium (CSF). 1–16. https://doi.org/10.1109/CSF51468.2021.00023
[41]
Helgi Sigurbjarnarson, James Bornholt, Emina Torlak, and Xi Wang. 2016. Push-Button Verification of File Systems via Crash Refinement. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). USENIX Association, Savannah, GA. 1–16. isbn:978-1-931971-33-1 https://www.usenix.org/conference/osdi16/technical-sessions/presentation/sigurbjarnarson
[42]
Helgi Sigurbjarnarson, Luke Nelson, Bruno Castro-Karney, James Bornholt, Emina Torlak, and Xi Wang. 2018. Nickel: A Framework for Design and Verification of Information Flow Control Systems. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI’18). USENIX Association, USA. 287–305. isbn:9781931971478 https://unsat.cs.washington.edu/papers/sigurbjarnarson-nickel.pdf
[43]
Vilhelm Sjöberg, Yuyang Sang, Shu-chun Weng, and Zhong Shao. 2019. DeepSEA: A Language for Certified System Software. Proc. ACM Program. Lang., 3, OOPSLA (2019), Article 136, oct, 27 pages. https://doi.org/10.1145/3360562
[44]
Stefan van den Berg. 2020. RISC-V implementation of the NaCl-library. Master’s thesis. https://pure.tue.nl/ws/portalfiles/portal/169647601/Berg_S._ES_CSE.pdf
[45]
Andrew Waterman and Krste Asanovic. 2019. The RISC-V Instruction Set Manual. https://riscv.org/specifications/
[46]
James R. Wilcox, Doug Woos, Pavel Panchekha, Zachary Tatlock, Xi Wang, Michael D. Ernst, and Thomas Anderson. 2015. Verdi: A Framework for Implementing and Formally Verifying Distributed Systems. SIGPLAN Not., 50, 6 (2015), June, 357–368. issn:0362-1340 https://doi.org/10.1145/2813885.2737958
[47]
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, and Andrew W. Appel. 2017. Verified Correctness and Security of MbedTLS HMAC-DRBG. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ’17). Association for Computing Machinery, New York, NY, USA. 2007–2020. isbn:9781450349468 https://doi.org/10.1145/3133956.3133974
[48]
Arseniy Zaostrovnykh, Solal Pirelli, Rishabh Iyer, Matteo Rizzo, Luis Pedrosa, Katerina Argyraki, and George Candea. 2019. Verifying Software Network Functions with No Verification Expertise. In Proceedings of the 27th ACM Symposium on Operating Systems Principles (SOSP ’19). Association for Computing Machinery, New York, NY, USA. 275–290. isbn:9781450368735 https://vigor-nf.github.io/vigor-paper.pdf 10.1145/3341301.3359647
[49]
Hengchu Zhang, Wolf Honoré, Nicolas Koh, Yao Li, Yishuai Li, Li-Yao Xia, Lennart Beringer, William Mansky, Benjamin Pierce, and Steve Zdancewic. 2021. Verifying an HTTP Key-Value Server with Interaction Trees and VST. In 12th International Conference on Interactive Theorem Proving (ITP 2021), Liron Cohen and Cezary Kaliszyk (Eds.) (Leibniz International Proceedings in Informatics (LIPIcs), Vol. 193). Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl, Germany. 32:1–32:19. isbn:978-3-95977-188-7 issn:1868-8969 https://doi.org/10.4230/LIPIcs.ITP.2021.32
[50]
Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, and Benjamin Beurdouche. 2017. HACL*: A Verified Modern Cryptographic Library. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ’17). Association for Computing Machinery, New York, NY, USA. 1789–1806. isbn:9781450349468 https://doi.org/10.1145/3133956.3134043
Index Terms
- Foundational Integration Verification of a Cryptographic Server
Recommendations
Server-Aided Verification Signatures: Definitions and New Constructions
ProvSec '08: Proceedings of the 2nd International Conference on Provable SecurityA server-aided verification signature scheme consists of a digital signature scheme and a server-aided verification protocol. By executing the server-aided verification protocol with the server, one can perform the verification of signatures with less ...
Provably secure server-aided verification signatures
A server-aided verification signature scheme consists of a digital signature scheme and a server-aided verification protocol. With the server-aided verification protocol, some computational tasks for a signature verification are carried out by a server, ...
A Provably Secure Server-Aided Verification Signature
EIDWT '13: Proceedings of the 2013 Fourth International Conference on Emerging Intelligent Data and Web TechnologiesA server-aided verification signature scheme consists of a standard signature scheme and a server-aided verification protocol. Signatures can be verified by executing the server-aided verification protocol with the server, which is generally untrusted. ...
Comments
Information & Contributors
Information
Published In
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 20 June 2024
Published in PACMPL Volume 8, Issue PLDI
Check for updates
Badges
Author Tags
Qualifiers
- Research-article
Funding Sources
- National Science Foundation
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 119Total Downloads
- Downloads (Last 12 months)119
- Downloads (Last 6 weeks)48
Reflects downloads up to 18 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in