Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content

Typechecking Higher-Order Security Libraries

  • Conference paper
Programming Languages and Systems (APLAS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6461))

Included in the following conference series:

Abstract

We propose a flexible method for verifying the security of ML programs that use cryptography and recursive data structures. Our main applications are X.509 certificate chains, secure logs for multi-party games, and XML digital signatures. These applications are beyond the reach of automated cryptographic verifiers such as ProVerif, since they require some form of induction. They can be verified using refinement types (that is, types with embedded logical formulas, tracking security events). However, this entails replicating higher-order library functions and annotating each instance with its own logical pre- and post-conditions. Instead, we equip higher-order functions with precise, yet reusable types that can refer to the pre- and post-conditions of their functional arguments, using generic logical predicates. We implement our method by extending the F7 typechecker with automated support for these predicates. We evaluate our approach experimentally by verifying a series of security libraries and protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Backes, M., Hriţcu, C., Maffei, M., Tarrach, T.: Type-checking implementations of protocols based on zero-knowledge proofs. In: FCS (2009)

    Google Scholar 

  2. Barnett, M., Leino, M., Schulte, W.: The Spec# programming system: An overview. In: CASSIS, pp. 49–69 (January 2005)

    Google Scholar 

  3. Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A.D., Maffeis, S.: Refinement types for secure implementations. In: CSF, pp. 17–32 (2008)

    Google Scholar 

  4. Bhargavan, K., Fournet, C., Gordon, A.D., Tse, S.: Verified interoperable implementations of security protocols. ACM TOPLAS 31, 5:1–5:61 (2008)

    Google Scholar 

  5. Bhargavan, K., Corin, R., Deniélou, P., Fournet, C., Leifer, J.: Cryptographic protocol synthesis and verification for multiparty sessions. In: CSF, pp. 124–140 (2009)

    Google Scholar 

  6. Bhargavan, K., Fournet, C., Gordon, A.D.: Modular verification of security protocol code by typing. In: POPL, pp. 445–456 (2010)

    Google Scholar 

  7. Bhargavan, K., Fournet, C., Guts, N.: Typechecking higher-order security libraries. Technical Report (2010), http://msr-inria.inria.fr/Projects/sec/infer

  8. Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: CSFW, pp. 82–96 (2001)

    Google Scholar 

  9. Chaki, S., Datta, A.: ASPIER: An automated framework for verifying security protocol implementations. In: CSF, pp. 172–185 (2009)

    Google Scholar 

  10. Chen, J., Chugh, R., Swamy, N.: Type-preserving compilation for end-to-end verification of security enforcement. In: PLDI, pp. 412–423 (June 2010)

    Google Scholar 

  11. Eastlake, D., Reagle, J., Solo, D., Bartel, M., Boyer, J., Fox, B., LaMacchia, B., Simon, E.: XML-Signature Syntax and Processing. W3C Recommendation (2002)

    Google Scholar 

  12. Fähndrich, M., Barnett, M., Logozzo, F.: Embedded Contract Languages. In: SAC OOPS (2010)

    Google Scholar 

  13. Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. SIGPLAN Not. 37(5), 234–245 (2002)

    Article  Google Scholar 

  14. Goubault-Larrecq, J., Parrennes, F.: Cryptographic protocol analysis on real C code. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 363–379. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  15. Guts, N., Fournet, C., Zappa Nardelli, F.: Reliable evidence: Auditability by typing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 168–183. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  16. Hoare, C.: An axiomatic basis for computer programming. Communications of the ACM (1969)

    Google Scholar 

  17. Recommendation X.509 (1997 E): Information Technology - Open Systems Interconnection - The Directory: Authentication Framework. ITU-T (June 1997)

    Google Scholar 

  18. Plotkin, G.D.: Denotational semantics with partial functions. Unpublished lecture notes, CSLI, Stanford University (July 1985)

    Google Scholar 

  19. Régis-Gianas, Y., Pottier, F.: A Hoare logic for call-by-value functional programs. In: Audebaud, P., Paulin-Mohring, C. (eds.) MPC 2008. LNCS, vol. 5133, pp. 305–335. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  20. Rondon, P., Kawaguci, M., Jhala, R.: Liquid types. In: PLDI, pp. 159–169 (2008)

    Google Scholar 

  21. Swamy, N., Chen, J., Chugh, R.: Enforcing stateful authorization and information flow policies in fine. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 529–549. Springer, Heidelberg (2010)

    Google Scholar 

  22. Xu, D.N.: Extended static checking for Haskell. In: Haskell, pp. 48–59 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bhargavan, K., Fournet, C., Guts, N. (2010). Typechecking Higher-Order Security Libraries. In: Ueda, K. (eds) Programming Languages and Systems. APLAS 2010. Lecture Notes in Computer Science, vol 6461. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17164-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17164-2_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17163-5

  • Online ISBN: 978-3-642-17164-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics