Results 1 - 10
of
50
Refinement types for secure implementations
- IN 21ST IEEE COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF’08
, 2008
"... We present the design and implementation of a typechecker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. The underlying type theory is a λ-calculus equipped with refinement types for expressing pre- and post-conditions within first-orde ..."
Abstract
-
Cited by 114 (25 self)
- Add to MetaCart
We present the design and implementation of a typechecker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. The underlying type theory is a λ-calculus equipped with refinement types for expressing pre- and post-conditions within first-order logic. We derive formal cryptographic primitives and represent active adversaries within the type theory. Well-typed programs enjoy assertion-based security properties, with respect to a realistic threat model including key compromise. The implementation amounts to an enhanced typechecker for the general purpose functional language F#; typechecking generates verification conditions that are passed to an SMT solver. We describe a series of checked examples. This is the first tool to verify authentication properties of cryptographic protocols by typechecking their source code.
Secure distributed programming with value-dependent types
- In: Proceedings of the 13th ACM SIGPLAN International Conference on Functional Programming (ICFP
, 2011
"... Distributed applications are difficult to program reliably and securely. Dependently typed functional languages promise to prevent broad classes of errors and vulnerabilities, and to enable program verification to proceed side-by-side with development. However, as recursion, effects, and rich librar ..."
Abstract
-
Cited by 80 (15 self)
- Add to MetaCart
(Show Context)
Distributed applications are difficult to program reliably and securely. Dependently typed functional languages promise to prevent broad classes of errors and vulnerabilities, and to enable program verification to proceed side-by-side with development. However, as recursion, effects, and rich libraries are added, using types to reason about programs, specifications, and proofs becomes challenging. We present F ⋆ , a full-fledged design and implementation of a new dependently typed language for secure distributed programming. Unlike prior languages, F ⋆ provides arbitrary recursion while maintaining a logically consistent core; it enables modular reasoning about state and other effects using affine types; and it supports proofs of refinement properties using a mixture of cryptographic evidence and logical proof terms. The key mechanism is a new kind system that tracks several sub-languages within F ⋆ and controls their interaction. F ⋆ subsumes two previous languages, F7 and Fine. We prove type soundness (with proofs mechanized in Coq) and logical consistency for F ⋆. We have implemented a compiler that translates F ⋆ to.NET bytecode, based on a prototype for Fine. F ⋆ provides access to libraries for concurrency, networking, cryptography, and interoperability with C#, F#, and the other.NET languages. The compiler produces verifiable binaries with 60 % code size overhead for proofs and types, as much as a 45x improvement over the Fine compiler, while still enabling efficient bytecode verification. To date, we have programmed and verified more than 20,000 lines of F ⋆ including (1) new schemes for multi-party sessions; (2) a zero-knowledge privacy-preserving payment protocol; (3) a provenance-aware curated database; (4) a suite of 17 web-browser extensions verified for authorization properties; and (5) a cloudhosted multi-tier web application with a verified reference monitor.
A theory of designby-contract for distributed multiparty interactions
- In CONCUR 2010, LNCS
, 2011
"... Abstract. The approach known as Design by Contract (DbC) [23] promotes reliable software development through elaboration of type signatures for sequential programs with logical formulae. This paper presents an assertion method which generalises the notion of DbC to multiparty distributed interaction ..."
Abstract
-
Cited by 30 (17 self)
- Add to MetaCart
(Show Context)
Abstract. The approach known as Design by Contract (DbC) [23] promotes reliable software development through elaboration of type signatures for sequential programs with logical formulae. This paper presents an assertion method which generalises the notion of DbC to multiparty distributed interactions, enabling the specification and verification of distributed multiparty protocols, based on the π-calculus with full recursion. Centring on the notion of global assertions and their projections onto endpoint assertions, our method allows fully general specifications for typed sessions with session channel passing, constraining the content of the exchanged messages, the choice of subconversations to follow, and invariants on recursions. The paper presents key theoretical foundations of this framework, including a validation algorithm for consistency of global assertions and a sound and relatively complete compositional proof system for verifying a large class of processes against assertions. 1
Computationally sound verification of source code
, 2010
"... Increasing attention has recently been given to the formal verification of the source code of cryptographic protocols. The standard approach is to use symbolic abstractions of cryptography that make the analysis amenable to automation. This leaves the possibility of attacks that exploit the mathema ..."
Abstract
-
Cited by 22 (7 self)
- Add to MetaCart
Increasing attention has recently been given to the formal verification of the source code of cryptographic protocols. The standard approach is to use symbolic abstractions of cryptography that make the analysis amenable to automation. This leaves the possibility of attacks that exploit the mathematical properties of the cryptographic algorithms themselves. In this paper, we show how to conduct the protocol analysis on the source code level (F # in our case) in a computationally sound way, i.e., taking into account cryptographic security definitions. We build upon the prominent F7 verification framework (Bengtson et al., CSF 2008) which comprises a security type-checker for F # protocol implementations using symbolic ide-alizations and the concurrent lambda calculus RCF to model a core fragment of F#. To leverage this prior work, we give conditions under which symbolic security of RCF programs using crypto-raphic idealizations implies computational security of the same programs using cryptographic algorithms. Combined with F7, this yields a computationally sound, automated verification of F# code containing public-key encryptions and signatures. For the actual computational soundness proof, we use the CoSP framework (Backes, Hofheinz, and Unruh, CCS 2009). We thus inherit the modularity of CoSP, which allows for easily extending our proof to other cryptographic primitives.
Guiding a general-purpose C verifier to prove cryptographic protocols
- in IEEE Computer Security Foundations Symposium (CSF’11), 2011
, 2011
"... We describe how to verify security properties of C code for crypto-graphic protocols by using a general-purpose verifier. We prove security theorems in the symbolic model of cryptography. Our techniques include: use of ghost state to attach formal algebraic terms to concrete byte arrays and to detec ..."
Abstract
-
Cited by 14 (7 self)
- Add to MetaCart
(Show Context)
We describe how to verify security properties of C code for crypto-graphic protocols by using a general-purpose verifier. We prove security theorems in the symbolic model of cryptography. Our techniques include: use of ghost state to attach formal algebraic terms to concrete byte arrays and to detect collisions when two distinct terms map to the same byte ar-ray; decoration of a crypto API with contracts based on symbolic terms; and expression of the attacker model in terms of C programs. We rely on the general-purpose verifier VCC; we guide VCC to prove security simply by writing suitable header files and annotations in implementation files, rather than by changing VCC itself. We formalize the symbolic model in Coq in order to justify the addition of axioms to VCC. 1
A Framework for the Cryptographic Verification of Java-like Programs. Cryptology ePrint Archive, Report 2012/153
, 2012
"... Abstract—We consider the problem of establishing cryptographic guarantees—in particular, computational indistinguishability—for Java or Java-like programs that use cryptography. For this purpose, we propose a general framework that enables existing program analysis tools that can check (standard) no ..."
Abstract
-
Cited by 13 (1 self)
- Add to MetaCart
(Show Context)
Abstract—We consider the problem of establishing cryptographic guarantees—in particular, computational indistinguishability—for Java or Java-like programs that use cryptography. For this purpose, we propose a general framework that enables existing program analysis tools that can check (standard) non-interference properties of Java programs to establish cryptographic security guarantees, even if the tools a priori cannot deal with cryptography. The approach that we take is new and combines techniques from program analysis and simulation-based security. Our framework is stated and proved for a Java-like language that comprises a rich fragment of Java. The general idea of our approach should, however, be applicable also to other practical programming languages. As a proof of concept, we use an automatic program analysis tool for checking non-interference properties of Java programs, namely the tool Joana, in order to establish computational indistinguishability for a Java program that involves clients sending encrypted messages over a network, controlled by an active adversary, to a server. I.
Union and intersection types for secure protocol implementations
"... We present a new type system for verifying the security of cryptographic protocol implementations. The type system combines prior work on refinement types, with union, intersection, and polymorphic types, and with the novel ability to reason statically about the disjointness of types. The increased ..."
Abstract
-
Cited by 13 (3 self)
- Add to MetaCart
We present a new type system for verifying the security of cryptographic protocol implementations. The type system combines prior work on refinement types, with union, intersection, and polymorphic types, and with the novel ability to reason statically about the disjointness of types. The increased expressivity enables the analysis of important protocol classes that were previously out of scope for the type-based analyses of protocol implementations. In particular, our types can statically characterize: (i) more usages of asymmetric cryptography, such as signatures of private data and encryptions of authenticated data; (ii) authenticity and integrity properties achieved by showing knowledge of secret data; (iii) applications based on zero-knowledge proofs. The type system comes with a mechanized proof of correctness and an efficient type-checker.
Principles and Applications of Refinement Types
, 2009
"... A refinement type {x: T | C} is the subset of the type T consisting of the values x to satisfy the formula C. In this tutorial article we explain the principles of refinement types by developing from first principles a concurrent λ-calculus whose type system supports refinement types. Moreover, we ..."
Abstract
-
Cited by 12 (4 self)
- Add to MetaCart
A refinement type {x: T | C} is the subset of the type T consisting of the values x to satisfy the formula C. In this tutorial article we explain the principles of refinement types by developing from first principles a concurrent λ-calculus whose type system supports refinement types. Moreover, we describe a series of applications of our refined type theory and of related systems.
Security protocol verification: Symbolic and computational models
- PRINCIPLES OF SECURITY AND TRUST - FIRST INTERNATIONAL CONFERENCE, POST 2012, VOLUME 7215 OF LECTURE NOTES IN COMPUTER SCIENCE
, 2012
"... Security protocol verification has been a very active research area since the 1990s. This paper surveys various approaches in this area, considering the verification in the symbolic model, as well as the more recent approaches that rely on the computational model or that verify protocol implementa ..."
Abstract
-
Cited by 11 (0 self)
- Add to MetaCart
(Show Context)
Security protocol verification has been a very active research area since the 1990s. This paper surveys various approaches in this area, considering the verification in the symbolic model, as well as the more recent approaches that rely on the computational model or that verify protocol implementations rather than specifications. Additionally, we briefly describe our symbolic security protocol verifier ProVerif and situate it among these approaches.
ZQL: A compiler for privacy-preserving data processing
- In USENIX Security
, 2013
"... Abstract ZQL is a query language for expressing simple computations on private data. Its compiler produces code to certify data, perform client-side computations, and verify the correctness of their results. Under the hood, it synthesizes zero-knowledge protocols that guarantee both integrity of th ..."
Abstract
-
Cited by 9 (1 self)
- Add to MetaCart
Abstract ZQL is a query language for expressing simple computations on private data. Its compiler produces code to certify data, perform client-side computations, and verify the correctness of their results. Under the hood, it synthesizes zero-knowledge protocols that guarantee both integrity of the query results and privacy for all other data. We present the ZQL language, its compilation scheme down to concrete cryptography, and the security guarantees it provides. We report on a prototype compiler that produces F# and C++. We evaluate its performance on queries for smart-meter billing, for pay-as-you-drive insurance policies, and for location-based services.
