Refinement types for secure implementations

DMCA

Refinement types for secure implementations (2008)

Cached

Download Links

Other Repositories/Bibliography

DBLP

by Jesper Bengtson , Karthikeyan Bhargavan , Cédric Fournet , Andrew D. Gordon , Sergio Maffeis

Venue:	IN 21ST IEEE COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF’08
Citations:	114 - 25 self

BibTeX

@INPROCEEDINGS{Bengtson08refinementtypes,
    author = {Jesper Bengtson and Karthikeyan Bhargavan and Cédric Fournet and Andrew D. Gordon and Sergio Maffeis},
    title = {Refinement types for secure implementations},
    booktitle = {IN 21ST IEEE COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF’08},
    year = {2008},
    pages = {17--32},
    publisher = {IEEE}
}

OpenURL

Abstract

We present the design and implementation of a typechecker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. The underlying type theory is a λ-calculus equipped with refinement types for expressing pre- and post-conditions within first-order logic. We derive formal cryptographic primitives and represent active adversaries within the type theory. Well-typed programs enjoy assertion-based security properties, with respect to a realistic threat model including key compromise. The implementation amounts to an enhanced typechecker for the general purpose functional language F#; typechecking generates verification conditions that are passed to an SMT solver. We describe a series of checked examples. This is the first tool to verify authentication properties of cryptographic protocols by typechecking their source code.

DMCA