Modular verification of security protocol code by typing

Conference Record of the Annual ACM Symposium on Principles of Programming Languages

Volumn , Issue , 2010, Pages 445-456

  Bhargavan, Karthikeyan ^a   Fournet, Cédric ^a   Gordon, Andrew D ^a  

^a MICROSOFT RESEARCH   (United Kingdom)

Author keywords

F7; Refinement type

Indexed keywords

CODE VERIFICATION; COMPOSITIONAL VERIFICATION; CRYPTOGRAPHIC CODES; CRYPTOGRAPHIC PROTOCOLS; DOMAIN SPECIFIC; LOGIC MODELS; MODULAR VERIFICATION; PROTOCOL IMPLEMENTATION; SECURITY PROTOCOLS; TYPECHECKING; WHOLE-PROGRAM ANALYSIS;

COMPUTER SOFTWARE SELECTION AND EVALUATION; LINGUISTICS; NETWORK PROTOCOLS; NETWORK SECURITY;

CRYPTOGRAPHY;

EID: 77950909049     PISSN: 07308566     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1706299.1706350     Document Type: Conference Paper

References (27)

1. M. Abadi. Secrecy by typing in security protocols. JACM, 46(5):749-786, 1999.
2. M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. J. Cryptology, 21(4), 2008.
3. J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis. Refinement types for secure implementations. Technical Report MSR- TR-2008-2118, Microsoft Research, 2008. See also CSF'08.
4. K. Bhargavan, C. Fournet, and A. D. Gordon. Verified reference implementations of WS-Security protocols. In WS-FM'06, LNCS 4184, 2006a.
5. K. Bhargavan, C. Fournet, A. D. Gordon, and S. Tse. Verified interoperable implementations of security protocols. In CSFW'06, 2006b.
6. K. Bhargavan, C. Fournet, R. Corin, and E. Zalinescu. Cryptographically verified implementations for TLS. In ACM CCS, pages 459-468, 2008a.
7. K. Bhargavan, C. Fournet, A. D. Gordon, and N. Swamy. Verified implementations of the Information Card federated identity-management protocol. In ASIACCS'08, pages 123-135, 2008b.
8. B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In CSFW'01, pages 82-96, 2001.
9. B. Blanchet. A computationally sound mechanized prover for security protocols. In IEEE Symposium on Security and Privacy, 2006.
10. I. Cervesato, A. D. Jaggard, A. Scedrov, J.-K. Tsay, and C.Walstad. Breaking and fixing public-key Kerberos. Information and Computation, 206 (2-4):402-424, 2008.
11. S. Chaki and A. Datta. ASPIER: An automated framework for verifying security protocol implementations. In CSF'09, 2009.
12. E. Cohen. TAPS: A first-order verifier for cryptographic protocols. In 13th IEEE Computer Security Foundations Workshop, pages 144-158, 2000.
13. L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS'08, pages 337-340. Springer, 2008. LNCS 4963.
14. D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, IT-29(2):198-208, 1983.
15. C. Flanagan. Hybrid type checking. In ACM POPL'06, pages 245-256, 2006.
16. A. D. Gordon and A. S. A. Jeffrey. Authenticity by typing for security protocols. J. Computer Security, 11(4):451-521, 2003a.
17. A. D. Gordon and A. S. A. Jeffrey. Types and effects for asymmetric cryptographic protocols. J. Computer Security, 12(3/4):435-484, 2003b.
18. J. Goubault-Larrecq and F. Parrennes. Cryptographic protocol analysis on real C code. In VMCAI'05, pages 363-379, 2005.
19. C. Gunter. Semantics of programming languages. MIT Press, 1992.
20. E. Kleiner and A. W. Roscoe. On the relationship between web services security and traditional protocols. In MFPS XXI, 2005.
21. G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In TACAS, pages 147-166, 1996. LNCS 1055.
22. J. H. Morris, Jr. Protection in programming languages. Commun. ACM, 16 (1):15-21, 1973.
23. R. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Commun. ACM, 21(12):993-999, 1978.
24. L. Paulson. The inductive approach to verifying cryptographic protocols. J. Computer Security, 6:85-128, 1998.
25. L. C. Paulson. Logic and proof. Cambridge University lecture notes, 2008.
26. G. D. Plotkin. Denotational semantics with partial functions. Unpublished lecture notes, CSLI, Stanford University, July 1985.
27. P. Rondon, M. Kawaguchi, and R. Jhala. Liquid types. In ACM PLDI'08, pages 159-169, 2008.