Refinement types for secure implementations

ACM Transactions on Programming Languages and Systems

Volumn 33, Issue 2, 2011, Pages

  Bengtson, Jesper ^a   Bhargavan, Karthikeyan ^b   Fournet, Cédric ^b   Gordon, Andrew D ^b   Maffeis, Sergio ^c  

^a UPPSALA UNIVERSITY   (Sweden)

^b MICROSOFT RESEARCH   (United Kingdom)

^c IMPERIAL COLLEGE LONDON   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL MECHANISM; ACTIVE ADVERSARY; CRYPTOGRAPHIC PRIMITIVES; CRYPTOGRAPHIC PROTOCOLS; FIRST-ORDER; FUNCTIONAL LANGUAGES; KEY COMPROMISE; SECURE IMPLEMENTATION; SECURITY PROPERTIES; SOURCE CODES; TYPE THEORY; TYPECHECKING; VERIFICATION CONDITION;

ACCESS CONTROL; CALCULATIONS; FORMAL LOGIC;

CRYPTOGRAPHY;

EID: 79951546693     PISSN: 01640925     EISSN: 15584593     Source Type: Journal    
DOI: 10.1145/1890028.1890031     Document Type: Article

References (93)

1. ABADI, M. 1999. Secrecy by typing in security protocols. J. ACM 46, 5, 749-786.
2. ABADI,M. 2007. Access control in a core calculus of dependency. In Computation, Meaning, and Logic: Articles Dedicated to Gordon Plotkin, ENTCS, vol. 172. Elsevier, 5-31. (Pubitemid 46389596)
3. ABADI, M. AND BLANCHET, B. 2005. Analyzing security protocols with secrecy types and logic programs. J. ACM 52, 1, 102-146. (Pubitemid 43078382)
4. ABADI,M.,BURROWS,M.,LAMPSON, B., AND PLOTKIN, G. 1993. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15, 4, 706-734.
5. ABADI, M. AND FOURNET, C. 2003. Access control based on execution history. In Proceedings of the 10th Annual Network and Distributed System Symposium (NDSS'03). Internet Society.
6. ABADI, M. AND GORDON, A. D. 1999. A calculus for cryptographic protocols: The spi calculus. Inform. Comput. 148, 1-70. (Pubitemid 129608821)
7. ABADI, M. AND NEEDHAM, R. 1996. Prudent engineering practice for cryptographic protocols. IEEE Trans. Softw. Engin. 22, 1, 6-15. (Pubitemid 126771654)
8. ASKAROV, A.,HEDIN, D., AND SABELFELD, A. 2006. Cryptographically-masked flows. In Proceedings of the Static Analysis Symposium. Lecture Notes in Computer Science, vol. 4134. Springer, 353-369. (Pubitemid 44561984)
9. ASKAROV, A. AND SABELFELD, A. 2005. Security-typed languages for implementation of cryptographic protocols: A case study. In Proceedings of the European Symposium on Research in Computer Security (ESORICS'05). Lecture Notes in Computer Science, vol. 3679. Springer, 197-221.
10. ASPINALL, D. AND COMPAGNONI, A. 2001. Subtyping dependent types. Theor. Comput. Sci. 266, 1-2, 273-309. (Pubitemid 32833015)
11. AYDEMIR, B.,CHARGÉRAUD, A., PIERCE, B. C., POLLACK, R., ANDWEIRICH, S. 2008. Engineering formal metatheory. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL'08). ACM, 3-17.
12. BACKES, M., GROCHULLA, M., HRITÇU, C., AND MAFFEI, M. 2009. Achieving security despite compromise using zero-knowledge. In Proceedings of the 22nd IEEE Computer Security Foundations Symposium (CSF'09). IEEE Computer Society, 308-323.
13. BACKES,M.,MAFFEI,M., ANDUNRUH,D. 2010. Computationally sound verification of source code. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS'10). ACM Press, 387-398.
14. BALTOPOULOS, I. AND GORDON, A. D. 2009. Secure compilation of a multi-tier web language. In Proceedings of the ACM SIGPLAN Workshop on Types in Language Design and Implementation (TLDI'09). 27-38.
15. BARNETT, M., LEINO, M., AND SCHULTE, W. 2005. The Spec# programming system: An overview. In Proceedings of the CASSIS'05. Lecture Notes in Computer Science, vol. 3362. Springer, 49-69. (Pubitemid 41228860)
16. BELLARE, M. AND ROGAWAY, P. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the ACM Conference on Computer and Communications Security. 62-73.
17. BENGTSON, J., BHARGAVAN, K., FOURNET, C., GORDON, A. D., AND MAFFEIS, S. 2008. Refinement types for secure implementations. In Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF'08). 17-32.
18. BENGTSON, J., BHARGAVAN, K., FOURNET, C., GORDON, A. D., AND MAFFEIS, S. 2010. Refinement types for secure implementations. Tech. rep. MSR-TR-2008-118, Microsoft Research.
19. BHARGAVAN, K.,CORIN, R.,DENIÉLOU, P.-M., FOURNET, C., AND LEIFER, J. J. 2009. Cryptographic protocol synthesis and verification formultiparty sessions. In Proceedings of the 22nd IEEE Computer Security Foundations Symposium (CSF'09). 124-140.
20. BHARGAVAN, K., FOURNET, C., CORIN, R., AND ZALINESCU, E. 2008a. Cryptographically verified implementations for TLS. In Proceedings of the ACM Conference on Computer and Communications Security. 459-468.
21. BHARGAVAN, K., FOURNET, C., AND GORDON, A. D. 2010a. Modular verification of security protocol code by typing. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL'10). ACM, 445-456.
22. BHARGAVAN, K., FOURNET, C., GORDON, A. D., AND TSE, S. 2008b. Verified interoperable implementations of security protocols. ACM Trans. Program Lang. Syst. 31, 5.
23. BHARGAVAN, K., FOURNET, C., AND GUTS, N. 2010b. Typechecking higher-order security libraries. In Proceedings of the Asian Symposium on Programming Languages and Systems (APLAS'10). 47-62.
24. BLANCHET, B. 2001. An efficient cryptographic protocol verifier based on Prolog rules. In Proceedings of the IEEE Computer Security Foundations Workshop (CSFW'01). 82-96. (Pubitemid 32877779)
25. BLANCHET, B. 2006. A computationally sound mechanized prover for security protocols. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, 140-154. (Pubitemid 44753719)
26. BLANCHET, B., ABADI, M., AND FOURNET, C. 2008. Automated verification of selected equivalences for security protocols. J. Logic Algeb. Program. 75, 1, 3-51. (Pubitemid 351172997)
27. BORGSTRÖM, J., GORDON, A. D., AND PUCELLA, R. 2010. Roles, stacks, histories: A triple for Hoare. J. Function. Program. Cambridge University Press.
28. CARDELLI, L. 1986. Typechecking dependent types and subtypes. In Foundations of Logic and Functional Programming. Lecture Notes in Computer Science, vol. 306. Springer, 45-57.
29. CHAKI, S. AND DATTA, A. 2009. ASPIER: An automated framework for verifying security protocol implementations. In Proceedings of the IEEE Computer Security Foundations Symposium. 172-185.
30. CHEN, J., CHUGH, R., AND SWAMY, N. 2010. Type-Preserving compilation for end-to-end verification of security enforcement. In Proceedings of the Conference on Programming Language Design and Implementation (PLDI'10). ACM, 412-423.
31. CIRILLO, A., JAGADEESAN, R., PITCHER, C., AND RIELY, J. 2007. Do As I SaY! Programmatic access control with explicit identities. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF'07). 16-30. (Pubitemid 47554203)
32. COK, D. R. AND KINIRY, J. 2004. ESC/Java2: Uniting ESC/Java and JML. In Proceedings of the CASSIS'05. Lecture Notes in Computer Science, vol. 3362. Springer, 108-128.
33. CONSTABLE, R., ALLEN, S., BROMLEY, H., CLEAVELAND, W., CREMER, J., HARPER, R., HOWE, D., KNOBLOCK, T., MENDLER, N., PANANGADEN, P., ET AL. 1986. Implementing Mathematics with the Nuprl Proof Development System. Prentice-Hall.
34. COOPER, E., LINDLEY, S.,WADLER, P., AND YALLOP, J. 2006. Links: Web Programming Without Tiers. In Proceedings of 5th International Symposium on Formal Methods for Components and Objects (FMCO). Lecture Notes in Computer Science. Springer-Verlag.
35. COQUAND, T. AND HUET, G. 1988. The calculus of constructions. Inform. Comput. 76, 2-3, 95-120.
36. DATTA, A., DEREK, A.,MITCHELL, J. C., AND ROY, A. 2007. Protocol composition logic (PCL). In Electronic Notes in Theoretical Computer Science (Gordon D. Plotkin Festschrift), Vol. 172, Feb. 311-358. (Pubitemid 46367781)
37. DE BRUIJN, N. G. 1972. Lambda calculus notation with nameless dummies, a tool for automatic formula manipulation, with application to the Church-Rosser theorem. Indagationes Mathematicae 34, 381-392.
38. DE MOURA, L. AND BJØRNER, N. 2008. Z3: An efficient SMT solver. In Proceedings of the Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'08). Lecture Notes in Computer Science, vol. 4963. Springer, 337-340.
39. DEAN, D., FELTEN, E., AND WALLACH, D. 1996. Java security: From HotJava to Netscape and beyond. In Proceedings of the IEEE Symposium on Security and Privacy.
40. DETLEFS, D., NELSON, G., AND SAXE, J. 2005. Simplify: A theorem prover for program checking. J. ACM 52, 3, 365-473.
41. DOLEV, D. AND YAO, A. 1983. On the security of public key protocols. IEEE Trans. Inform. Theory IT-29, 2, 198-208.
42. DUMMETT, M. A. E. 1977. Elements of Intuitionism. Clarendon Press.
43. DURGIN, N., MITCHELL, J. C., AND PAVLOVIC, D. 2003. A compositional logic for proving security properties of protocols. J. Comput. Secur. (Special Issue of Selected Papers from CSFW-14) 11, 4, 677-721.
44. EASTLAKE, D., REAGLE, J., SOLO, D., BARTEL, M., BOYER, J., FOX, B., LAMACCHIA, B., AND SIMON, E. 2002. XML-signature syntax and processing. W3C Recommendation. http://www.w3.org/TR/2002/ REC-xmldsig-core-20020212/.
45. FILLIÂTRE, J. ANDMARCHÉ, C. 2004. Multi-prover Verification of C Programs. In Proceedings of the International Conference on Formal Engineering Methods (ICFEM'04). Lecture Notes in Computer Science, vol. 3308. Springer, 15-29. (Pubitemid 39750922)
46. FLANAGAN, C., LEINO, K. R. M., LILLIBRIDGE, M., NELSON, G., SAXE, J. B., AND STATA, R. 2002. Extended static checking for Java. SIGPLAN Not. 37, 5, 234-245. (Pubitemid 34991522)
47. FOURNET, C. 2009. On the computational soundness of cryptographic verification by typing. In Proceedings of the Workshop on Formal and Computational Cryptography (FCC'09).
48. FOURNET, C., GORDON, A. D., AND MAFFEIS, S. 2007a. A type discipline for authorization policies. ACM Trans. Program. Lang. Syst. 29, 5. Article 25.
49. FOURNET, C., GORDON, A. D., AND MAFFEIS, S. 2007b. A type discipline for authorization policies in distributed systems. In Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF'07). 31-45. (Pubitemid 47554204)
50. FOURNET, C. AND REZK, T. 2008. Cryptographically sound implementations for typed information-flow security. In Proceedings of the 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'08). 323-335.
51. FREEMAN, T. AND PFENNING, F. 1991. Refinement types for ML. In Proceedings of the Conference on Programming Language Design and Implementation (PLDI'91). ACM, 268-277.
52. GORDON, A. D. 1994. A mechanisation of name-carrying syntax up to alpha-conversion. In Proceedings of the Conference on Higher Order Logic Theorem Proving and its Applications, J. J. Joyce and C.-J. H. Seger, Eds. Lecture Notes in Computer Science, vol. 780. Springer, 414-426.
53. GORDON, A. D. AND FOURNET, C. 2010. Principles and applications of refinement types. In Logics and Languages for Reliability and Security: Proceedings of the NATO Summer School Marktoberdorf, J. Esparza, B. Spanfelner, and O. Grumberg, Eds., IOS Press, 73-104.
54. GORDON, A. D. AND JEFFREY, A. S. A. 2002. Cryptyc: Cryptographic protocol type checker. http://cryptyc.cs. depaul.edu/
55. GORDON, A. D. AND JEFFREY, A. S. A. 2003a. Authenticity by typing for security protocols. J. Comput. Secur. 11, 4, 451-521.
56. GORDON, A. D. AND JEFFREY, A. S. A. 2003b. Types and effects for asymmetric cryptographic protocols. J. Comput. Secur. 12, 3/4, 435-484.
57. GORDON, A. D. AND JEFFREY, A. S. A. 2005. Secrecy despite compromise: Types, cryptography, and the picalculus. In Proceedings of the CONCUR'05. Lecture Notes in Computer Science, vol. 3653. Springer, 186-201. (Pubitemid 41520742)
58. GOUBAULT-LARRECQ, J. AND PARRENNES, F. 2005. Cryptographic protocol analysis on real C code. In Proceedings of the Conference on Verification Model-Checkior and Abstract Implementation (VMCAI'05). Lecture Notes in Computer Science, vol. 3385, Springer, 363-379. (Pubitemid 41231372)
59. GRONSKI, J., KNOWLES, K., TOMB, A., FREUND, S. N., AND FLANAGAN, C. 2006. Sage: Hybrid checking for flexible specifications. In Proceedings of the Scheme and Functional Programming Workshop. R. Findler. Ed., 93-104.
60. GUNTER, C. 1992. Semantics of Programming Languages. MIT Press.
61. GUTS, N., FOURNET, C., AND ZAPPA NARDELLI, F. 2009. Reliable evidence: Auditability by typing. In Proceedings of the 14th European Symposium on Research in Computer Security (ESORICS'09). Lecture Notes in Computer Science, Springer, 168-183.
62. HUBBERS, E., OOSTDIJK, M., AND POLL, E. 2003. Implementing a formally verifiable security protocol in Java Card. In Security in Pervasive Computing, 213-226.
63. JAGADEESAN, R., JEFFREY, A. S. A.,PITCHER, C., AND RIELY, J. 2008. Lambda-RBAC: Programming with role-based access control. Logical Methods Comput. Sci. 4, 1.
64. JIA, L.,VAUGHAN, J.,MAZURAK, K., ZHAO, J., ZARKO, L., SCHORR, J., AND ZDANCEWIC, S. 2008. Aura: A programming language for authorization and audit. In Proceedings of the International Conference on Functional Programming (ICFP'08). ACM, 27-38.
65. KAWAGUCHI, M., RONDON, P., AND JHALA, R. 2009. Type-based data structure verification. In Proceedings of the Conference on Programming Language Design and Implementation (PLDI'09). ACM, 304-315.
66. LI, P. AND ZDANCEWIC, S. 2006. Encoding information flow in Haskell. In Proceedings of the IEEE Computer Security Foundations Workshop (CSFW'06). 16-27. (Pubitemid 46499714)
67. MAFFEIS, S., ABADI, M., FOURNET, C., AND GORDON, A. D. 2008. Code-carrying authorization. In Proceedings of the 13th European Symposium on Research in Computer Security (ESORICS'08). Lecture Notes in Computer Science, vol. 5283. Springer, 563-579.
68. MARTIN-LÖF, P. 1984. Intuitionistic Type Theory. Bibliopolis.
69. MORRIS, JR., J. H. 1973. Protection in programming languages. Comm. ACM 16, 1, 15-21.
70. MYERS, A. C. 1999. JFlow: Practical mostly-static information flow control. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL'99). 228-241.
71. NADALIN, A., KALER, C., HALLAM-BAKER, P., AND MONZILLO, R. 2004. OASIS Web services security: SOAP message security 1.0. http://www.oasis-open.org/ committees/download.php/5941/oasis-200401-wss% -soap-message-security-1.0.pdf
72. NEEDHAM, R. AND SCHROEDER, M. 1978. Using encryption for authentication in large networks of computers. Comm. ACM 21, 12, 993-999. (Pubitemid 9408754)
73. PARENT, C. 1995. Synthesizing proofs from programs in the calculus of inductive constructions. Math. Program Construct. 947, 351-379.
74. PAULSON, L. C. 1987. Logic and Computation: Interactive Proof with Cambridge LCF. Cambridge University Press.
75. PAULSON, L. C. 1991. Isabelle: A Generic Theorem Prover. Lecture Notes in Computer Science, vol. 828. Springer.
76. PIERCE, B. AND SANGIORGI, D. 1996. Typing and subtyping formobile processes. Math. Struct. Comput. Sci. 6, 5, 409-454.
77. POLL, E. AND SCHUBERT, A. 2007. Verifying an implementation of SSH. In Proceedings of the Workshop on Information Technologies and Systems Meetings (WITS'07). 164-177.
78. POTTIER, F. AND SIMONET, V. 2003. Information flow inference for ML. ACM Trans. Program. Lang. Syst. 25, 1, 117-158.
79. POTTIER, F., SKALKA, C., AND SMITH, S. 2001. A systematic approach to access control. In Proceedings of the Conference on Programming Languages and Systems (ESOP'01). Lecture Notes in Computer Science, vol. 2028. Springer, 30-45.
80. RÉGIS-GIANAS, Y. AND POTTIER, F. 2008. A Hoare logic for call-by-value functional programs. In Mathematics of Program Construction. Lecture Notes in Computer Science, vol. 5133. Springer, 305-335.
81. RONDON, P.,KAWAGUCHI,M., AND JHALA, R. 2008. Liquid types. In Proceedings of the Conference on Programming Language Design and Implementation (PLDI'08). ACM, 159-169.
82. RONDON, P.,KAWAGUCHI, M., AND JHALA, R. 2010. Low-level liquid types. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL'10). ACM, 131-144.
83. RUSHBY, J., OWRE, S., AND SHANKAR, N. 1998. Subtypes for specifications: Predicate subtyping in PVS. IEEE Trans. Softw. Engin. 24, 9, 709-720. (Pubitemid 128741977)
84. SABRY, A. AND FELLEISEN, M. 1993. Reasoning about programs in continuation-passing style. LISP Symb. Comput. 6, 3-4, 289-360.
85. SUMII, E. AND PIERCE, B. 2007. A bisimulation for dynamic sealing. Theor. Comput. Sci. 375, 1-3, 169-192. (Pubitemid 46528650)
86. SWAMY, N., CHEN, J., AND CHUGH, R. 2010. Enforcing stateful authorization and information flow policies in Fine. In Proceedings of the 19th European Symposium on Programming (ESOP'10). 529-549.
87. SWAMY, N.,CORCORAN, B. J., AND HICKS,M. 2008. Fable: A language for enforcing user-defined security policies. In Proceedings of the IEEE Symposium on Security and Privacy. 96-110.
88. SYME, D., GRANICZ, A., AND CISTERNINO, A. 2007. Expert F#. Apress.
89. VAUGHAN, J. A., JIA, L.,MAZURAK, K., AND ZDANCEWIC, S. 2008. Evidence-Based audit. In Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF'08). 177-191.
90. VAUGHAN, J. A. AND ZDANCEWIC, S. 2007. A cryptographic decentralized label model. In Proceedings of the IEEE Symposium on Security and Privacy. 192-206. (Pubitemid 47432527)
91. WOO, T. AND LAM, S. 1993. A semantic model for authentication protocols. In Proceedings of the IEEE Symposium on Security and Privacy. 178-194.
92. XI, H. AND PFENNING, F. 1999. Dependent types in practical programming. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL'99). ACM, 214-227.
93. XU, D. N. 2006. Extended static checking for Haskell. In Proceedings of the ACM SIGPLAN Workshop on Haskell (Haskell'06). ACM, 48-59. (Pubitemid 44747754)