Secure distributed programming with value-dependent types

Journal of Functional Programming

Volumn 23, Issue 4, 2013, Pages 402-451

  Swamy, Nikhil ^a   Chen, Juan ^a   Fournet, Cédric ^a   Strub, Pierre Yves ^b   Bhargavan, Karthikeyan ^b   Yang, Jean ^c  

^a MICROSOFT RESEARCH   (United States)

^b MSR INRIA ^*  (United States)

^c MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BYTECODE VERIFICATION; DESIGN AND IMPLEMENTATIONS; DISTRIBUTED APPLICATIONS; DISTRIBUTED PROGRAMMING; FUNCTIONAL LANGUAGES; LOGICAL CONSISTENCY; PRIVACY PRESERVING; PROGRAM VERIFICATION;

APPLICATION PROGRAMS; CRYPTOGRAPHY; INTERNET PROTOCOLS; LIBRARIES; THEOREM PROVING;

PROGRAM COMPILERS;

EID: 84888357190     PISSN: 09567968     EISSN: 14697653     Source Type: Journal    
DOI: 10.1017/S0956796813000142     Document Type: Conference Paper

References (57)

1. Augustsson, L. (1998) Cayenne: A language with dependent types. In International Conference on Functional Programming. ACM, pp. 239-250.
2. Avijit, K., Datta, A. & Harper, R. (2010) Distributed programming with distributed authorization. In Types in Language Design and Implementation. ACM, pp. 27-38.
3. Backes, M., Hritcu, C. & Maffei, M. (2008) Type-checking zero-knowledge. In Computer and Communications Security. ACM, pp. 357-370.
4. Barendregt, H., Abramsky, S., Gabbay, D. M.,Maibaum, T. S. E. & Barendregt, H. P. (1992) Lambda Calculi with types. Handbook of Logic in Computer Science, Abramsky, S., Gabbay, D. M., Maibaum, T. S. E. (eds). Oxford: Oxford University Press, pp. 117-309.
5. Barthe, G., Fournet, C., Gregoire, B., Strub, P.-Y., Swamy, N. & Beguelin, S. Z. (2012) Probabilistic Relational Verification for Cryptographic Implementations. Tech. Rept. MSR-TR-2012-37. Microsoft Research.
6. Barthe, G., Grëgoire, B. & Pastawski, F. (2006) CIĈ: Type-based termination of recursive definitions in the calculus of inductive constructions. In Logic for Programming, Artificial Intelligence, and Reasoning. ACM, pp. 257-271.
7. Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A. D. & Maffeis, S. (2008) Refinement types for secure implementations. In Computer Security Foundations Symposium. IEEE, pp. 17-32.
8. Bertot, Y. & Castëran, P. (2004) Coq'art: Interactive Theorem Proving and Program Development. Heidelberg: Springer.
9. Bhargavan, K., Corin, R., Dëtnielou, P.-M., Fournet, C. & Leifer, J. (2009) Cryptographic protocol synthesis and verification for multiparty sessions. In Computer Security Foundations Symposium. IEEE, pp. 124-140.
10. Bhargavan, K., Fournet, C. & Gordon, A. D. (2010) Modular verification of security protocol code by typing. In Symposium on Principles of Programming Languages. ACM, pp. 445-456.
11. Borgstrom, J., Chen, J. & Swamy, N. (2011) Verifying stateful programs with substructural state and Hoare types. In Programming Languages Meets Program Verification. ACM, pp. 15-26.
12. Cervesato, I. & Pfenning, F. (2002) A linear logical framework. Inf. Comput. 179(1), 19-75.
13. Chapin, P. C., Skalka, C. & Wang, X. S. (2008) Authorization in trust management: Features and foundations. ACM Comput. Surv. 40, doi: 10.1145/1380584.1380587.
14. Chen, J., Chugh, R. & Swamy, N. (2010) Type-preserving compilation of end-to-end verification of security enforcement. In Programming Language Design and Implementation. ACM, pp. 412-423.
15. Clarkson, M. & Schneider, F. (2010) Hyperproperties. J. Comput. Secur. 18(6), 1157-1210.
16. Coq Development Team (2010) Chapter 4: Calculus of Inductive Constructions. Tech. Rept. INRIA.
17. de Moura, L. & BjØrner, N. (2008) Z3: An efficient SMT solver. In Tools and Algorithms for the Construction and Analysis of Systems. Springer, pp. 337-340.
18. Deni ëlou, P.-M. & Yoshida, N. (2011) Dynamic multirole session types. In Symposium on Principles of Programming Languages. ACM, pp. 435-446.
19. Dybjer, P. (2000) A general formulation of simultaneous inductive-recursive definitions in type theory. J. Symb. Log. 65(2), 525-549.
20. Felleisen,M. & Hieb, R. (1992) The revised report on the syntactic theories of sequential control and state. Theor. Comput. Sci. 103(2), 235-271.
21. Filliâtre, J.-C. & Paskevich, A. (2013) Why3: Where programs meet provers. In European Symposium on Programming. Springer, pp. 125-128.
22. Fournet, C., Gordon, A. D. & Maffeis, S. (2007) A type discipline for authorization policies in distributed systems. In Computer Security Foundations Symposium. IEEE, pp. 31-48.
23. Fournet, C., Kohlweiss, M. & Strub, P.-Y. (2011) Modular code-based cryptographic verification. In Computer and Communications Security. ACM, pp. 341-350.
24. Fournet, C., Swamy, N., Chen, J., Dagand, P.-Ë., Strub, P.-Y. & Livshits, B. (2013) Fully abstract compilation to JavaScript. In Symposium on Principles of Programming Languages. ACM, pp. 371-384.
25. Girard, J.-Y. (1972) Interprëttation Fonctionelle etëtlimination des Coupures de l'arithmëttique d'ordre supëtrieur. PhD thesis, Universitët Paris VII, Paris.
26. Gonthier, G., Mahboubi, A. & Tassi, E. (2011) A Small Scale Reflection Extension for the Coq System. Research Report RR-6455. INRIA.
27. Gordon, A. D. & Jeffrey, A. (2003) Authenticity by typing for security protocols. J. Comput. Secur. 11(4), 451-519.
28. Goues, C. L., Leino, K. R. M. & Moskal, M. (2011) The Boogie verification debugger (tool paper). In Software Engineering and Formal Methods. Springer, pp. 407-414.
29. Guha, A., Fredrikson, M., Livshits, B. & Swamy, N. (2011) Verified security for browser extensions. In Security and Privacy. IEEE, pp. 115-130.
30. Guha, A., Saftoiu, C. & Krishnamurthi, S. (2010) The essence of JavaScript. In European Conference on Object-Oriented Programming. Springer, pp. 126-150.
31. Gurevich, Y. & Neeman, I. (2008) DKAL: Distributed-knowledge authorization language. In Computer Security Foundations Symposium. IEEE, pp. 49-162.
32. Guts, N., Fournet, C. & Nardelli, F. Z. (2009) Reliable evidence: Auditability by typing. In European Symposium on Research in Computer Security. Springer, pp. 168-183.
33. Honda, K., Yoshida, N. & Carbone, M. (2008) Multiparty asynchronous session types. In Principles of Programming Languages. ACM, pp. 273-284.
34. Jeannin, J.-B., de Caso, G., Chen, J., Gurevich, Y., Naldurg, P. & Swamy, N. (2013) DKAL*: Constructing executable specifications of authorization protocols. In Engineering Secure Software and Systems. Springer, pp. 139-154.
35. Jia, L., Vaughan, J., Mazurak, K., Zhao, J., Zarko, L., Schorr, J. & Zdancewic, S. (2008) Aura: A programming language for authorization and audit. In International Conference on Functional Programming. ACM, pp. 27-38.
36. Jia, L. & Zdancewic, S. (2009) Encoding information flow in Aura. In Programming Languages and Analysis for Security. ACM, pp. 17-29.
37. Kimmell, G., Stump, A., Eades III, H. D., Fu, P., Sheard, T., Weirich, S., Casinghino, C., Sjöberg, V., Collins, N. & Ahn, K. Y. (2012) Equational reasoning about programs with general recursion and call-by-value semantics. In Programming Languages Meets Program Verification. ACM, pp. 15-26.
38. Kiselyov, O., Peyton-Jones, S. & Shan, C.-C. (2010) Fun with Type Functions. Preprint, Microsoft Research.
39. Lahiri, S. K., Qadeer, S. & Walker, D. (2011) Linear maps. In Programming Languages Meets Program Verification. ACM, pp. 3-14.
40. McCarthy, J. (1962) Towards a mathematical science of computation. In IFIP Congress. North- Holland, pp. 21-28.
41. Mendler, N. P. (1987) Inductive Definition in Type Theory. PhD thesis, Cornell University, Ithaca, NY.
42. Nanevski, A., Morrisett, G., Shinnar, A., Govereau, P. & Birkedal, L. (2008) Ynot: Dependent types for imperative programs. In International Conference on Functional Programming. ACM, pp. 229-240.
43. Norell, U. (2007) Towards a Practical Programming Language Based on Dependent Type Theory. PhD thesis, Chalmers Institute of Technology, Goteborg.
44. Pedersen, T. P. (1992) Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology. Springer, pp. 129-140.
45. Rial, A. & Danezis, G. (2010) Privacy-Friendly Smart Metering. Tech. rept. Microsoft Research.
46. Schlesinger, C. & Swamy, N. (2012) Verification Condition Generation with the Dijkstra State Monad. Tech. Rept. Microsoft Research.
47. Sewell, P., Zappa Nardelli, F., Owens, S., Peskine, G., Ridge, T., Sarkar, S. & Strnisa, R. (2010) Ott: Effective tool support for the working semanticist. J. Funct. Program. 20(1), 1-12.
48. Sozeau, M. (2007) Subset coercions in Coq. In Types for Proofs and Programs. Springer, pp. 237-252.
49. Sozeau, M. (2010). Equations: A dependent pattern-matching compiler. In Interactive Theorem Proving. Springer, pp. 419-434.
50. Strub, P.-Y., Swamy, N., Fournet, C. & Chen, J. (2012) Self-certification: Bootstrapping certified typecheckers in F* with Coq. In Principles of Programming Languages. ACM, pp. 571-584.
51. Stump, A., Deters, M., Petcher, A., Schiller, T. & Simpson, T. (2008) Verified programming in Guru. In Programming Languages Meets Program Verification. ACM, pp. 49-58.
52. Swamy, N., Chen, J. & Chugh, R. (2010) Enforcing stateful authorization and information flow policies in Fine. In European Symposium on Programming. Springer, pp. 529-549.
53. Swamy, N., Chen, J., Fournet, C., Strub, P.-Y., Bhargavan, K. & Yang, J. (2011) Secure distributed programming with value-dependent types. In International Conference on Functional Programming. ACM, pp. 266-278.
54. Swamy, N., Corcoran, B. J. & Hicks,M. (2008) Fable: A language for enforcing user-defined security policies. In Security and Privacy. IEEE, pp. 369-383.
55. Swamy, N., Weinberger, J., Schlesinger, C., Chen, J. & Livshits, B. (2013) Verifying higher-order programs with the Dijkstra monad. In Programming Languages Design and Implementation. ACM, pp. 387-398.
56. Vaughan, J. A., Jia, L., Mazurak, K. & Zdancewic, S. (2008) Evidence-based audit. In Computer Security Foundations Symposium. IEEE, pp. 177-191.
57. Volpano, D., Smith, G. & Irvine, C. (1996) A sound type system for secure flow analysis. J. Comput. Secur. 4(3), 167-187.