Abstract
We present a new type system for verifying the security of cryptographic protocol implementations. The type system combines prior work on refinement types, with union, intersection, and polymorphic types, and with the novel ability to reason statically about the disjointness of types. The increased expressivity enables the analysis of important protocol classes that were previously out of scope for the type-based analyses of protocol implementations. In particular, our types can statically characterize: (i) more usages of asymmetric cryptography, such as signatures of private data and encryptions of authenticated data; (ii) authenticity and integrity properties achieved by showing knowledge of secret data; (iii) applications based on zero-knowledge proofs. The type system comes with a mechanized proof of correctness and an efficient type-checker.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abadi, M., Blanchet, B.: Secrecy types for asymmetric communication. Theoretical Computer Science 3(298), 387–415 (2003)
Abadi, M., Blanchet, B.: Analyzing security protocols with secrecy types and logic programs. Journal of the ACM 52(1), 102–146 (2005)
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proc. 28th Symposium on Principles of Programming Languages (POPL), pp. 104–115. ACM Press, New York (2001)
Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Information and Computation 148(1), 1–70 (1999)
Amadio, R.M., Cardelli, L.: Subtyping recursive types. ACM Transactions on Programming Languages and Systems (TOPLAS) 15(4), 575–631 (1993)
Backes, M., Grochulla, M.P., Hriţcu, C., Maffei, M.: Achieving security despite compromise using zero-knowledge. In: 22th IEEE Symposium on Computer Security Foundations (CSF 2009). IEEE Computer Society Press, Los Alamitos (July 2009)
Backes, M., Hriţcu, C., Maffei, M.: Union and intersection types for secure protocol implementations. Long version, formalization and implementation, http://www.infsec.cs.uni-sb.de/projects/F5/
Backes, M., Hriţcu, C., Maffei, M.: Type-checking zero-knowledge. In: 15th ACM Conference on Computer and Communications Security (CCS 2008), pp. 357–370. ACM Press, New York (2008)
Backes, M., Maffei, M., Pecina, K.: A security API for distributed social networks. In: 18th Annual Network & Distributed System Security Symposium (NDSS 2011), pp. 35–51. Internet Society, San Diego (2011)
Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In: Proc. of 29th IEEE Symposium on Security and Privacy, pp. 202–215. IEEE Computer Society Press, Los Alamitos (2008)
Backes, M., Maffei, M., Unruh, D.: Computationally sound verification of source code. In: Proc. 17th ACM Conference on Computer and Communications Security (CCS), pp. 387–398. ACM Press, New York (2010)
Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A.D., Maffeis, S.: Refinement types for secure implementations. In: Proc. 21th IEEE Symposium on Computer Security Foundations (CSF), pp. 17–32. IEEE Computer Society Press, Los Alamitos (2008), long version appeared as MSR-TR-2008-118. November 2010 revision that fixes the problems we pointed out is http://research.microsoft.com/en-us/um/people/adg/Publications/MSR-TR-2008-118-SP2.pdf
Bhargavan, K., Corin, R., Fournet, C., Zălinescu, E.: Cryptographically verified implementations for TLS. In: 15th ACM Conference on Computer and Communications Security (CCS 2008), pp. 459–468. ACM Press, New York (2008)
Bhargavan, K., Fournet, C., Gordon, A.D.: Modular verification of security protocol code by typing. In: Proc. 37th Symposium on Principles of Programming Languages (POPL 2010), pp. 445–456 (2010)
Bhargavan, K., Fournet, C., Gordon, A.D., Tse, S.: Verified interoperable implementations of security protocols. In: Proc. 19th IEEE Computer Security Foundations Workshop (CSFW), pp. 139–152. IEEE Computer Society Press, Los Alamitos (2006)
Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: Proc. 14th IEEE Computer Security Foundations Workshop (CSFW), pp. 82–96. IEEE Computer Society Press, Los Alamitos (2001)
Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proc. 11th ACM Conference on Computer and Communications Security, pp. 132–145. ACM Press, New York (2004)
Butler, F., Cervesato, I., Jaggard, A.D., Scedrov, A., Walstad, C.: Formal analysis of Kerberos 5. Theoretical Computer Science 367(1), 57–87 (2006)
Cardelli, L.: Type systems. In: The Computer Science and Engineering Handbook, pp. 2208–2236 (1997)
Chaki, S., Datta, A.: ASPIER: An automated framework for verifying security protocol implementations. Technical report, CMU CyLab (October 2008)
Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: A secure voting system. In: Proc. 29th IEEE Symposium on Security and Privacy, pp. 354–368. IEEE Computer Society Press, Los Alamitos (2008)
Compagnoni, A.B.: Subject reduction and minimal types for higher order subtyping. Technical Report ECS-LFCS-97-363, LFCS, University of Edinburgh (August 1997)
Davies, R., Pfenning, F.: Intersection types and computational effects. In: Proc. International Conference on Functional Programming (ICFP 2000), pp. 198–208 (2000)
de Moura, L., Bjørner, N.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)
Denning, D.E., Sacco, G.M.: Timestamps in key distribution protocols. Communications of the ACM 24(8), 533–536 (1981)
Dunfield, J.: Untangling typechecking of intersections and unions. In: Workshop on Intersection Types and Related Systems (ITRS) (July 2010)
Dunfield, J., Pfenning, F.: Tridirectional typechecking. In: Proc. 31th Symposium on Principles of Programming Languages (POPL 2004), pp. 281–292. ACM Press, New York (2004)
Eigner, F.: Type-based verification of electronic voting systems. Master’s thesis, Saarland University (2009)
Fisher, D.: Millions of .Net Passport accounts put at risk. eWeek (May 2003) (Flaw detected by Muhammad Faisal Rauf Danka)
Fournet, C., Gordon, A.D., Maffeis, S.: A type discipline for authorization in distributed systems. In: Proc. 20th IEEE Symposium on Computer Security Foundations (CSF), pp. 31–45. IEEE Computer Society Press, Los Alamitos (2007)
Goubault-Larrecq, J., Parrennes, F.: Cryptographic protocol analysis on real C code. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 363–379. Springer, Heidelberg (2005)
Harper, B., Lillibridge, M.: ML with callcc is unsound. Post to TYPES mailing list (July 8, 1991), archived at http://www.seas.upenn.edu/~sweirich/types/archive/1991/msg00034.html
Jhala, R., Majumdar, R., Rybalchenko, A.: HMC: Verifying functional programs using abstract interpreters. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 470–485. Springer, Heidelberg (2011), http://arxiv.org/abs/1004.2884v2
Morris Jr., J.H.: Protection in programming languages. Communications of the ACM 16(1), 15–21 (1973)
Kobayashi, N.: Types and higher-order recursion schemes for verification of higher-order programs. In: Proc. 36th Symposium on Principles of Programming Languages (POPL 2009), pp. 416–428 (2009)
Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)
Mendler, N.P.: Inductive types and type constraints in the second-order lambda calculus. Annals of Pure and Applied Logic 51(1-2), 159–172 (1991)
Pierce, B.C.: Programming with intersection types, union types, and polymorphism. Technical Report CMU-CS-91-106, Carnegie Mellon University (1991)
Pierce, B.C.: Intersection types and bounded polymorphism. Mathematical Structures in Computer Science 7(2), 129–193 (1997)
Reynolds, J.C.: Design of the programming language Forsythe. Technical Report CMU-CS-96-146, Carnegie Mellon University (June 1996); Reprinted in O’Hearn, Tennent: ALGOL-like Languages, vol. 1, pp. 173–233. Birkhäuser, Basel (1997)
Rondon, P.M., Kawaguchi, M., Jhala, R.: Liquid types. In: Proc. ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation (PLDI 2008), pp. 159–169 (2008)
Sumii, E., Pierce, B.C.: A bisimulation for dynamic sealing. Theoretical Computer Science 375(1-3), 169–192 (2007)
Urzyczyn, P.: Positive recursive type assignment. In: Hájek, P., Wiedermann, J. (eds.) MFCS 1995. LNCS, vol. 969, pp. 382–391. Springer, Heidelberg (1995)
Wagner, D., Schneier, B.: Analysis of the SSL 3.0 protocol. In: Proc. 2nd USENIX Workshop on Electronic Commerce, pp. 29–40 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Backes, M., Hriţcu, C., Maffei, M. (2012). Union and Intersection Types for Secure Protocol Implementations. In: Mödersheim, S., Palamidessi, C. (eds) Theory of Security and Applications. TOSCA 2011. Lecture Notes in Computer Science, vol 6993. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27375-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-27375-9_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27374-2
Online ISBN: 978-3-642-27375-9
eBook Packages: Computer ScienceComputer Science (R0)