Typechecking Higher-Order Security Libraries

  • Karthik Bhargavan
  • Cédric Fournet
  • Nataliya Guts
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6461)


We propose a flexible method for verifying the security of ML programs that use cryptography and recursive data structures. Our main applications are X.509 certificate chains, secure logs for multi-party games, and XML digital signatures. These applications are beyond the reach of automated cryptographic verifiers such as ProVerif, since they require some form of induction. They can be verified using refinement types (that is, types with embedded logical formulas, tracking security events). However, this entails replicating higher-order library functions and annotating each instance with its own logical pre- and post-conditions. Instead, we equip higher-order functions with precise, yet reusable types that can refer to the pre- and post-conditions of their functional arguments, using generic logical predicates. We implement our method by extending the F7 typechecker with automated support for these predicates. We evaluate our approach experimentally by verifying a series of security libraries and protocols.


Authentication Protocol Security Protocol Cryptographic Protocol Protocol Implementation Type Annotation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Backes, M., Hriţcu, C., Maffei, M., Tarrach, T.: Type-checking implementations of protocols based on zero-knowledge proofs. In: FCS (2009)Google Scholar
  2. 2.
    Barnett, M., Leino, M., Schulte, W.: The Spec# programming system: An overview. In: CASSIS, pp. 49–69 (January 2005)Google Scholar
  3. 3.
    Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A.D., Maffeis, S.: Refinement types for secure implementations. In: CSF, pp. 17–32 (2008)Google Scholar
  4. 4.
    Bhargavan, K., Fournet, C., Gordon, A.D., Tse, S.: Verified interoperable implementations of security protocols. ACM TOPLAS 31, 5:1–5:61 (2008)Google Scholar
  5. 5.
    Bhargavan, K., Corin, R., Deniélou, P., Fournet, C., Leifer, J.: Cryptographic protocol synthesis and verification for multiparty sessions. In: CSF, pp. 124–140 (2009)Google Scholar
  6. 6.
    Bhargavan, K., Fournet, C., Gordon, A.D.: Modular verification of security protocol code by typing. In: POPL, pp. 445–456 (2010)Google Scholar
  7. 7.
    Bhargavan, K., Fournet, C., Guts, N.: Typechecking higher-order security libraries. Technical Report (2010),
  8. 8.
    Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: CSFW, pp. 82–96 (2001)Google Scholar
  9. 9.
    Chaki, S., Datta, A.: ASPIER: An automated framework for verifying security protocol implementations. In: CSF, pp. 172–185 (2009)Google Scholar
  10. 10.
    Chen, J., Chugh, R., Swamy, N.: Type-preserving compilation for end-to-end verification of security enforcement. In: PLDI, pp. 412–423 (June 2010)Google Scholar
  11. 11.
    Eastlake, D., Reagle, J., Solo, D., Bartel, M., Boyer, J., Fox, B., LaMacchia, B., Simon, E.: XML-Signature Syntax and Processing. W3C Recommendation (2002)Google Scholar
  12. 12.
    Fähndrich, M., Barnett, M., Logozzo, F.: Embedded Contract Languages. In: SAC OOPS (2010)Google Scholar
  13. 13.
    Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. SIGPLAN Not. 37(5), 234–245 (2002)CrossRefGoogle Scholar
  14. 14.
    Goubault-Larrecq, J., Parrennes, F.: Cryptographic protocol analysis on real C code. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 363–379. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Guts, N., Fournet, C., Zappa Nardelli, F.: Reliable evidence: Auditability by typing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 168–183. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Hoare, C.: An axiomatic basis for computer programming. Communications of the ACM (1969)Google Scholar
  17. 17.
    Recommendation X.509 (1997 E): Information Technology - Open Systems Interconnection - The Directory: Authentication Framework. ITU-T (June 1997)Google Scholar
  18. 18.
    Plotkin, G.D.: Denotational semantics with partial functions. Unpublished lecture notes, CSLI, Stanford University (July 1985)Google Scholar
  19. 19.
    Régis-Gianas, Y., Pottier, F.: A Hoare logic for call-by-value functional programs. In: Audebaud, P., Paulin-Mohring, C. (eds.) MPC 2008. LNCS, vol. 5133, pp. 305–335. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Rondon, P., Kawaguci, M., Jhala, R.: Liquid types. In: PLDI, pp. 159–169 (2008)Google Scholar
  21. 21.
    Swamy, N., Chen, J., Chugh, R.: Enforcing stateful authorization and information flow policies in fine. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 529–549. Springer, Heidelberg (2010)Google Scholar
  22. 22.
    Xu, D.N.: Extended static checking for Haskell. In: Haskell, pp. 48–59 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Karthik Bhargavan
    • 1
    • 3
  • Cédric Fournet
    • 1
    • 2
  • Nataliya Guts
    • 1
  1. 1.MSR-INRIA Joint CentreFrance
  2. 2.Microsoft ResearchUSA
  3. 3.INRIAFrance

Personalised recommendations