Skip to main content
SpringerLink
Log in
Book cover

Asian Symposium on Programming Languages and Systems

APLAS 2010: Programming Languages and Systems pp 47–62Cite as

Typechecking Higher-Order Security Libraries

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6461))

Abstract

We propose a flexible method for verifying the security of ML programs that use cryptography and recursive data structures. Our main applications are X.509 certificate chains, secure logs for multi-party games, and XML digital signatures. These applications are beyond the reach of automated cryptographic verifiers such as ProVerif, since they require some form of induction. They can be verified using refinement types (that is, types with embedded logical formulas, tracking security events). However, this entails replicating higher-order library functions and annotating each instance with its own logical pre- and post-conditions. Instead, we equip higher-order functions with precise, yet reusable types that can refer to the pre- and post-conditions of their functional arguments, using generic logical predicates. We implement our method by extending the F7 typechecker with automated support for these predicates. We evaluate our approach experimentally by verifying a series of security libraries and protocols.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Backes, M., Hriţcu, C., Maffei, M., Tarrach, T.: Type-checking implementations of protocols based on zero-knowledge proofs. In: FCS (2009)

    Google Scholar 

  2. Barnett, M., Leino, M., Schulte, W.: The Spec# programming system: An overview. In: CASSIS, pp. 49–69 (January 2005)

    Google Scholar 

  3. Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A.D., Maffeis, S.: Refinement types for secure implementations. In: CSF, pp. 17–32 (2008)

    Google Scholar 

  4. Bhargavan, K., Fournet, C., Gordon, A.D., Tse, S.: Verified interoperable implementations of security protocols. ACM TOPLAS 31, 5:1–5:61 (2008)

    Google Scholar 

  5. Bhargavan, K., Corin, R., Deniélou, P., Fournet, C., Leifer, J.: Cryptographic protocol synthesis and verification for multiparty sessions. In: CSF, pp. 124–140 (2009)

    Google Scholar 

  6. Bhargavan, K., Fournet, C., Gordon, A.D.: Modular verification of security protocol code by typing. In: POPL, pp. 445–456 (2010)

    Google Scholar 

  7. Bhargavan, K., Fournet, C., Guts, N.: Typechecking higher-order security libraries. Technical Report (2010), http://msr-inria.inria.fr/Projects/sec/infer

  8. Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: CSFW, pp. 82–96 (2001)

    Google Scholar 

  9. Chaki, S., Datta, A.: ASPIER: An automated framework for verifying security protocol implementations. In: CSF, pp. 172–185 (2009)

    Google Scholar 

  10. Chen, J., Chugh, R., Swamy, N.: Type-preserving compilation for end-to-end verification of security enforcement. In: PLDI, pp. 412–423 (June 2010)

    Google Scholar 

  11. Eastlake, D., Reagle, J., Solo, D., Bartel, M., Boyer, J., Fox, B., LaMacchia, B., Simon, E.: XML-Signature Syntax and Processing. W3C Recommendation (2002)

    Google Scholar 

  12. Fähndrich, M., Barnett, M., Logozzo, F.: Embedded Contract Languages. In: SAC OOPS (2010)

    Google Scholar 

  13. Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. SIGPLAN Not. 37(5), 234–245 (2002)

    Article  Google Scholar 

  14. Goubault-Larrecq, J., Parrennes, F.: Cryptographic protocol analysis on real C code. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 363–379. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  15. Guts, N., Fournet, C., Zappa Nardelli, F.: Reliable evidence: Auditability by typing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 168–183. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  16. Hoare, C.: An axiomatic basis for computer programming. Communications of the ACM (1969)

    Google Scholar 

  17. Recommendation X.509 (1997 E): Information Technology - Open Systems Interconnection - The Directory: Authentication Framework. ITU-T (June 1997)

    Google Scholar 

  18. Plotkin, G.D.: Denotational semantics with partial functions. Unpublished lecture notes, CSLI, Stanford University (July 1985)

    Google Scholar 

  19. Régis-Gianas, Y., Pottier, F.: A Hoare logic for call-by-value functional programs. In: Audebaud, P., Paulin-Mohring, C. (eds.) MPC 2008. LNCS, vol. 5133, pp. 305–335. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  20. Rondon, P., Kawaguci, M., Jhala, R.: Liquid types. In: PLDI, pp. 159–169 (2008)

    Google Scholar 

  21. Swamy, N., Chen, J., Chugh, R.: Enforcing stateful authorization and information flow policies in fine. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 529–549. Springer, Heidelberg (2010)

    Google Scholar 

  22. Xu, D.N.: Extended static checking for Haskell. In: Haskell, pp. 48–59 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. MSR-INRIA Joint Centre, France

    Karthik Bhargavan, Cédric Fournet & Nataliya Guts

  2. Microsoft Research, USA

    Cédric Fournet

  3. INRIA, France

    Karthik Bhargavan

Authors
  1. Karthik Bhargavan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cédric Fournet
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nataliya Guts
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science and Engineering, Waseda University, 3-4-1, Okubo, Shinjuku-ku, 169-8555, Tokyo, Japan

    Kazunori Ueda

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bhargavan, K., Fournet, C., Guts, N. (2010). Typechecking Higher-Order Security Libraries. In: Ueda, K. (eds) Programming Languages and Systems. APLAS 2010. Lecture Notes in Computer Science, vol 6461. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17164-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17164-2_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17163-5

  • Online ISBN: 978-3-642-17164-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation