Hostname: page-component-848d4c4894-sjtt6 Total loading time: 0 Render date: 2024-06-28T22:33:45.510Z Has data issue: false hasContentIssue false
  • English
  • Français

Secure distributed programming with value-dependent types

Part of: JFP Research Articles

Published online by Cambridge University Press:  29 October 2013

NIKHIL SWAMY ,
JUAN CHEN ,
CÉDRIC FOURNET ,
PIERRE-YVES STRUB ,
KARTHIKEYAN BHARGAVAN  and
JEAN YANG
NIKHIL SWAMY
Affiliation:
Microsoft Research (e-mail: nswamy@microsoft.com, juanchen@microsoft.com, fournet@microsoft.com)
JUAN CHEN
Affiliation:
Microsoft Research (e-mail: nswamy@microsoft.com, juanchen@microsoft.com, fournet@microsoft.com)
CÉDRIC FOURNET
Affiliation:
Microsoft Research (e-mail: nswamy@microsoft.com, juanchen@microsoft.com, fournet@microsoft.com)
PIERRE-YVES STRUB
Affiliation:
MSR-INRIA (e-mail: pierre-yves@strub.nu)
KARTHIKEYAN BHARGAVAN
Affiliation:
INRIA (e-mail: karthikeyan.bhargavan@inria.fr)
JEAN YANG
Affiliation:
MIT (e-mail: jeanyang@csail.mit.edu)
Rights & Permissions [Opens in a new window]

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

Distributed applications are difficult to program reliably and securely. Dependently typed functional languages promise to prevent broad classes of errors and vulnerabilities, and to enable program verification to proceed side-by-side with development. However, as recursion, effects, and rich libraries are added, using types to reason about programs, specifications, and proofs becomes challenging. We present F*, a full-fledged design and implementation of a new dependently typed language for secure distributed programming. Our language provides arbitrary recursion while maintaining a logically consistent core; it enables modular reasoning about state and other effects using affine types; and it supports proofs of refinement properties using a mixture of cryptographic evidence and logical proof terms. The key mechanism is a new kind system that tracks several sub-languages within F* and controls their interaction. F* subsumes two previous languages, F7 and Fine. We prove type soundness (with proofs mechanized in Coq) and logical consistency for F*. We have implemented a compiler that translates F* to .NET bytecode, based on a prototype for Fine. F* provides access to libraries for concurrency, networking, cryptography, and interoperability with C#, F#, and the other .NET languages. The compiler produces verifiable binaries with 60% code size overhead for proofs and types, as much as a 45x improvement over the Fine compiler, while still enabling efficient bytecode verification. We have programmed and verified nearly 50,000 lines of F* including new schemes for multi-party sessions; a zero-knowledge privacy-preserving payment protocol; a provenance-aware curated database; a suite of web-browser extensions verified for authorization properties; a cloud-hosted multi-tier web application with a verified reference monitor; the core F* typechecker itself; and programs translated to F* from other languages such as F7 and JavaScript.

Type
Articles
Information
Journal of Functional Programming , Volume 23 , Issue 4: ICFP 2011 , July 2013 , pp. 402 - 451
Copyright
Copyright © Cambridge University Press 2013 

References

Augustsson, L. (1998) Cayenne: A language with dependent types. In International Conference on Functional Programming. ACM, pp. 239250.Google Scholar
Avijit, K., Datta, A. & Harper, R. (2010) Distributed programming with distributed authorization. In Types in Language Design and Implementation. ACM, pp. 2738.Google Scholar
Backes, M., Hritcu, C. & Maffei, M. (2008) Type-checking zero-knowledge. In Computer and Communications Security. ACM, pp. 357370.Google Scholar
Barendregt, H., Abramsky, S., Gabbay, D. M., Maibaum, T. S. E. & Barendregt, H. P. (1992) Lambda Calculi with types. Handbook of Logic in Computer Science, Abramsky, S., Gabbay, D. M., Maibaum, T. S. E. (eds). Oxford: Oxford University Press, pp. 117309.Google Scholar
Barthe, G., Fournet, C., Gregoire, B., Strub, P.-Y., Swamy, N. & Beguelin, S. Z. (2012) Probabilistic Relational Verification for Cryptographic Implementations. Tech. Rept. MSR-TR-2012-37. Microsoft Research.Google Scholar
Barthe, G., Grégoire, B. & Pastawski, F. (2006) CIC^: Type-based termination of recursive definitions in the calculus of inductive constructions. In Logic for Programming, Artificial Intelligence, and Reasoning. ACM, pp. 257271.CrossRefGoogle Scholar
Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A. D. & Maffeis, S. (2008) Refinement types for secure implementations. In Computer Security Foundations Symposium. IEEE, pp. 1732.Google Scholar
Bertot, Y. & Castéran, P. (2004) Coq'art: Interactive Theorem Proving and Program Development. Heidelberg: Springer.CrossRefGoogle Scholar
Bhargavan, K., Corin, R., Dénielou, P.-M., Fournet, C. & Leifer, J. (2009) Cryptographic protocol synthesis and verification for multiparty sessions. In Computer Security Foundations Symposium. IEEE, pp. 124140.Google Scholar
Bhargavan, K., Fournet, C. & Gordon, A. D. (2010) Modular verification of security protocol code by typing. In Symposium on Principles of Programming Languages. ACM, pp. 445456.Google Scholar
Borgstrom, J., Chen, J. & Swamy, N. (2011) Verifying stateful programs with substructural state and Hoare types. In Programming Languages Meets Program Verification. ACM, pp. 1526.Google Scholar
Cervesato, I. & Pfenning, F. (2002) A linear logical framework. Inf. Comput. 179 (1), 1975.CrossRefGoogle Scholar
Chapin, P. C., Skalka, C. & Wang, X. S. (2008) Authorization in trust management: Features and foundations. ACM Comput. Surv. 40, doi: 10.1145/1380584.1380587.CrossRefGoogle Scholar
Chen, J., Chugh, R. & Swamy, N. (2010) Type-preserving compilation of end-to-end verification of security enforcement. In Programming Language Design and Implementation. ACM, pp. 412423.Google Scholar
Clarkson, M. & Schneider, F. (2010) Hyperproperties. J. Comput. Secur. 18 (6), 11571210.CrossRefGoogle Scholar
Coq Development Team (2010) Chapter 4: Calculus of Inductive Constructions. Tech. Rept. INRIA.Google Scholar
de Moura, L. & Bjørner, N. (2008) Z3: An efficient SMT solver. In Tools and Algorithms for the Construction and Analysis of Systems. Springer, pp. 337340.CrossRefGoogle Scholar
Deniélou, P.-M. & Yoshida, N. (2011) Dynamic multirole session types. In Symposium on Principles of Programming Languages. ACM, pp. 435446.Google Scholar
Dybjer, P. (2000) A general formulation of simultaneous inductive-recursive definitions in type theory. J. Symb. Log. 65 (2), 525549.CrossRefGoogle Scholar
Felleisen, M. & Hieb, R. (1992) The revised report on the syntactic theories of sequential control and state. Theor. Comput. Sci. 103 (2), 235271.CrossRefGoogle Scholar
Filliâtre, J.-C. & Paskevich, A. (2013) Why3: Where programs meet provers. In European Symposium on Programming. Springer, pp. 125128.Google Scholar
Fournet, C., Gordon, A. D. & Maffeis, S. (2007) A type discipline for authorization policies in distributed systems. In Computer Security Foundations Symposium. IEEE, pp. 3148.Google Scholar
Fournet, C., Kohlweiss, M. & Strub, P.-Y. (2011) Modular code-based cryptographic verification. In Computer and Communications Security. ACM, pp. 341350.Google Scholar
Fournet, C., Swamy, N., Chen, J., Dagand, P.-É., Strub, P.-Y. & Livshits, B. (2013) Fully abstract compilation to JavaScript. In Symposium on Principles of Programming Languages. ACM, pp. 371384.Google Scholar
Girard, J.-Y. (1972) Interpré;tation Fonctionelle et é;limination des Coupures de l'arithmé;tique d'ordre supé;rieur. PhD thesis, Université; Paris VII, Paris.Google Scholar
Gonthier, G., Mahboubi, A. & Tassi, E. (2011) A Small Scale Reflection Extension for the Coq System. Research Report RR-6455. INRIA.Google Scholar
Gordon, A. D. & Jeffrey, A. (2003) Authenticity by typing for security protocols. J. Comput. Secur. 11 (4), 451519.CrossRefGoogle Scholar
Goues, C. L., Leino, K. R. M. & Moskal, M. (2011) The Boogie verification debugger (tool paper). In Software Engineering and Formal Methods. Springer, pp. 407414.CrossRefGoogle Scholar
Guha, A., Fredrikson, M., Livshits, B. & Swamy, N. (2011) Verified security for browser extensions. In Security and Privacy. IEEE, pp. 115130.Google Scholar
Guha, A., Saftoiu, C. & Krishnamurthi, S. (2010) The essence of JavaScript. In European Conference on Object-Oriented Programming. Springer, pp. 126150.Google Scholar
Gurevich, Y. & Neeman, I. (2008) DKAL: Distributed-knowledge authorization language. In Computer Security Foundations Symposium. IEEE, pp. 149162.Google Scholar
Guts, N., Fournet, C. & Nardelli, F. Z. (2009) Reliable evidence: Auditability by typing. In European Symposium on Research in Computer Security. Springer, pp. 168183.Google Scholar
Honda, K., Yoshida, N. & Carbone, M. (2008) Multiparty asynchronous session types. In Principles of Programming Languages. ACM, pp. 273284.Google Scholar
Jeannin, J.-B., de Caso, G., Chen, J., Gurevich, Y., Naldurg, P. & Swamy, N. (2013) DKAL*: Constructing executable specifications of authorization protocols. In Engineering Secure Software and Systems. Springer, pp. 139154.CrossRefGoogle Scholar
Jia, L., Vaughan, J., Mazurak, K., Zhao, J., Zarko, L., Schorr, J. & Zdancewic, S. (2008) Aura: A programming language for authorization and audit. In International Conference on Functional Programming. ACM, pp. 2738.Google Scholar
Jia, L. & Zdancewic, S. (2009) Encoding information flow in Aura. In Programming Languages and Analysis for Security. ACM, pp. 1729.Google Scholar
Kimmell, G., Stump, A., Eades, H. D. III, Fu, P., Sheard, T., Weirich, S., Casinghino, C., Sjöberg, V., Collins, N. & Ahn, K. Y. (2012) Equational reasoning about programs with general recursion and call-by-value semantics. In Programming Languages Meets Program Verification. ACM, pp. 1526.Google Scholar
Kiselyov, O., Peyton-Jones, S. & Shan, C.-C. (2010) Fun with Type Functions. Preprint, Microsoft Research.CrossRefGoogle Scholar
Lahiri, S. K., Qadeer, S. & Walker, D. (2011) Linear maps. In Programming Languages Meets Program Verification. ACM, pp. 314.Google Scholar
McCarthy, J. (1962) Towards a mathematical science of computation. In IFIP Congress. North-Holland, pp. 2128.Google Scholar
Mendler, N. P. (1987) Inductive Definition in Type Theory. PhD thesis, Cornell University, Ithaca, NY.Google Scholar
Nanevski, A., Morrisett, G., Shinnar, A., Govereau, P. & Birkedal, L. (2008) Ynot: Dependent types for imperative programs. In International Conference on Functional Programming. ACM, pp. 229240.Google Scholar
Norell, U. (2007) Towards a Practical Programming Language Based on Dependent Type Theory. PhD thesis, Chalmers Institute of Technology, Goteborg.Google Scholar
Pedersen, T. P. (1992) Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology. Springer, pp. 129140.Google Scholar
Rial, A. & Danezis, G. (2010) Privacy-Friendly Smart Metering. Tech. rept. Microsoft Research.Google Scholar
Schlesinger, C. & Swamy, N. (2012) Verification Condition Generation with the Dijkstra State Monad. Tech. Rept. Microsoft Research.Google Scholar
Sewell, P., Zappa Nardelli, F., Owens, S., Peskine, G., Ridge, T., Sarkar, S. & Strnisa, R. (2010) Ott: Effective tool support for the working semanticist. J. Funct. Program. 20 (1), 112.CrossRefGoogle Scholar
Sozeau, M. (2007) Subset coercions in Coq. In Types for Proofs and Programs. Springer, pp. 237252.CrossRefGoogle Scholar
Sozeau, M. (2010). Equations: A dependent pattern-matching compiler. In Interactive Theorem Proving. Springer, pp. 419434.CrossRefGoogle Scholar
Strub, P.-Y., Swamy, N., Fournet, C. & Chen, J. (2012) Self-certification: Bootstrapping certified typecheckers in F* with Coq. In Principles of Programming Languages. ACM, pp. 571584.Google Scholar
Stump, A., Deters, M., Petcher, A., Schiller, T. & Simpson, T. (2008) Verified programming in Guru. In Programming Languages Meets Program Verification. ACM, pp. 4958.Google Scholar
Swamy, N., Chen, J. & Chugh, R. (2010) Enforcing stateful authorization and information flow policies in Fine. In European Symposium on Programming. Springer, pp. 529549.Google Scholar
Swamy, N., Chen, J., Fournet, C., Strub, P.-Y., Bhargavan, K. & Yang, J. (2011) Secure distributed programming with value-dependent types. In International Conference on Functional Programming. ACM, pp. 266278.Google Scholar
Swamy, N., Corcoran, B. J. & Hicks, M. (2008) Fable: A language for enforcing user-defined security policies. In Security and Privacy. IEEE, pp. 369383.Google Scholar
Swamy, N., Weinberger, J., Schlesinger, C., Chen, J. & Livshits, B. (2013) Verifying higher-order programs with the Dijkstra monad. In Programming Languages Design and Implementation. ACM, pp. 387398.Google Scholar
Vaughan, J. A., Jia, L., Mazurak, K. & Zdancewic, S. (2008) Evidence-based audit. In Computer Security Foundations Symposium. IEEE, pp. 177191.Google Scholar
Volpano, D., Smith, G. & Irvine, C. (1996) A sound type system for secure flow analysis. J. Comput. Secur. 4 (3), 167187.CrossRefGoogle Scholar
Submit a response

Discussions

No Discussions have been published for this article.