Refinement Types for Secure Implementations

@article{Bengtson2008RefinementTF,
  title={Refinement Types for Secure Implementations},
  author={Jesper Bengtson and Karthikeyan Bhargavan and C{\'e}dric Fournet and Andrew D. Gordon and Sergio Maffeis},
  journal={2008 21st IEEE Computer Security Foundations Symposium},
  year={2008},
  pages={17-32}
}
We present the design and implementation of a typechecker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. The underlying type theory is a λ-calculus equipped with re¿nement types for expressing pre- and post-conditions within ¿rst-order logic. We derive formal cryptographic primitives and represent active adversaries within the type theory. Well-typed programs enjoy assertion-based security properties, with respect to a realistic… Expand
Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementations
We present a new type system for verifying the security of reference implementations of cryptographic protocols written in a core functional programming language. The type system combines prior workExpand
Union and Intersection Types for Secure Protocol Implementations
We present a new type system for verifying the security of cryptographic protocol implementations. The type system combines prior work on refinement types, with union, intersection, and polymorphicExpand
Modular code-based cryptographic verification
TLDR
This work presents the first modular automated program verification method based on standard cryptographic assumptions using F7, a refinement type checker coupled with an SMT-solver, and develops a probabilistic core calculus for F7 and formalizes its type safety in Coq. Expand
Type-checking Implementations of Protocols Based on Zero-knowledge Proofs – Work in Progress –
We present the first static analysis technique for verifying implementations of cryptographic protocols based on zero-knowledge proofs. Protocols are implemented in RCF∧∨, a core calculus of ML withExpand
ASPIER: An Automated Framework for Verifying Security Protocol Implementations
TLDR
The ASPIER tool is implemented and used to verify authentication and secrecy properties of a part of an industrial strength protocol implementation -- the handshake in OpenSSL -- for configurations consisting of up to 3 servers and 3 clients. Expand
Modular verification of security protocol code by typing
TLDR
The method is based on declaring and enforcing invariants on the usage of cryptography and indicates that compositional verification by typechecking with refinement types is more scalable than the best domain-specific analysis currently available for cryptographic code. Expand
Logical Foundations of Secure Resource Management in Protocol Implementations
TLDR
This paper proposes the first type system that statically enforces the safety of cryptographic protocol implementations with respect to authorization policies expressed in affine logic, and draws on a novel notion of "exponential serialization" of affine formulas. Expand
Affine Refinement Types for Secure Distributed Programming
TLDR
This article proposes the first type system that statically enforces the safety of cryptographic protocol implementations with respect to authorization policies expressed in affine logic, and draws on a novel notion of “exponential serialization” of affine formulas. Expand
Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols
TLDR
This work formalizes the symbolic model in Coq in order to justify the addition of axioms to VCC, and relies on the general-purpose verifier VCC to verify security properties of C code for cryptographic protocols by using a general- Purpose verifier. Expand
Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols
TLDR
This work formalizes the symbolic model in Coq in order to justify the addition of axioms to VCC, and relies on the general-purpose verifier VCC to verify security properties of C code for cryptographic protocols by using a general- Purpose verifier. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 150 REFERENCES
Refinement Types for Secure Implementations
Typechecking Higher-Order Security Libraries
TLDR
A flexible method for verifying the security of ML programs that use cryptography and recursive data structures that equip higher-order functions with precise, yet reusable types that can refer to the pre- and post-conditions of their functional arguments, using generic logical predicates. Expand
ASPIER: An Automated Framework for Verifying Security Protocol Implementations
TLDR
The ASPIER tool is implemented and used to verify authentication and secrecy properties of a part of an industrial strength protocol implementation -- the handshake in OpenSSL -- for configurations consisting of up to 3 servers and 3 clients. Expand
Modular verification of security protocol code by typing
TLDR
The method is based on declaring and enforcing invariants on the usage of cryptography and indicates that compositional verification by typechecking with refinement types is more scalable than the best domain-specific analysis currently available for cryptographic code. Expand
Cryptographically sound implementations for typed information-flow security
TLDR
A uniform language-based model of security, ranging from computational non-interference for probabilistic programs down to standard cryptographic hypotheses, is developed, which relies on concrete primitives and hypotheses for cryptography, stated in terms of Probabilistic polynomial-time algorithms and games. Expand
Security-Typed Languages for Implementation of Cryptographic Protocols: A Case Study
TLDR
The case study deploying Jif, a Java-based security-typed language, for implementing a non-trivial cryptographic protocol that allows playing online poker without a trusted third party identifies insights ranging from security guarantees to useful patterns of secure programming. Expand
Cryptographic Protocol Synthesis and Verification for Multiparty Sessions
TLDR
The design and implementation of a compiler that, given high-level multiparty session descriptions, generates custom cryptographic protocols that obtain the strongest session security guarantees to date in a model that captures the executable details of protocol code is presented. Expand
Cryptographic Protocol Analysis on Real C Code
TLDR
This work describes how cryptographic protocol verification techniques based on solving clause sets can be applied to detect vulnerabilities of C programs in the Dolev-Yao model, statically. Expand
Type-preserving compilation of end-to-end verification of security enforcement
TLDR
A type-preserving compiler that translates programs written in FINE, a source-level functional language with dependent refinements and affine types, to DCIL, a new extension of the .NET Common Intermediate Language, to reduce the proof burden on source programmers. Expand
Verified Interoperable Implementations of Security Protocols
TLDR
The approach is developed for protocols written in F#, a dialect of ML, and verified by compilation to ProVerif a resolution-based theorem prover for cryptographic protocols, and illustrated with protocols for Web services security. Expand
...
1
2
3
4
5
...