# Refinement Types for Secure Implementations

@article{Bengtson2008RefinementTF, title={Refinement Types for Secure Implementations}, author={Jesper Bengtson and Karthikeyan Bhargavan and C{\'e}dric Fournet and Andrew D. Gordon and Sergio Maffeis}, journal={2008 21st IEEE Computer Security Foundations Symposium}, year={2008}, pages={17-32} }

We present the design and implementation of a typechecker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. The underlying type theory is a λ-calculus equipped with re¿nement types for expressing pre- and post-conditions within ¿rst-order logic. We derive formal cryptographic primitives and represent active adversaries within the type theory. Well-typed programs enjoy assertion-based security properties, with respect to a realistic… Expand

#### Tables and Topics from this paper

#### 157 Citations

Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementations

- Computer Science
- J. Comput. Secur.
- 2014

We present a new type system for verifying the security of reference implementations of cryptographic protocols written in a core functional programming language. The type system combines prior work… Expand

Union and Intersection Types for Secure Protocol Implementations

- Computer Science
- TOSCA
- 2011

We present a new type system for verifying the security of cryptographic protocol implementations. The type system combines prior work on refinement types, with union, intersection, and polymorphic… Expand

Modular code-based cryptographic verification

- Computer Science
- CCS '11
- 2011

This work presents the first modular automated program verification method based on standard cryptographic assumptions using F7, a refinement type checker coupled with an SMT-solver, and develops a probabilistic core calculus for F7 and formalizes its type safety in Coq. Expand

Type-checking Implementations of Protocols Based on Zero-knowledge Proofs – Work in Progress –

- Mathematics
- 2009

We present the first static analysis technique for verifying implementations of cryptographic protocols based on zero-knowledge proofs. Protocols are implemented in RCF∧∨, a core calculus of ML with… Expand

ASPIER: An Automated Framework for Verifying Security Protocol Implementations

- Computer Science
- 2009 22nd IEEE Computer Security Foundations Symposium
- 2009

The ASPIER tool is implemented and used to verify authentication and secrecy properties of a part of an industrial strength protocol implementation -- the handshake in OpenSSL -- for configurations consisting of up to 3 servers and 3 clients. Expand

Modular verification of security protocol code by typing

- Computer Science
- POPL '10
- 2010

The method is based on declaring and enforcing invariants on the usage of cryptography and indicates that compositional verification by typechecking with refinement types is more scalable than the best domain-specific analysis currently available for cryptographic code. Expand

Logical Foundations of Secure Resource Management in Protocol Implementations

- Computer Science
- POST
- 2013

This paper proposes the first type system that statically enforces the safety of cryptographic protocol implementations with respect to authorization policies expressed in affine logic, and draws on a novel notion of "exponential serialization" of affine formulas. Expand

Affine Refinement Types for Secure Distributed Programming

- Computer Science
- ACM Trans. Program. Lang. Syst.
- 2015

This article proposes the first type system that statically enforces the safety of cryptographic protocol implementations with respect to authorization policies expressed in affine logic, and draws on a novel notion of “exponential serialization” of affine formulas. Expand

Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols

- Computer Science
- CSF
- 2011

This work formalizes the symbolic model in Coq in order to justify the addition of axioms to VCC, and relies on the general-purpose verifier VCC to verify security properties of C code for cryptographic protocols by using a general- Purpose verifier. Expand

Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols

- Computer Science
- 2011 IEEE 24th Computer Security Foundations Symposium
- 2011

This work formalizes the symbolic model in Coq in order to justify the addition of axioms to VCC, and relies on the general-purpose verifier VCC to verify security properties of C code for cryptographic protocols by using a general- Purpose verifier. Expand

#### References

SHOWING 1-10 OF 150 REFERENCES

Typechecking Higher-Order Security Libraries

- Computer Science
- APLAS
- 2010

A flexible method for verifying the security of ML programs that use cryptography and recursive data structures that equip higher-order functions with precise, yet reusable types that can refer to the pre- and post-conditions of their functional arguments, using generic logical predicates. Expand

ASPIER: An Automated Framework for Verifying Security Protocol Implementations

- Computer Science
- 2009 22nd IEEE Computer Security Foundations Symposium
- 2009

The ASPIER tool is implemented and used to verify authentication and secrecy properties of a part of an industrial strength protocol implementation -- the handshake in OpenSSL -- for configurations consisting of up to 3 servers and 3 clients. Expand

Modular verification of security protocol code by typing

- Computer Science
- POPL '10
- 2010

The method is based on declaring and enforcing invariants on the usage of cryptography and indicates that compositional verification by typechecking with refinement types is more scalable than the best domain-specific analysis currently available for cryptographic code. Expand

Cryptographically sound implementations for typed information-flow security

- Computer Science
- POPL '08
- 2008

A uniform language-based model of security, ranging from computational non-interference for probabilistic programs down to standard cryptographic hypotheses, is developed, which relies on concrete primitives and hypotheses for cryptography, stated in terms of Probabilistic polynomial-time algorithms and games. Expand

Security-Typed Languages for Implementation of Cryptographic Protocols: A Case Study

- Computer Science
- ESORICS
- 2005

The case study deploying Jif, a Java-based security-typed language, for implementing a non-trivial cryptographic protocol that allows playing online poker without a trusted third party identifies insights ranging from security guarantees to useful patterns of secure programming. Expand

Cryptographic Protocol Synthesis and Verification for Multiparty Sessions

- Computer Science
- 2009 22nd IEEE Computer Security Foundations Symposium
- 2009

The design and implementation of a compiler that, given high-level multiparty session descriptions, generates custom cryptographic protocols that obtain the strongest session security guarantees to date in a model that captures the executable details of protocol code is presented. Expand

Cryptographic Protocol Analysis on Real C Code

- Computer Science
- VMCAI
- 2005

This work describes how cryptographic protocol verification techniques based on solving clause sets can be applied to detect vulnerabilities of C programs in the Dolev-Yao model, statically. Expand

Type-preserving compilation of end-to-end verification of security enforcement

- Computer Science
- PLDI '10
- 2010

A type-preserving compiler that translates programs written in FINE, a source-level functional language with dependent refinements and affine types, to DCIL, a new extension of the .NET Common Intermediate Language, to reduce the proof burden on source programmers. Expand

Verified Interoperable Implementations of Security Protocols

- Computer Science
- CSFW
- 2006

The approach is developed for protocols written in F#, a dialect of ML, and verified by compilation to ProVerif a resolution-based theorem prover for cryptographic protocols, and illustrated with protocols for Web services security. Expand