skip to main content
research-article

Secure distributed programming with value-dependent types

Published:19 September 2011Publication History
Skip Abstract Section

Abstract

Distributed applications are difficult to program reliably and securely. Dependently typed functional languages promise to prevent broad classes of errors and vulnerabilities, and to enable program verification to proceed side-by-side with development. However, as recursion, effects, and rich libraries are added, using types to reason about programs, specifications, and proofs becomes challenging.

We present F*, a full-fledged design and implementation of a new dependently typed language for secure distributed programming. Unlike prior languages, F* provides arbitrary recursion while maintaining a logically consistent core; it enables modular reasoning about state and other effects using affine types; and it supports proofs of refinement properties using a mixture of cryptographic evidence and logical proof terms. The key mechanism is a new kind system that tracks several sub-languages within F* and controls their interaction. F* subsumes two previous languages, F7 and Fine. We prove type soundness (with proofs mechanized in Coq) and logical consistency for F*.

We have implemented a compiler that translates F* to .NET bytecode, based on a prototype for Fine. F* provides access to libraries for concurrency, networking, cryptography, and interoperability with C#, F#, and the other .NET languages. The compiler produces verifiable binaries with 60% code size overhead for proofs and types, as much as a 45x improvement over the Fine compiler, while still enabling efficient bytecode verification.

To date, we have programmed and verified more than 20,000 lines of F* including (1) new schemes for multi-party sessions; (2) a zero-knowledge privacy-preserving payment protocol; (3) a provenance-aware curated database; (4) a suite of 17 web-browser extensions verified for authorization properties; and (5) a cloud-hosted multi-tier web application with a verified reference monitor.

Skip Supplemental Material Section

Supplemental Material

_talk1.mp4

References

  1. K. Avijit, A. Datta, and R. Harper. Distributed programming with distributed authorization. In TLDI, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. M. Backes, C. Hritcu, and M. Maffei. Type-checking zero-knowledge. In CCS, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis. Refinement types for secure implementations. In CSF, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Y. Bertot and P. Castéran. Coq'Art: Interactive Theorem Proving and Program Development. Springer Verlag, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. K. Bhargavan, R. Corin, P.-M. Dénielou, C. Fournet, and J. Leifer. Cryptographic protocol synthesis and verification for multiparty sessions. In CSF, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. K. Bhargavan, C. Fournet, and A. D. Gordon. Modular verification of security protocol code by typing. In POPL, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. J. Borgstrom, J. Chen, and N. Swamy. Verifying stateful programs with substructural state and hoare types. In PLPV '11, Jan. 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. I. Cervesato and F. Pfenning. A linear logical framework. Inf. Comput., 179 (1), 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. P. C. Chapin, C. Skalka, and X. S. Wang. Authorization in trust management: Features and foundations. ACM Comput. Surv., 40, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. J. Chen, R. Chugh, and N. Swamy. Type-preserving compilation of end-to-end verification of security enforcement. In PLDI '10. ACM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. P.-M. Deniélou and N. Yoshida. Dynamic multirole session types. In POPL, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. G. Gonthier, A. Mahboubi, and E. Tassi. Research Report RR-6455, 2011.Google ScholarGoogle Scholar
  14. A. D. Gordon and A. Jeffrey. Authenticity by typing for security protocols. Journal of Computer Security, 11 (4): 451--520, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. A. Guha, M. Fredrikson, B. Livshits, and N. Swamy. Verified security for browser extensions. In IEEE Symposium on Security and Privacy (Oakland), 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. N. Guts, C. Fournet, and F. Z. Nardelli. Reliable evidence: Auditability by typing. In ESORICS, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. K. Honda, N. Yoshida, and M. Carbone. Multiparty asynchronous session types. In POPL, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. L. Jia and S. Zdancewic. Encoding information flow in aura. In PLAS, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. L. Jia, J. Vaughan, K. Mazurak, J. Zhao, L. Zarko, J. Schorr, and S. Zdancewic. Aura: A programming language for authorization and audit. In ICFP, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. O. Kiselyov, S. P. Jones, and C. chieh Shan. Fun with type functions, 2010. Unpub.Google ScholarGoogle Scholar
  21. S. K. Lahiri, S. Qadeer, and D. Walker. Linear maps. PLPV '11. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. U. Norell. Towards a practical programming language based on dependent type theory. PhD thesis, Chalmers Institute of Technology, 2007.Google ScholarGoogle Scholar
  23. A. Rial and G. Danezis. Privacy-friendly smart metering. Technical report, Microsoft Research, nov 2010.Google ScholarGoogle Scholar
  24. P. Sewell, F. Z. Nardelli, S. Owens, G. Peskine, T. Ridge, S. Sarkar, and R. Strnisa. Ott: Effective tool support for the working semanticist. JFP, 20 (1), 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. M. Sozeau. Subset coercions in coq. In TYPES, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. N. Swamy, B. J. Corcoran, and M. Hicks. Fable: A language for enforcing user-defined security policies. In S&P, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. N. Swamy, J. Chen, and R. Chugh. Enforcing stateful authorization and information flow policies in Fine. In ESOP, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. The Coq Development Team. Chapter 4: Calculus of Inductive Constructions. Technical report, 2010. URL http://coq.inria.fr.Google ScholarGoogle Scholar
  29. J. A. Vaughan, L. Jia, K. Mazurak, and S. Zdancewic. Evidence-based audit. In CSF, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4 (3): 167--187, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Secure distributed programming with value-dependent types

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM SIGPLAN Notices
          ACM SIGPLAN Notices  Volume 46, Issue 9
          ICFP '11
          September 2011
          456 pages
          ISSN:0362-1340
          EISSN:1558-1160
          DOI:10.1145/2034574
          Issue’s Table of Contents
          • cover image ACM Conferences
            ICFP '11: Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
            September 2011
            470 pages
            ISBN:9781450308656
            DOI:10.1145/2034773

          Copyright © 2011 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 19 September 2011

          Check for updates

          Qualifiers

          • research-article

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!