Abstract

Distributed applications are difficult to program reliably and securely. Dependently typed functional languages promise to prevent broad classes of errors and vulnerabilities, and to enable program verification to proceed side-by-side with development. However, as recursion, effects, and rich libraries are added, using types to reason about programs, specifications, and proofs becomes challenging.
We present F*, a full-fledged design and implementation of a new dependently typed language for secure distributed programming. Unlike prior languages, F* provides arbitrary recursion while maintaining a logically consistent core; it enables modular reasoning about state and other effects using affine types; and it supports proofs of refinement properties using a mixture of cryptographic evidence and logical proof terms. The key mechanism is a new kind system that tracks several sub-languages within F* and controls their interaction. F* subsumes two previous languages, F7 and Fine. We prove type soundness (with proofs mechanized in Coq) and logical consistency for F*.
We have implemented a compiler that translates F* to .NET bytecode, based on a prototype for Fine. F* provides access to libraries for concurrency, networking, cryptography, and interoperability with C#, F#, and the other .NET languages. The compiler produces verifiable binaries with 60% code size overhead for proofs and types, as much as a 45x improvement over the Fine compiler, while still enabling efficient bytecode verification.
To date, we have programmed and verified more than 20,000 lines of F* including (1) new schemes for multi-party sessions; (2) a zero-knowledge privacy-preserving payment protocol; (3) a provenance-aware curated database; (4) a suite of 17 web-browser extensions verified for authorization properties; and (5) a cloud-hosted multi-tier web application with a verified reference monitor.
Supplemental Material
- K. Avijit, A. Datta, and R. Harper. Distributed programming with distributed authorization. In TLDI, 2010. Google Scholar
Digital Library
- M. Backes, C. Hritcu, and M. Maffei. Type-checking zero-knowledge. In CCS, 2008. Google Scholar
Digital Library
- J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis. Refinement types for secure implementations. In CSF, 2008. Google Scholar
Digital Library
- Y. Bertot and P. Castéran. Coq'Art: Interactive Theorem Proving and Program Development. Springer Verlag, 2004. Google Scholar
Digital Library
- K. Bhargavan, R. Corin, P.-M. Dénielou, C. Fournet, and J. Leifer. Cryptographic protocol synthesis and verification for multiparty sessions. In CSF, 2009. Google Scholar
Digital Library
- K. Bhargavan, C. Fournet, and A. D. Gordon. Modular verification of security protocol code by typing. In POPL, 2010. Google Scholar
Digital Library
- J. Borgstrom, J. Chen, and N. Swamy. Verifying stateful programs with substructural state and hoare types. In PLPV '11, Jan. 2011. Google Scholar
Digital Library
- I. Cervesato and F. Pfenning. A linear logical framework. Inf. Comput., 179 (1), 2002. Google Scholar
Digital Library
- P. C. Chapin, C. Skalka, and X. S. Wang. Authorization in trust management: Features and foundations. ACM Comput. Surv., 40, 2008. Google Scholar
Digital Library
- J. Chen, R. Chugh, and N. Swamy. Type-preserving compilation of end-to-end verification of security enforcement. In PLDI '10. ACM, 2010. Google Scholar
Digital Library
- L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, 2008. Google Scholar
Digital Library
- P.-M. Deniélou and N. Yoshida. Dynamic multirole session types. In POPL, 2011. Google Scholar
Digital Library
- G. Gonthier, A. Mahboubi, and E. Tassi. Research Report RR-6455, 2011.Google Scholar
- A. D. Gordon and A. Jeffrey. Authenticity by typing for security protocols. Journal of Computer Security, 11 (4): 451--520, 2003. Google Scholar
Digital Library
- A. Guha, M. Fredrikson, B. Livshits, and N. Swamy. Verified security for browser extensions. In IEEE Symposium on Security and Privacy (Oakland), 2011. Google Scholar
Digital Library
- N. Guts, C. Fournet, and F. Z. Nardelli. Reliable evidence: Auditability by typing. In ESORICS, 2009. Google Scholar
Digital Library
- K. Honda, N. Yoshida, and M. Carbone. Multiparty asynchronous session types. In POPL, 2008. Google Scholar
Digital Library
- L. Jia and S. Zdancewic. Encoding information flow in aura. In PLAS, 2009. Google Scholar
Digital Library
- L. Jia, J. Vaughan, K. Mazurak, J. Zhao, L. Zarko, J. Schorr, and S. Zdancewic. Aura: A programming language for authorization and audit. In ICFP, 2008. Google Scholar
Digital Library
- O. Kiselyov, S. P. Jones, and C. chieh Shan. Fun with type functions, 2010. Unpub.Google Scholar
- S. K. Lahiri, S. Qadeer, and D. Walker. Linear maps. PLPV '11. ACM, 2011. Google Scholar
Digital Library
- U. Norell. Towards a practical programming language based on dependent type theory. PhD thesis, Chalmers Institute of Technology, 2007.Google Scholar
- A. Rial and G. Danezis. Privacy-friendly smart metering. Technical report, Microsoft Research, nov 2010.Google Scholar
- P. Sewell, F. Z. Nardelli, S. Owens, G. Peskine, T. Ridge, S. Sarkar, and R. Strnisa. Ott: Effective tool support for the working semanticist. JFP, 20 (1), 2010. Google Scholar
Digital Library
- M. Sozeau. Subset coercions in coq. In TYPES, 2007. Google Scholar
Digital Library
- N. Swamy, B. J. Corcoran, and M. Hicks. Fable: A language for enforcing user-defined security policies. In S&P, 2008. Google Scholar
Digital Library
- N. Swamy, J. Chen, and R. Chugh. Enforcing stateful authorization and information flow policies in Fine. In ESOP, 2010. Google Scholar
Digital Library
- The Coq Development Team. Chapter 4: Calculus of Inductive Constructions. Technical report, 2010. URL http://coq.inria.fr.Google Scholar
- J. A. Vaughan, L. Jia, K. Mazurak, and S. Zdancewic. Evidence-based audit. In CSF, 2008. Google Scholar
Digital Library
- D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4 (3): 167--187, 1996. Google Scholar
Digital Library
Index Terms
Secure distributed programming with value-dependent types
Recommendations
Secure distributed programming with value-dependent types
ICFP '11: Proceedings of the 16th ACM SIGPLAN international conference on Functional programmingDistributed applications are difficult to program reliably and securely. Dependently typed functional languages promise to prevent broad classes of errors and vulnerabilities, and to enable program verification to proceed side-by-side with development. ...
Dependent types and program equivalence
POPL '10: Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesThe definition of type equivalence is one of the most important design issues for any typed language. In dependently typed languages, because terms appear in types, this definition must rely on a definition of term equivalence. In that case, ...
Compositional reasoning and decidable checking for dependent contract types
PLPV '09: Proceedings of the 3rd workshop on Programming languages meets program verificationSimple type systems perform compositional reasoning in that the type of a term depends only on the types of its subterms, and not on their semantics. Contracts offer more expressive abstractions, but static contract checking systems typically violate ...







Comments