skip to main content

Certifying derivation of state machines from coroutines

Published:12 January 2022Publication History
Skip Abstract Section

Abstract

One of the biggest implementation challenges in security-critical network protocols is nested state machines. In practice today, state machines are either implemented manually at a low level, risking bugs easily missed in audits; or are written using higher-level abstractions like threads, depending on runtime systems that may sacrifice performance or compatibility with the ABIs of important platforms (e.g., resource-constrained IoT systems). We present a compiler-based technique allowing the best of both worlds, coding protocols in a natural high-level form, using freer monads to represent nested coroutines, which are then compiled automatically to lower-level code with explicit state. In fact, our compiler is implemented as a tactic in the Coq proof assistant, structuring compilation as search for an equivalence proof for source and target programs. As such, it is straightforwardly (and soundly) extensible with new hints, for instance regarding new data structures that may be used for efficient lookup of coroutines. As a case study, we implemented a core of TLS sufficient for use with popular Web browsers, and our experiments show that the extracted Haskell code achieves reasonable performance.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

This is a 5-minute video for our POPL 2022 research paper. One of the biggest implementation challenges in security-critical network protocols is nested state machines. In practice today, state machines are either implemented manually at a low level, risking bugs easily missed in audits; or are written using higher-level abstractions like threads. We present a compiler-based technique allowing the best of both worlds, coding protocols in a natural high-level form, using freer monads to represent nested coroutines, which are then compiled automatically to lower-level code with explicit state. In fact, our compiler is implemented as a tactic in the Coq proof assistant, structuring compilation as search for an equivalence proof for source and target programs. As a case study, we implemented a core of TLS sufficient for use with popular Web browsers, and our experiments show that the extracted Haskell code achieves reasonable performance.

References

  1. Gilles Barthe, Benjamin Grégoire, and Santiago Zanella-Béguelin. 2009. Formal Certification of Code-Based Cryptographic Proofs. In 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2009. ACM, 90–101. http://software.imdea.org/~szanella/Zanella.2009.POPL.pdfGoogle ScholarGoogle Scholar
  2. Bruce Belson, Jason Holdsworth, Wei Xiang, and Bronson Philippa. 2019. A Survey of Asynchronous Programming Using Coroutines in the Internet of Things and Embedded Systems. ACM Trans. Embed. Comput. Syst. 18, 3, Article 21 (June 2019), 21 pages. issn:1539-9087 https://arxiv.org/pdf/1906.00367.pdf Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Eli Bendersky. 2009. Co-routines as an alternative to state machines. https://eli.thegreenplace.net/2009/08/29/co-routines-as-an-alternative-to-state-machines/ Retrieved 2020-08-20.Google ScholarGoogle Scholar
  4. Lennart Beringer, Adam Petcher, Katherine Q. Ye, and Andrew W. Appel. 2015. Verified Correctness and Security of OpenSSL HMAC. In 24th USENIX Security Symposium. 207–221. https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-beringer.pdfGoogle ScholarGoogle Scholar
  5. B. Beurdouche, K. Bhargavan, A. Delignat-Lavaud, C. Fournet, M. Kohlweiss, A. Pironti, P. Strub, and J. K. Zinzindohoue. 2015. A Messy State of the Union: Taming the Composite State Machines of TLS. In 2015 IEEE Symposium on Security and Privacy. 535–552. https://smacktls.com/smack.pdfGoogle ScholarGoogle Scholar
  6. B. Blanchet. 2006. A computationally sound mechanized prover for security protocols. In 2006 IEEE Symposium on Security and Privacy (S&P’06). 15 pp.–154. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Adam Chlipala. 2021. Skipping the Binder Bureaucracy with Mixed Embeddings in a Semantics Course (Functional Pearl). In Proc. ICFP. http://adam.chlipala.net/papers/FrapICFP21/Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Joeri de Ruiter and Erik Poll. 2015. Protocol State Fuzzing of TLS Implementations. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, Washington, D.C., 193–206. isbn:978-1-939133-11-3 https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/de-ruiterGoogle ScholarGoogle Scholar
  9. Benjamin Delaware, Clément Pit-Claudel, Jason Gross, and Adam Chlipala. 2015. Fiat: Deductive Synthesis of Abstract Data Types in a Proof Assistant. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2015, Mumbai, India, January 15-17, 2015. 689–700. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Benjamin Delaware, Sorawit Suriyakarn, Clément Pit-Claudel, Qianchuan Ye, and Adam Chlipala. 2019. Narcissus: Correct-By-Construction Derivation of Decoders and Encoders from Binary Formats. In Proc. ICFP (Berlin, Germany). http://adam.chlipala.net/papers/NarcissusICFP19/Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Ralf S. Engelschall. 2000. Portable Multithreading: The Signal Stack Trick for User-Space Thread Creation. In Proceedings of the Annual Conference on USENIX Annual Technical Conference (San Diego, California) (ATC ’00). USENIX Association, USA, 20. https://www.usenix.org/legacy/publications/library/proceedings/usenix2000/general/full_papers/engelschall/engelschall.pdfGoogle ScholarGoogle Scholar
  12. Andres Erbsen, Jade Philipoom, Jason Gross, Robert Sloan, and Adam Chlipala. 2019. Simple High-Level Code For Cryptographic Arithmetic – With Proofs, Without Compromises. In IEEE Security & Privacy (San Francisco, CA, USA). http://adam.chlipala.net/papers/FiatCryptoSP19/Google ScholarGoogle Scholar
  13. Roshan P James and Amr Sabry. 2011. Yield: Mainstream delimited continuations. In First International Workshop on the Theory and Practice of Delimited Continuations (TPDC 2011). 20 pages. https://legacy.cs.indiana.edu/~sabry/papers/yield.pdfGoogle ScholarGoogle Scholar
  14. David Kaloper-Meršinjak, Hannes Mehnert, Anil Madhavapeddy, and Peter Sewell. 2015. Not-Quite-so-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation. In Proceedings of the 24th USENIX Conference on Security Symposium (Washington, D.C.) (SEC’15). USENIX Association, USA, 223–238. isbn:9781931971232Google ScholarGoogle Scholar
  15. Satoru Kawahara and Yukiyoshi Kameyama. 2020. One-Shot Algebraic Effects as Coroutines. In Trends in Functional Programming, Aleksander Byrski and John Hughes (Eds.). Springer International Publishing, Cham, 159–179. isbn:978-3-030-57761-2 https://link.springer.com/content/pdf/10.1007Google ScholarGoogle Scholar
  16. Masashi Kikuchi. 2014. How I discovered CCS Injection Vulnerability. http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.htmlGoogle ScholarGoogle Scholar
  17. Oleg Kiselyov and Hiromi Ishii. 2015. Freer Monads, More Extensible Effects. In Proceedings of the 2015 ACM SIGPLAN Symposium on Haskell (Vancouver, BC, Canada) (Haskell ’15). Association for Computing Machinery, New York, NY, USA, 94–105. isbn:9781450338080 Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Nicolas Koh, Yao Li, Yishuai Li, Li-yao Xia, Lennart Beringer, Wolf Honoré, William Mansky, Benjamin C. Pierce, and Steve Zdancewic. 2019. From C to Interaction Trees: Specifying, Verifying, and Testing a Networked Server. In Proceedings of the 8th ACM SIGPLAN International Conference on Certified Programs and Proofs (Cascais, Portugal) (CPP 2019). Association for Computing Machinery, New York, NY, USA, 234–248. isbn:9781450362221 Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Adam Langley. 2014. Early ChangeCipherSpec Attack. https://www.imperialviolet.org/2014/06/05/earlyccs.htmlGoogle ScholarGoogle Scholar
  20. Xavier Leroy. 2009. A Formally Verified Compiler Back-end. J. Autom. Reason. 43, 4 (Dec. 2009), 363–446. issn:0168-7433 http://gallium.inria.fr/~xleroy/publi/compcert-backend.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  21. Tyler Mandry. 2019. How Rust optimizes async/await. https://tmandry.gitlab.io/blog/posts/optimizing-await-1/ Retrieved 2020-08-20.Google ScholarGoogle Scholar
  22. Ana Lúcia De Moura and Roberto Ierusalimschy. 2009. Revisiting Coroutines. ACM Trans. Program. Lang. Syst. 31, 2, Article 6 (Feb. 2009), 31 pages. issn:0164-0925 http://www.cs.tufts.edu/comp/250RTS/archive/roberto-ierusalimschy/revisiting-coroutines.pdf Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Gor Nishanov. 2018. N4760: Working Draft, C++ Extensions for Coroutines.Google ScholarGoogle Scholar
  24. Adam Petcher and Greg Morrisett. 2015. The Foundational Cryptography Framework. In Proceedings of the 4th International Conference on Principles of Security and Trust - Volume 9036. Springer-Verlag New York, Inc., New York, NY, USA, 53–72. isbn:978-3-662-46665-0 http://adam.petcher.net/papers/FCF.pdf Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Simon L. Peyton Jones and Philip Wadler. 1993. Imperative Functional Programming. In Proceedings of the 20th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Charleston, South Carolina, USA) (POPL ’93). Association for Computing Machinery, New York, NY, USA, 71–84. isbn:0897915607 Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Clément Pit-Claudel, Peng Wang, Benjamin Delaware, Jason Gross, and Adam Chlipala. 2020. Extensible Extraction of Efficient Imperative Programs with Foreign Functions, Manually Managed Memory, and Proofs. In IJCAR’20: Proceedings of the 9th International Joint Conference on Automated Reasoning (Paris, France).Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. G. Plotkin and M. Pretnar. 2008. A Logic for Algebraic Effects. In 2008 23rd Annual IEEE Symposium on Logic in Computer Science. 118–129. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Aleksandar Prokopec and Fengyun Liu. 2018. Theory and Practice of Coroutines with Snapshots. In 32nd European Conference on Object-Oriented Programming, ECOOP 2018, July 16-21, 2018, Amsterdam, The Netherlands. 3:1–3:32. https://drops.dagstuhl.de/opus/volltexte/2018/9208/pdf/LIPIcs-ECOOP-2018-3.pdf Google ScholarGoogle ScholarCross RefCross Ref
  29. Jonathan Protzenko, Bryan Parno, Aymeric Fromherz, Chris Hawblitzel, Marina Polubelova, Karthikeyan Bhargavan, Benjamin Beurdouche, Joonwon Choi, Antoine Delignat-Lavaud, Cédric Fournet, Natalia Kulatova, Tahina Ramananandro, Aseem Rastogi, Nikhil Swamy, Christoph M. Wintersteiger, and Santiago Zanella-Béguelin. 2020. EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider. In IEEE Symposium on Security and Privacy. IEEE. https://www.microsoft.com/en-us/research/publication/evercrypt-a-fast-veriGoogle ScholarGoogle Scholar
  30. Alex Reinking, Ningning Xie, Leonardo de Moura, and Daan Leijen. 2021. Perceus: Garbage Free Reference Counting with Reuse. In Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation (Virtual, Canada) (PLDI 2021). Association for Computing Machinery, New York, NY, USA, 96–111. isbn:9781450383912 Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. John C. Reynolds. 1972. Definitional Interpreters for Higher-Order Programming Languages. In Proceedings of the ACM Annual Conference - Volume 2 (Boston, Massachusetts, USA) (ACM ’72). Association for Computing Machinery, New York, NY, USA, 717–740. isbn:9781450374927 Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Richard Smith, Daveed Vandevoorde, Geoffrey Romer, Gor Nishanov, Nathan Sidwell, Iain Sandoe, and Lewis Baker. 2019. Coroutines: Language and Implementation Impact. http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1492r0.pdf P1492 R0.Google ScholarGoogle Scholar
  33. Sebastian Ullrich and Leonardo de Moura. 2020. Counting Immutable Beans: Reference Counting Optimized for Purely Functional Programming. In International Symposium on Implementation and Applicationof Functional Languages (IFL’19). New York, NY, USA, 12 pages. https://arxiv.org/abs/1908.05647Google ScholarGoogle Scholar
  34. Li-yao Xia, Yannick Zakowski, Paul He, Chung-Kil Hur, Gregory Malecha, Benjamin C. Pierce, and Steve Zdancewic. 2020. Interaction trees: representing recursive and impure programs in Coq. Proc. ACM Program. Lang. 4, POPL (2020), 51:1–51:32. Distinguished paper award. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Tarun Yadav and Koustav Sadhukhan. 2019. Identification of Bugs and Vulnerabilities in TLS Implementation for Windows Operating System Using State Machine Learning. In Security in Computing and Communications, Sabu M. Thampi, Sanjay Madria, Guojun Wang, Danda B. Rawat, and Jose M. Alcaraz Calero (Eds.). Springer Singapore, Singapore, 348–362. isbn:978-981-13-5826-5 https://arxiv.org/pdf/1902.07471.pdfGoogle ScholarGoogle Scholar
  36. Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, and Andrew W. Appel. 2017. Verified Correctness and Security of MbedTLS HMAC-DRBG. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (Dallas, Texas, USA) (CCS ’17). Association for Computing Machinery, New York, NY, USA, 2007–2020. isbn:9781450349468 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Hengchu Zhang, Wolf Honoré, Nicolas Koh, Yao Li, Yishuai Li, Li-yao Xia, Lennart Beringer, William Mansky, Benjamin C. Pierce, and Steve Zdancewic. 2021. Verifying an HTTP Key-Value Server with Interaction Trees and VST. In 12th International Conference on Interactive Theorem Proving, ITP 2021, June 29 to July 1, 2021, Rome, Italy (Virtual Conference) (LIPIcs, Vol. 193), Liron Cohen and Cezary Kaliszyk (Eds.). Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 32:1–32:19. Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. Certifying derivation of state machines from coroutines

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Article Metrics

        • Downloads (Last 12 months)178
        • Downloads (Last 6 weeks)19

        Other Metrics

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!