skip to main content

Necessity specifications for robustness

Published:31 October 2022Publication History
Skip Abstract Section

Abstract

Robust modules guarantee to do only what they are supposed to do – even in the presence of untrusted malicious clients, and considering not just the direct behaviour of individual methods, but also the emergent behaviour from calls to more than one method. Necessity is a language for specifying robustness, based on novel necessity operators capturing temporal implication, and a proof logic that derives explicit robustness specifications from functional specifications. Soundness and an exemplar proof are mechanised in Coq.

References

  1. Elvira Albert, Shelly Grossman, Noam Rinetzky, Clara Rodríguez-Núñez, Albert Rubio, and Mooly Sagiv. 2020. Taming Callbacks for Smart Contract Modularity. https://doi.org/10.1145/3428277 Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Tzanis Anevlavis, Matthew Philippe, Daniel Neider, and Paulo Tabuada. 2022. Being Correct Is Not Enough: Efficient Verification Using Robust Linear Temporal Logic. ACM Trans. Comp. Log., 23, 2 (2022), 8:1–8:39. https://doi.org/10.1145/3491216 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Anindya Banerjee and David A. Naumann. 2005. Ownership Confinement Ensures Representation Independence for Object-oriented Programs. J. ACM, 52 (2005), 894–960. https://doi.org/10.1145/1101821.1101824 Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Anindya Banerjee and David A. Naumann. 2005. State Based Ownership, Reentrance, and Encapsulation. In ECOOP (LNCS). https://doi.org/10.1007/11531142_17 Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Lars Birkedal, Thomas Dinsdale-Young., Armeal Gueneau, Guilhem Jaber, Kasper Svendsen, and Nikos Tzeverlekos. 2021. Theorems for Free from Separation Logic Specifications. In ICFP. https://doi.org/10.1145/3473586 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. C. Bräm, M. Eilers, P. Müller, R. Sierra, and A. J. Summers. 2021. Rich Specifications for Ethereum Smart Contract Verification. In Object-Oriented Programming Systems, Languages, and Applications (OOPSLA). https://doi.org/10.1145/3485523 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Torben Braüner. 2022. Hybrid Logic. In The Stanford Encyclopedia of Philosophy (Spring 2022 ed.), Edward N. Zalta (Ed.). Google ScholarGoogle Scholar
  8. James Brotherston, Diana Costa, Aquinas Hobor, and John Wickerson. 2020. Reasoning over Permissions Regions in Concurrent Separation Logic. In Computer Aided Verification. https://doi.org/10.1007/978-3-030-53291-8_13 Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Michele Bugliesi, Stefano Calzavara, Università Ca, Foscari Venezia, Fabienne Eigner, and Matteo Maffei. 2011. M.: Resource-Aware Authorization Policies for Statically Typed Cryptographic Protocols. In CSF’11. 83–98. https://doi.org/10.1109/CSF.2011.13 Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Adam Chlipala. 2019. Certified Programming with Dependent Types. http://adam.chlipala.net/cpdt/ Google ScholarGoogle Scholar
  11. David Clarke and Sophia Drossopoulou. 2002. Ownership, encapsulation and the disjointness of type and effect. In OOPSLA. https://doi.org/10.1145/583854.582447 Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. David G. Clarke, John M. Potter, and James Noble. 1998. Ownership Types for Flexible Alias Protection. In OOPSLA. ACM. https://doi.org/10.1145/286936.286947 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. David G. Clarke, John M. Potter, and James Noble. 2001. Simple Ownership Types for Object Containment. In ECOOP. https://doi.org/10.1007/3-540-45337-7_4 Google ScholarGoogle ScholarCross RefCross Ref
  14. Brooks Davis, Robert N. M. Watson, Alexander Richardson, Peter G. Neumann, Simon W. Moore, John Baldwin, David Chisnall, James Clarke, Nathaniel Wesley Filardo, Khilan Gudka, Alexandre Joannou, Ben Laurie, A. Theodore Markettos, J. Edward Maste, Alfredo Mazzinghi, Edward Tomasz Napierala, Robert M. Norton, Michael Roe, Peter Sewell, Stacey Son, and Jonathan Woodruff. 2019. CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment. In ASPLOS. ACM, 379–393. https://doi.org/10.1145/3297858.3304042 Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Edsko de Vries and Vasileios Koutavas. 2011. Reverse Hoare Logic. In Software Engineering and Formal Methods, Gilles Barthe, Alberto Pardo, and Gerardo Schneider (Eds.). "155–171". https://doi.org/10.1007/978-3-642-24690-6_12 Google ScholarGoogle ScholarCross RefCross Ref
  16. Dominique Devriese, Lars Birkedal, and Frank Piessens. 2016. Reasoning about Object Capabilities with Logical Relations and Effect Parametricity. In IEEE EuroS&P. 147–162. https://doi.org/10.1109/EuroSP.2016.22 Google ScholarGoogle ScholarCross RefCross Ref
  17. Christos Dimoulas, Scott Moore, Aslan Askarov, and Stephen Chong. 2014. Declarative Policies for Capability Control. In Computer Security Foundations Symposium (CSF). https://doi.org/10.1109/CSF.2014.9 Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Sophia Drossopoulou and James Noble. 2014. Towards Capability Policy Specification and Verification. §mall ecs.victoria.ac.nz/Main/TechnicalReportSeries Google ScholarGoogle Scholar
  19. Sophia Drossopoulou, James Noble, Julian Mackay, and Susan Eisenbach. 2020. Holisitic Specifications for Robust Programs - Coq Model. https://doi.org/10.5281/zenodo.3677621 Google ScholarGoogle ScholarCross RefCross Ref
  20. Sophia Drossopoulou, James Noble, Julian Mackay, and Susan Eisenbach. 2020. Holistic Specifications for Robust Programs. In FASE. 420–440. https://doi.org/10.1007/978-3-030-45234-6_21 Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Sophia Drossopoulou, James Noble, and Mark Miller. 2015. Swapsies on the Internet: First Steps towards Reasoning about Risk and Trust in an Open World. In (PLAS). https://doi.org/10.1145/2786558.2786564 Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Cédric Fournet, Andrew D. Gordon, and Sergio Maffeis. 2007. A Type Discipline for Authorization in Distributed Systems. In CSF. https://doi.org/10.1109/CSF.2007.7 Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. A.D. Gordon and A. Jeffrey. 2001. Authenticity by typing for security protocols. In Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001.. 145–159. https://doi.org/10.1109/CSFW.2001.930143 Google ScholarGoogle ScholarCross RefCross Ref
  24. Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, and Yoni Zohar. 2017. Online Detection of Effectively Callback Free Objects with Applications to Smart Contracts. https://doi.org/10.1145/3158136 Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. John Hatcliff, Gary T. Leavens, K. Rustan M. Leino, Peter Müller, and Matthew J. Parkinson. 2012. Behavioral interface specification languages. ACM Comput.Surv., 44, 3 (2012), 16. https://doi.org/10.1145/2187671.2187678 Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. C. A. R. Hoare. 1969. An Axiomatic Basis for Computer Programming. Comm. ACM, 12 (1969), 576–580. https://doi.org/10.1145/363235.363259 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Leslie Lamport. 2002. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Pearson. Google ScholarGoogle Scholar
  28. G. T. Leavens, E. Poll, C. Clifton, Y. Cheon, C. Ruby, D. R. Cok, P. Müller, J. Kiniry, and P. Chalin. 2007. JML Reference Manual. February, Iowa State Univ. www.jmlspecs.org Google ScholarGoogle Scholar
  29. K. R. Leino. 2010. Dafny: An Automatic Program Verifier for Functional Correctness. In LPAR16. Springer. https://doi.org/10.1007/978-3-642-17511-4_20 Google ScholarGoogle ScholarCross RefCross Ref
  30. K. Rustan M. Leino. 2013. Developing verified programs with dafny. In ICSE. 1488–1490. https://doi.org/10.1109/ICSE.2013.6606754 Google ScholarGoogle ScholarCross RefCross Ref
  31. K. Rustan M. Leino and Peter Müller. 2004. Object Invariants in Dynamic Contexts. In ECOOP. https://doi.org/10.1007/978-3-540-24851-4_22 Google ScholarGoogle ScholarCross RefCross Ref
  32. K. Rustan M. Leino and Wolfram Schulte. 2007. Using History Invariants to Verify Observers. In ESOP. https://doi.org/10.1007/978-3-540-71316-6_7 Google ScholarGoogle ScholarCross RefCross Ref
  33. David Lewis. 1973. Causation. Journal of Philosophy, 70, 17 (1973), https://doi.org/10.2307/2025310 Google ScholarGoogle ScholarCross RefCross Ref
  34. Julian Mackay, Sophia Drossopoulou, James Noble, and Susan Eisenbach. 2022. Necessity Specifications for Robustness and Appendices. Sep, https://doi.org/10.5281/zenodo.7087932 Google ScholarGoogle ScholarCross RefCross Ref
  35. Julian Mackay, Sophia Drossopoulou, James Noble, and Eisenbach Susan. 2022. Necessity Specifications for Robustness. Sep, https://doi.org/10.5281/zenodo.7087913 Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. S. Maffeis, J.C. Mitchell, and A. Taly. 2010. Object Capabilities and Isolation of Untrusted Web Applications. In Proc of IEEE Security and Privacy. https://doi.org/10.1109/SP.2010.16 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Bertrand Meyer. 1992. Applying "Design by Contract". Computer, 25, 10 (1992), 40–51. https://doi.org/10.1109/2.161279 Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Mark Samuel Miller. 2006. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. Ph. D. Dissertation. Baltimore, Maryland. Google ScholarGoogle Scholar
  39. Mark Samuel Miller. 2011. Secure Distributed Programming with Object-capabilities in JavaScript. Oct., Talk at Vrije Universiteit Brussel, mobicrant-talks.eventbrite.com Google ScholarGoogle Scholar
  40. Mark S. Miller, Tom Van Cutsem, and Bill Tulloh. 2013. Distributed Electronic Rights in JavaScript. In ESOP. https://doi.org/10.1007/978-3-642-37036-6_1 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Mark Samuel Miller, Chip Morningstar, and Bill Frantz. 2000. Capability-based Financial Instruments: From Object to Capabilities. In Financial Cryptography. Springer. https://doi.org/10.1007/3-540-45472-1_24 Google ScholarGoogle ScholarCross RefCross Ref
  42. Mark Samuel Miller, Mike Samuel, Ben Laurie, Ihab Awad, and Mike Stay. 2008. Safe active content in sanitized JavaScript. code.google.com/p/google-caja/ Google ScholarGoogle Scholar
  43. Scott Moore, Christos Dimoulas, Robert Bruce Findler, Matthew Flatt, and Stephen Chong. 2016. Extensible access control with authorization contracts. In OOPSLA, Eelco Visser and Yannis Smaragdakis (Eds.). https://doi.org/10.1145/3022671.2984021 Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Toby Murray. 2010. Analysing the Security Properties of Object-Capability Patterns. Ph. D. Dissertation. University of Oxford. Google ScholarGoogle Scholar
  45. Toby Murray, Daniel Matichuk, Matthew Brassil, Peter Gammie, and Gerwin Klein. 2013. Noninterference for Operating Systems kernels. In International Conference on Certified Programs and Proofs. https://doi.org/10.1007/978-3-642-35308-6_12 Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. James Noble, Robert Biddle, Ewan Tempero, Alex Potanin, and Dave Clarke. 2003. Towards a Model of Encapsulation. In IWACO. Google ScholarGoogle Scholar
  47. James Noble, John Potter, and Jan Vitek. 1998. Flexible Alias Protection. In ECOOP. https://doi.org/10.1007/BFb0054091 Google ScholarGoogle ScholarCross RefCross Ref
  48. Peter W. O’Hearn. 2019. Incorrectness Logic. https://doi.org/10.1145/3371078 Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Marco Patrignani and Deepak Garg. 2021. Robustly Safe Compilation, an Efficient Form of Secure Compilation. ACM Trans. Program. Lang. Syst., 43, 1 (2021), Article 1, Feb., issn:0164-0925 https://doi.org/10.1145/3436809 Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. D.J. Pearce and L.J. Groves. 2015. Designing a Verifying Compiler: Lessons Learned from Developing Whiley. Sci. Comput. Prog., https://doi.org/10.1016/j.scico.2015.09.006 Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Anton Permenev, Dimitar Dimitrov, Petar Tsankov, Dana Drachsler-Cohen, and Martin Vechev. 2020. VerX: Safety Verification of Smart Contracts. In IEEE Symp. on Security and Privacy. https://doi.org/10.1109/SP40000.2020.00024 Google ScholarGoogle ScholarCross RefCross Ref
  52. Azalea Raad, Josh Berdine, Hoang-Hai Dang, Derek Dreyer, Peter W. O’Hearn, and Jules Villard. 2020. Local Reasoning About the Presence of Bugs: Incorrectness Separation Logic. In CAV. https://doi.org/10.1007/978-3-030-53291-8_14 Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Michael Sammler, Deepak Garg, Derek Dreyer, and Tadeusz Litak. 2019. The High-Level Benefits of Low-Level Sandboxing. 4, POPL (2019), https://doi.org/10.1145/3371100 Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Ina Schaefer, Tobias Runge, Alexander Knüppel, Loek Cleophas, Derrick G. Kourie, and Bruce W. Watson. 2018. Towards Confidentiality-by-Construction. 502–515. https://doi.org/10.1007/978-3-030-03418-4_30 Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Alexander J. Summers and Sophia Drossopoulou. 2010. Considerate Reasoning and the Composite Pattern. In VMCAI. https://doi.org/10.1007/978-3-642-11319-2_24 Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. David Swasey, Deepak Garg, and Derek Dreyer. 2017. Robust and Compositional Verification of Object Capability Patterns. In OOPSLA. https://doi.org/10.1145/3133913 Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Thomas Van Strydonck, A∈a Linn Georges, Armaël Guéneau, Alix Trieu, Amin Timany, Frank Piessens, Lars Birkedal, and Dominique Devriese. 2022. Proving full-system security properties under multiple attacker models on capability machines. Google ScholarGoogle Scholar
  58. Jan Vitek and Boris Bokowski. 1999. Confined Types. In OOPLSA. https://doi.org/10.1145/320385.320392 Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Steve Zdancewic and Andrew C. Myers. 2001. Secure Information Flow and CPS. In ESOP (ESOP ’01). 46–61. isbn:3-540-41862-8 https://doi.org/10.1007/3-540-45309-1_4 Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. Necessity specifications for robustness

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Article Metrics

        • Downloads (Last 12 months)212
        • Downloads (Last 6 weeks)18

        Other Metrics

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!