Abstract
Robust modules guarantee to do only what they are supposed to do – even in the presence of untrusted malicious clients, and considering not just the direct behaviour of individual methods, but also the emergent behaviour from calls to more than one method. Necessity is a language for specifying robustness, based on novel necessity operators capturing temporal implication, and a proof logic that derives explicit robustness specifications from functional specifications. Soundness and an exemplar proof are mechanised in Coq.
- Elvira Albert, Shelly Grossman, Noam Rinetzky, Clara Rodríguez-Núñez, Albert Rubio, and Mooly Sagiv. 2020. Taming Callbacks for Smart Contract Modularity. https://doi.org/10.1145/3428277
Google Scholar
Digital Library
- Tzanis Anevlavis, Matthew Philippe, Daniel Neider, and Paulo Tabuada. 2022. Being Correct Is Not Enough: Efficient Verification Using Robust Linear Temporal Logic. ACM Trans. Comp. Log., 23, 2 (2022), 8:1–8:39. https://doi.org/10.1145/3491216
Google Scholar
Digital Library
- Anindya Banerjee and David A. Naumann. 2005. Ownership Confinement Ensures Representation Independence for Object-oriented Programs. J. ACM, 52 (2005), 894–960. https://doi.org/10.1145/1101821.1101824
Google Scholar
Digital Library
- Anindya Banerjee and David A. Naumann. 2005. State Based Ownership, Reentrance, and Encapsulation. In ECOOP (LNCS). https://doi.org/10.1007/11531142_17
Google Scholar
Digital Library
- Lars Birkedal, Thomas Dinsdale-Young., Armeal Gueneau, Guilhem Jaber, Kasper Svendsen, and Nikos Tzeverlekos. 2021. Theorems for Free from Separation Logic Specifications. In ICFP. https://doi.org/10.1145/3473586
Google Scholar
Digital Library
- C. Bräm, M. Eilers, P. Müller, R. Sierra, and A. J. Summers. 2021. Rich Specifications for Ethereum Smart Contract Verification. In Object-Oriented Programming Systems, Languages, and Applications (OOPSLA). https://doi.org/10.1145/3485523
Google Scholar
Digital Library
- Torben Braüner. 2022. Hybrid Logic. In The Stanford Encyclopedia of Philosophy (Spring 2022 ed.), Edward N. Zalta (Ed.).
Google Scholar
- James Brotherston, Diana Costa, Aquinas Hobor, and John Wickerson. 2020. Reasoning over Permissions Regions in Concurrent Separation Logic. In Computer Aided Verification. https://doi.org/10.1007/978-3-030-53291-8_13
Google Scholar
Digital Library
- Michele Bugliesi, Stefano Calzavara, Università Ca, Foscari Venezia, Fabienne Eigner, and Matteo Maffei. 2011. M.: Resource-Aware Authorization Policies for Statically Typed Cryptographic Protocols. In CSF’11. 83–98. https://doi.org/10.1109/CSF.2011.13
Google Scholar
Digital Library
- Adam Chlipala. 2019. Certified Programming with Dependent Types. http://adam.chlipala.net/cpdt/
Google Scholar
- David Clarke and Sophia Drossopoulou. 2002. Ownership, encapsulation and the disjointness of type and effect. In OOPSLA. https://doi.org/10.1145/583854.582447
Google Scholar
Digital Library
- David G. Clarke, John M. Potter, and James Noble. 1998. Ownership Types for Flexible Alias Protection. In OOPSLA. ACM. https://doi.org/10.1145/286936.286947
Google Scholar
Digital Library
- David G. Clarke, John M. Potter, and James Noble. 2001. Simple Ownership Types for Object Containment. In ECOOP. https://doi.org/10.1007/3-540-45337-7_4
Google Scholar
Cross Ref
- Brooks Davis, Robert N. M. Watson, Alexander Richardson, Peter G. Neumann, Simon W. Moore, John Baldwin, David Chisnall, James Clarke, Nathaniel Wesley Filardo, Khilan Gudka, Alexandre Joannou, Ben Laurie, A. Theodore Markettos, J. Edward Maste, Alfredo Mazzinghi, Edward Tomasz Napierala, Robert M. Norton, Michael Roe, Peter Sewell, Stacey Son, and Jonathan Woodruff. 2019. CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment. In ASPLOS. ACM, 379–393. https://doi.org/10.1145/3297858.3304042
Google Scholar
Digital Library
- Edsko de Vries and Vasileios Koutavas. 2011. Reverse Hoare Logic. In Software Engineering and Formal Methods, Gilles Barthe, Alberto Pardo, and Gerardo Schneider (Eds.). "155–171". https://doi.org/10.1007/978-3-642-24690-6_12
Google Scholar
Cross Ref
- Dominique Devriese, Lars Birkedal, and Frank Piessens. 2016. Reasoning about Object Capabilities with Logical Relations and Effect Parametricity. In IEEE EuroS&P. 147–162. https://doi.org/10.1109/EuroSP.2016.22
Google Scholar
Cross Ref
- Christos Dimoulas, Scott Moore, Aslan Askarov, and Stephen Chong. 2014. Declarative Policies for Capability Control. In Computer Security Foundations Symposium (CSF). https://doi.org/10.1109/CSF.2014.9
Google Scholar
Digital Library
- Sophia Drossopoulou and James Noble. 2014. Towards Capability Policy Specification and Verification. §mall ecs.victoria.ac.nz/Main/TechnicalReportSeries
Google Scholar
- Sophia Drossopoulou, James Noble, Julian Mackay, and Susan Eisenbach. 2020. Holisitic Specifications for Robust Programs - Coq Model. https://doi.org/10.5281/zenodo.3677621
Google Scholar
Cross Ref
- Sophia Drossopoulou, James Noble, Julian Mackay, and Susan Eisenbach. 2020. Holistic Specifications for Robust Programs. In FASE. 420–440. https://doi.org/10.1007/978-3-030-45234-6_21
Google Scholar
Digital Library
- Sophia Drossopoulou, James Noble, and Mark Miller. 2015. Swapsies on the Internet: First Steps towards Reasoning about Risk and Trust in an Open World. In (PLAS). https://doi.org/10.1145/2786558.2786564
Google Scholar
Digital Library
- Cédric Fournet, Andrew D. Gordon, and Sergio Maffeis. 2007. A Type Discipline for Authorization in Distributed Systems. In CSF. https://doi.org/10.1109/CSF.2007.7
Google Scholar
Digital Library
- A.D. Gordon and A. Jeffrey. 2001. Authenticity by typing for security protocols. In Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001.. 145–159. https://doi.org/10.1109/CSFW.2001.930143
Google Scholar
Cross Ref
- Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, and Yoni Zohar. 2017. Online Detection of Effectively Callback Free Objects with Applications to Smart Contracts. https://doi.org/10.1145/3158136
Google Scholar
Digital Library
- John Hatcliff, Gary T. Leavens, K. Rustan M. Leino, Peter Müller, and Matthew J. Parkinson. 2012. Behavioral interface specification languages. ACM Comput.Surv., 44, 3 (2012), 16. https://doi.org/10.1145/2187671.2187678
Google Scholar
Digital Library
- C. A. R. Hoare. 1969. An Axiomatic Basis for Computer Programming. Comm. ACM, 12 (1969), 576–580. https://doi.org/10.1145/363235.363259
Google Scholar
Digital Library
- Leslie Lamport. 2002. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Pearson.
Google Scholar
- G. T. Leavens, E. Poll, C. Clifton, Y. Cheon, C. Ruby, D. R. Cok, P. Müller, J. Kiniry, and P. Chalin. 2007. JML Reference Manual. February, Iowa State Univ. www.jmlspecs.org
Google Scholar
- K. R. Leino. 2010. Dafny: An Automatic Program Verifier for Functional Correctness. In LPAR16. Springer. https://doi.org/10.1007/978-3-642-17511-4_20
Google Scholar
Cross Ref
- K. Rustan M. Leino. 2013. Developing verified programs with dafny. In ICSE. 1488–1490. https://doi.org/10.1109/ICSE.2013.6606754
Google Scholar
Cross Ref
- K. Rustan M. Leino and Peter Müller. 2004. Object Invariants in Dynamic Contexts. In ECOOP. https://doi.org/10.1007/978-3-540-24851-4_22
Google Scholar
Cross Ref
- K. Rustan M. Leino and Wolfram Schulte. 2007. Using History Invariants to Verify Observers. In ESOP. https://doi.org/10.1007/978-3-540-71316-6_7
Google Scholar
Cross Ref
- David Lewis. 1973. Causation. Journal of Philosophy, 70, 17 (1973), https://doi.org/10.2307/2025310
Google Scholar
Cross Ref
- Julian Mackay, Sophia Drossopoulou, James Noble, and Susan Eisenbach. 2022. Necessity Specifications for Robustness and Appendices. Sep, https://doi.org/10.5281/zenodo.7087932
Google Scholar
Cross Ref
- Julian Mackay, Sophia Drossopoulou, James Noble, and Eisenbach Susan. 2022. Necessity Specifications for Robustness. Sep, https://doi.org/10.5281/zenodo.7087913
Google Scholar
Digital Library
- S. Maffeis, J.C. Mitchell, and A. Taly. 2010. Object Capabilities and Isolation of Untrusted Web Applications. In Proc of IEEE Security and Privacy. https://doi.org/10.1109/SP.2010.16
Google Scholar
Digital Library
- Bertrand Meyer. 1992. Applying "Design by Contract". Computer, 25, 10 (1992), 40–51. https://doi.org/10.1109/2.161279
Google Scholar
Digital Library
- Mark Samuel Miller. 2006. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. Ph. D. Dissertation. Baltimore, Maryland.
Google Scholar
- Mark Samuel Miller. 2011. Secure Distributed Programming with Object-capabilities in JavaScript. Oct., Talk at Vrije Universiteit Brussel, mobicrant-talks.eventbrite.com
Google Scholar
- Mark S. Miller, Tom Van Cutsem, and Bill Tulloh. 2013. Distributed Electronic Rights in JavaScript. In ESOP. https://doi.org/10.1007/978-3-642-37036-6_1
Google Scholar
Digital Library
- Mark Samuel Miller, Chip Morningstar, and Bill Frantz. 2000. Capability-based Financial Instruments: From Object to Capabilities. In Financial Cryptography. Springer. https://doi.org/10.1007/3-540-45472-1_24
Google Scholar
Cross Ref
- Mark Samuel Miller, Mike Samuel, Ben Laurie, Ihab Awad, and Mike Stay. 2008. Safe active content in sanitized JavaScript. code.google.com/p/google-caja/
Google Scholar
- Scott Moore, Christos Dimoulas, Robert Bruce Findler, Matthew Flatt, and Stephen Chong. 2016. Extensible access control with authorization contracts. In OOPSLA, Eelco Visser and Yannis Smaragdakis (Eds.). https://doi.org/10.1145/3022671.2984021
Google Scholar
Digital Library
- Toby Murray. 2010. Analysing the Security Properties of Object-Capability Patterns. Ph. D. Dissertation. University of Oxford.
Google Scholar
- Toby Murray, Daniel Matichuk, Matthew Brassil, Peter Gammie, and Gerwin Klein. 2013. Noninterference for Operating Systems kernels. In International Conference on Certified Programs and Proofs. https://doi.org/10.1007/978-3-642-35308-6_12
Google Scholar
Digital Library
- James Noble, Robert Biddle, Ewan Tempero, Alex Potanin, and Dave Clarke. 2003. Towards a Model of Encapsulation. In IWACO.
Google Scholar
- James Noble, John Potter, and Jan Vitek. 1998. Flexible Alias Protection. In ECOOP. https://doi.org/10.1007/BFb0054091
Google Scholar
Cross Ref
- Peter W. O’Hearn. 2019. Incorrectness Logic. https://doi.org/10.1145/3371078
Google Scholar
Digital Library
- Marco Patrignani and Deepak Garg. 2021. Robustly Safe Compilation, an Efficient Form of Secure Compilation. ACM Trans. Program. Lang. Syst., 43, 1 (2021), Article 1, Feb., issn:0164-0925 https://doi.org/10.1145/3436809
Google Scholar
Digital Library
- D.J. Pearce and L.J. Groves. 2015. Designing a Verifying Compiler: Lessons Learned from Developing Whiley. Sci. Comput. Prog., https://doi.org/10.1016/j.scico.2015.09.006
Google Scholar
Digital Library
- Anton Permenev, Dimitar Dimitrov, Petar Tsankov, Dana Drachsler-Cohen, and Martin Vechev. 2020. VerX: Safety Verification of Smart Contracts. In IEEE Symp. on Security and Privacy. https://doi.org/10.1109/SP40000.2020.00024
Google Scholar
Cross Ref
- Azalea Raad, Josh Berdine, Hoang-Hai Dang, Derek Dreyer, Peter W. O’Hearn, and Jules Villard. 2020. Local Reasoning About the Presence of Bugs: Incorrectness Separation Logic. In CAV. https://doi.org/10.1007/978-3-030-53291-8_14
Google Scholar
Digital Library
- Michael Sammler, Deepak Garg, Derek Dreyer, and Tadeusz Litak. 2019. The High-Level Benefits of Low-Level Sandboxing. 4, POPL (2019), https://doi.org/10.1145/3371100
Google Scholar
Digital Library
- Ina Schaefer, Tobias Runge, Alexander Knüppel, Loek Cleophas, Derrick G. Kourie, and Bruce W. Watson. 2018. Towards Confidentiality-by-Construction. 502–515. https://doi.org/10.1007/978-3-030-03418-4_30
Google Scholar
Digital Library
- Alexander J. Summers and Sophia Drossopoulou. 2010. Considerate Reasoning and the Composite Pattern. In VMCAI. https://doi.org/10.1007/978-3-642-11319-2_24
Google Scholar
Digital Library
- David Swasey, Deepak Garg, and Derek Dreyer. 2017. Robust and Compositional Verification of Object Capability Patterns. In OOPSLA. https://doi.org/10.1145/3133913
Google Scholar
Digital Library
- Thomas Van Strydonck, A∈a Linn Georges, Armaël Guéneau, Alix Trieu, Amin Timany, Frank Piessens, Lars Birkedal, and Dominique Devriese. 2022. Proving full-system security properties under multiple attacker models on capability machines.
Google Scholar
- Jan Vitek and Boris Bokowski. 1999. Confined Types. In OOPLSA. https://doi.org/10.1145/320385.320392
Google Scholar
Digital Library
- Steve Zdancewic and Andrew C. Myers. 2001. Secure Information Flow and CPS. In ESOP (ESOP ’01). 46–61. isbn:3-540-41862-8 https://doi.org/10.1007/3-540-45309-1_4
Google Scholar
Cross Ref
Index Terms
Necessity specifications for robustness
Recommendations
A Specification Translation from Behavioral Specifications to Rewrite Specifications
There are two ways to describe a state machine as an algebraic specification: a behavioral specification and a rewrite specification. In this study, we propose a translation system from behavioral specifications to rewrite specifications to obtain a ...






Comments