Typechecking Higher-Order Security Libraries

We propose a flexible method for verifying the security of ML programs that use cryptography and recursive data structures. Our main applications are X.509 certificate chains, secure logs for multi-party games, and XML digital signatures. These applications are beyond the reach of automated cryptographic verifiers such as ProVerif, since they require some form of induction. They can be verified using refinement types (that is, types with embedded logical formulas, tracking security events). However, this entails replicating higher-order library functions and annotating each instance with its own logical pre- and postconditions. Instead, we equip higher-order functions with precise, yet reusable types that can refer to the pre- and post-conditions of their functional arguments, using generic logical predicates. We implement our method by extending the F7 typechecker with automated support for these predicates. We evaluate our approach experimentally by verifying a series of security libraries and protocols.

[1]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[2]  Manuel Fähndrich,et al.  Embedded contract languages , 2010, SAC '10.

[3]  Peng Ning,et al.  Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings , 2009, ESORICS.

[4]  Juan Chen,et al.  Enforcing Stateful Authorization and Information Flow Policies in Fine , 2010, ESOP.

[5]  Andrew D. Gordon,et al.  Proceedings of the 21st IEEE Computer Security Foundations Symposium, CSF 2008, Pittsburgh, Pennsylvania, USA, 23-25 June 2008 , 2008, CSF.

[6]  Jean Goubault-Larrecq,et al.  Cryptographic Protocol Analysis on Real C Code , 2005, VMCAI.

[7]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[8]  Matteo Maffei,et al.  Type-checking Implementations of Protocols Based on Zero-knowledge Proofs – Work in Progress – , 2009 .

[9]  Sagar Chaki,et al.  ASPIER: An Automated Framework for Verifying Security Protocol Implementations , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[10]  Donald E. Eastlake,et al.  XML-Signature Syntax and Processing , 2001, RFC.

[11]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[12]  Patrick Maxim Rondon,et al.  Liquid types , 2008, PLDI '08.

[13]  Andrew D. Gordon,et al.  Modular verification of security protocol code by typing , 2010, POPL '10.

[14]  Dana N. Xu Extended static checking for haskell , 2006, Haskell '06.

[15]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[16]  Juan Chen,et al.  Type-preserving compilation of end-to-end verification of security enforcement , 2010, PLDI '10.

[17]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[18]  Cédric Fournet,et al.  Cryptographic Protocol Synthesis and Verification for Multiparty Sessions , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[19]  Andrew D. Gordon,et al.  Verified Interoperable Implementations of Security Protocols , 2006, CSFW.

[20]  Nataliya Guts,et al.  Reliable Evidence: Auditability by Typing , 2009, ESORICS.

[21]  Yann Régis-Gianas,et al.  A Hoare Logic for Call-by-Value Functional Programs , 2008, MPC.

[22]  Mark Bartel,et al.  Xml-Signature Syntax and Processing , 2000 .

[23]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.