Modular verification of security protocol code by typing

Karthikeyan Bhargavan; Cédric Fournet; Andrew D. Gordon

doi:10.1145/1706299.1706350

Modular verification of security protocol code by typing

Karthikeyan Bhargavan, Cédric Fournet, Andrew D. Gordon

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We propose a method for verifying the security of protocol implementations. Our method is based on declaring and enforcing invariants on the usage of cryptography. We develop cryptographic libraries that embed a logic model of their cryptographic structures and that specify preconditions and postconditions on their functions so as to maintain their invariants. We present a theory to justify the soundness of modular code verification via our method.

We implement the method for protocols coded in F# and verified using F7, our SMT-based typechecker for refinement types, that is, types carrying formulas to record invariants. As illustrated by a series of programming examples, our method can flexibly deal with a range of different cryptographic constructions and protocols.

We evaluate the method on a series of larger case studies of protocol code, previously checked using whole-program analyses based on ProVerif, a leading verifier for cryptographic protocols. Our results indicate that compositional verification by typechecking with refinement types is more scalable than the best domain-specific analysis currently available for cryptographic code.

Original language	English
Title of host publication	Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Place of Publication	New York, NY, USA
Publisher	ACM
Pages	445-456
Number of pages	12
ISBN (Print)	978-1-60558-479-9
DOIs	https://doi.org/10.1145/1706299.1706350
Publication status	Published - 2010

Keywords

f7, refinement type

Access to Document

10.1145/1706299.1706350

http://dl.acm.org/citation.cfm?doid=1706299.1706350

Cite this

@inproceedings{96d70e32a6164a5483a22ac31116623c,

title = "Modular verification of security protocol code by typing",

abstract = "We propose a method for verifying the security of protocol implementations. Our method is based on declaring and enforcing invariants on the usage of cryptography. We develop cryptographic libraries that embed a logic model of their cryptographic structures and that specify preconditions and postconditions on their functions so as to maintain their invariants. We present a theory to justify the soundness of modular code verification via our method.We implement the method for protocols coded in F# and verified using F7, our SMT-based typechecker for refinement types, that is, types carrying formulas to record invariants. As illustrated by a series of programming examples, our method can flexibly deal with a range of different cryptographic constructions and protocols.We evaluate the method on a series of larger case studies of protocol code, previously checked using whole-program analyses based on ProVerif, a leading verifier for cryptographic protocols. Our results indicate that compositional verification by typechecking with refinement types is more scalable than the best domain-specific analysis currently available for cryptographic code.",

keywords = "f7, refinement type",

author = "Karthikeyan Bhargavan and C{\'e}dric Fournet and Gordon, {Andrew D.}",

year = "2010",

doi = "10.1145/1706299.1706350",

language = "English",

isbn = "978-1-60558-479-9",

pages = "445--456",

booktitle = "Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages",

publisher = "ACM",

}

TY - GEN

T1 - Modular verification of security protocol code by typing

AU - Bhargavan, Karthikeyan

AU - Fournet, Cédric

AU - Gordon, Andrew D.

PY - 2010

Y1 - 2010

N2 - We propose a method for verifying the security of protocol implementations. Our method is based on declaring and enforcing invariants on the usage of cryptography. We develop cryptographic libraries that embed a logic model of their cryptographic structures and that specify preconditions and postconditions on their functions so as to maintain their invariants. We present a theory to justify the soundness of modular code verification via our method.We implement the method for protocols coded in F# and verified using F7, our SMT-based typechecker for refinement types, that is, types carrying formulas to record invariants. As illustrated by a series of programming examples, our method can flexibly deal with a range of different cryptographic constructions and protocols.We evaluate the method on a series of larger case studies of protocol code, previously checked using whole-program analyses based on ProVerif, a leading verifier for cryptographic protocols. Our results indicate that compositional verification by typechecking with refinement types is more scalable than the best domain-specific analysis currently available for cryptographic code.

AB - We propose a method for verifying the security of protocol implementations. Our method is based on declaring and enforcing invariants on the usage of cryptography. We develop cryptographic libraries that embed a logic model of their cryptographic structures and that specify preconditions and postconditions on their functions so as to maintain their invariants. We present a theory to justify the soundness of modular code verification via our method.We implement the method for protocols coded in F# and verified using F7, our SMT-based typechecker for refinement types, that is, types carrying formulas to record invariants. As illustrated by a series of programming examples, our method can flexibly deal with a range of different cryptographic constructions and protocols.We evaluate the method on a series of larger case studies of protocol code, previously checked using whole-program analyses based on ProVerif, a leading verifier for cryptographic protocols. Our results indicate that compositional verification by typechecking with refinement types is more scalable than the best domain-specific analysis currently available for cryptographic code.

KW - f7, refinement type

U2 - 10.1145/1706299.1706350

DO - 10.1145/1706299.1706350

M3 - Conference contribution

SN - 978-1-60558-479-9

SP - 445

EP - 456

BT - Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

PB - ACM

CY - New York, NY, USA

ER -

Modular verification of security protocol code by typing

Abstract

Keywords

Access to Document

Fingerprint

Cite this