Proceedings of the 15th ACM conference on Computer and communications security
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Secure compilation of a multi-tier web language
Proceedings of the 4th international workshop on Types in language design and implementation
Type-Based Automated Verification of Authenticity in Cryptographic Protocols
ESOP '09 Proceedings of the 18th European Symposium on Programming Languages and Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
D3N: programming distributed computationin pocket switched networks
Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds
A cryptographic protocol compiler for multiparty sessions
Proceedings of the 2009 ACM SIGPLAN workshop on ML
CoSP: a general framework for computational soundness proofs
Proceedings of the 16th ACM conference on Computer and communications security
Dependent types from counterexamples
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Distributed programming with distributed authorization
Proceedings of the 5th ACM SIGPLAN workshop on Types in language design and implementation
Type-preserving compilation of end-to-end verification of security enforcement
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Reliable evidence: auditability by typing
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
PCAL: language support for proof-carrying authorization systems
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Semantic subtyping with an SMT solver
Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
Abstraction by set-membership: verifying security protocols and web services with databases
Proceedings of the 17th ACM conference on Computer and communications security
Computationally sound verification of source code
Proceedings of the 17th ACM conference on Computer and communications security
Symbolic security analysis of ruby-on-rails web applications
Proceedings of the 17th ACM conference on Computer and communications security
Refinement types for secure implementations
ACM Transactions on Programming Languages and Systems (TOPLAS)
A type system for access control views in object-oriented languages
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Ubiquitous verification of ubiquitous systems
SEUS'10 Proceedings of the 8th IFIP WG 10.2 international conference on Software technologies for embedded and ubiquitous systems
Verifying stateful programs with substructural state and hoare types
Proceedings of the 5th ACM workshop on Programming languages meets program verification
Singleton: a general-purpose dependently-typed assembly language
Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
RV'10 Proceedings of the First international conference on Runtime verification
A practical generic privacy language
ICISS'10 Proceedings of the 6th international conference on Information systems security
Typechecking higher-order security libraries
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
Type-based access control in data-centric systems
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Composable security analysis of OS services
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
HMC: verifying functional programs using abstract interpreters
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Maintaining database integrity with refinement types
Proceedings of the 25th European conference on Object-oriented programming
Secure distributed programming with value-dependent types
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Extracting and verifying cryptographic models from C protocol code by symbolic execution
Proceedings of the 18th ACM conference on Computer and communications security
Type-based automated verification of authenticity in asymmetric cryptographic protocols
ATVA'11 Proceedings of the 9th international conference on Automated technology for verification and analysis
Nested refinements: a logic for duck typing
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Self-certification: bootstrapping certified typecheckers in F* with Coq
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dsolve: safety verification via liquid types
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Formally-Based black-box monitoring of security protocols
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Enforcing stateful authorization and information flow policies in fine
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Proof-Carrying code in a session-typed process calculus
CPP'11 Proceedings of the First international conference on Certified Programs and Proofs
Union and intersection types for secure protocol implementations
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
CSolve: verifying c with liquid types
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Equality proofs and deferred type errors: a compiler pearl
Proceedings of the 17th ACM SIGPLAN international conference on Functional programming
Verifying cryptographic code in c: some experience and the csec challenge
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Computational verification of C protocol implementations by symbolic execution
Proceedings of the 2012 ACM conference on Computer and communications security
DKAL*: constructing executable specifications of authorization protocols
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
ZQL: a compiler for privacy-preserving data processing
SEC'13 Proceedings of the 22nd USENIX conference on Security
Journal of Computer Security - Foundational Aspects of Security
Hi-index | 0.00 |
We present the design and implementation of a typechecker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. The underlying type theory is a λ-calculus equipped with refinement types for expressing pre- and post-conditions within first-order logic. We derive formal cryptographic primitives and represent active adversaries within the type theory. Well-typed programs enjoy assertion-based security properties, with respect to a realistic threat model including key compromise. The implementation amounts to an enhanced typechecker for the general purpose functional language F#; typechecking generates verification conditions that are passed to an SMT solver. We describe a series of checked examples. This is the first tool to verify authentication properties of cryptographic protocols by typechecking their source code.