Implementing mathematics with the Nuprl proof development system
Implementing mathematics with the Nuprl proof development system
Logic and computation: interactive proof with Cambridge LCF
Logic and computation: interactive proof with Cambridge LCF
Information and Computation - Semantics of Data Types
Typechecking dependent types and subtypes
Lecture notes in computer science on Foundations of logic and functional programming
PLDI '91 Proceedings of the ACM SIGPLAN 1991 conference on Programming language design and implementation
Semantics of programming languages: structures and techniques
Semantics of programming languages: structures and techniques
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Reasoning about programs in continuation-passing style
Lisp and Symbolic Computation - Special issue on continuations—part I
Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
Subtypes for Specifications: Predicate Subtyping in PVS
IEEE Transactions on Software Engineering
Dependent types in practical programming
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A calculus for cryptographic protocols
Information and Computation
Secrecy by typing in security protocols
Journal of the ACM (JACM)
Using encryption for authentication in large networks of computers
Communications of the ACM
Protection in programming languages
Communications of the ACM
Theoretical Computer Science
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Information flow inference for ML
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Systematic Approach to Static Access Control
ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
A Mechanisation of Name-Carrying Syntax up to Alpha-Conversion
HUG '93 Proceedings of the 6th International Workshop on Higher Order Logic Theorem Proving and its Applications
Synthesizing Proofs from Programs in the Calculus of Inductive Constructions
MPC '95 Mathematics of Program Construction
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A Semantic Model for Authentication Protocols
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Java Security: From HotJava to Netscape and Beyond
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Authenticity by typing for security protocols
Journal of Computer Security - Special issue on CSFW14
A compositional logic for proving security properties of protocols
Journal of Computer Security - Special issue on CSFW14
Analyzing security protocols with secrecy types and logic programs
Journal of the ACM (JACM)
Simplify: a theorem prover for program checking
Journal of the ACM (JACM)
Secrecy despite compromise: types, cryptography, and the pi-calculus
CONCUR 2005 - Concurrency Theory
A Computationally Sound Mechanized Prover for Security Protocols
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Encoding Information Flow in Haskell
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Extended static checking for haskell
Proceedings of the 2006 ACM SIGPLAN workshop on Haskell
Access Control in a Core Calculus of Dependency
Electronic Notes in Theoretical Computer Science (ENTCS)
Protocol Composition Logic (PCL)
Electronic Notes in Theoretical Computer Science (ENTCS)
A bisimulation for dynamic sealing
Theoretical Computer Science
A Cryptographic Decentralized Label Model
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Do As I SaY! Programmatic Access Control with Explicit Identities
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
A Type Discipline for Authorization in Distributed Systems
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
A type discipline for authorization policies
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special Issue ESOP'05
Types and effects for asymmetric cryptographic protocols
Journal of Computer Security - Special issue on CSFW15
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Cryptographically sound implementations for typed information-flow security
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Refinement Types for Secure Implementations
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Fable: A Language for Enforcing User-defined Security Policies
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
A Hoare Logic for Call-by-Value Functional Programs
MPC '08 Proceedings of the 9th international conference on Mathematics of Program Construction
Verified interoperable implementations of security protocols
ACM Transactions on Programming Languages and Systems (TOPLAS)
Cryptographically verified implementations for TLS
Proceedings of the 15th ACM conference on Computer and communications security
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Secure compilation of a multi-tier web language
Proceedings of the 4th international workshop on Types in language design and implementation
Type-based data structure verification
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Cryptographic Protocol Synthesis and Verification for Multiparty Sessions
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
ASPIER: An Automated Framework for Verifying Security Protocol Implementations
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Achieving Security Despite Compromise Using Zero-knowledge
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Modular verification of security protocol code by typing
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Links: web programming without tiers
FMCO'06 Proceedings of the 5th international conference on Formal methods for components and objects
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Type-preserving compilation of end-to-end verification of security enforcement
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Reliable evidence: auditability by typing
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Computationally sound verification of source code
Proceedings of the 17th ACM conference on Computer and communications security
Typechecking higher-order security libraries
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
Cryptographically-Masked flows
SAS'06 Proceedings of the 13th international conference on Static Analysis
The spec# programming system: an overview
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
ESC/Java2: uniting ESC/Java and JML
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Cryptographic protocol analysis on real c code
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Security-typed languages for implementation of cryptographic protocols: a case study
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Enforcing stateful authorization and information flow policies in fine
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Proceedings of the 10th SIGPLAN symposium on New ideas, new paradigms, and reflections on programming and software
Hybrid contract checking via symbolic simplification
PEPM '12 Proceedings of the ACM SIGPLAN 2012 workshop on Partial evaluation and program manipulation
Formally based semi-automatic implementation of an open security protocol
Journal of Systems and Software
Automatically verifying typing constraints for a data processing language
CPP'11 Proceedings of the First international conference on Certified Programs and Proofs
Security protocol verification: symbolic and computational models
POST'12 Proceedings of the First international conference on Principles of Security and Trust
ESOP'13 Proceedings of the 22nd European conference on Programming Languages and Systems
Logical foundations of secure resource management in protocol implementations
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
The need for capability policies
Proceedings of the 15th Workshop on Formal Techniques for Java-like Programs
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
A formal methodology for integral security design and verification of network protocols
Journal of Systems and Software
Journal of Computer Security - Foundational Aspects of Security
Hi-index | 0.00 |
We present the design and implementation of a typechecker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. The underlying type theory is a λ-calculus equipped with refinement types for expressing pre- and post-conditions within first-order logic. We derive formal cryptographic primitives and represent active adversaries within the type theory. Well-typed programs enjoy assertion-based security properties, with respect to a realistic threat model including key compromise. The implementation amounts to an enhanced typechecker for the general-purpose functional language F#; typechecking generates verification conditions that are passed to an SMT solver. We describe a series of checked examples. This is the first tool to verify authentication properties of cryptographic protocols by typechecking their source code.