A sound type system for secure flow analysis
Journal of Computer Security
Information and Computation
Authenticity by typing for security protocols
Journal of Computer Security - Special issue on CSFW14
Interactive Theorem Proving and Program Development
Interactive Theorem Proving and Program Development
Multiparty asynchronous session types
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Authorization in trust management: Features and foundations
ACM Computing Surveys (CSUR)
Refinement Types for Secure Implementations
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Fable: A Language for Enforcing User-defined Security Policies
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Proceedings of the 15th ACM conference on Computer and communications security
Encoding information flow in Aura
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Cryptographic Protocol Synthesis and Verification for Multiparty Sessions
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Modular verification of security protocol code by typing
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Distributed programming with distributed authorization
Proceedings of the 5th ACM SIGPLAN workshop on Types in language design and implementation
Ott: Effective tool support for the working semanticist
Journal of Functional Programming
TYPES'06 Proceedings of the 2006 international conference on Types for proofs and programs
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Type-preserving compilation of end-to-end verification of security enforcement
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Reliable evidence: auditability by typing
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Dynamic multirole session types
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 5th ACM workshop on Programming languages meets program verification
Verifying stateful programs with substructural state and hoare types
Proceedings of the 5th ACM workshop on Programming languages meets program verification
Verified Security for Browser Extensions
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Enforcing stateful authorization and information flow policies in fine
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Cryptographic verification by typing for a sample protocol implementation
Foundations of security analysis and design VI
Self-certification: bootstrapping certified typecheckers in F* with Coq
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Hybrid contract checking via symbolic simplification
PEPM '12 Proceedings of the ACM SIGPLAN 2012 workshop on Partial evaluation and program manipulation
Proof-Carrying code in a session-typed process calculus
CPP'11 Proceedings of the First international conference on Certified Programs and Proofs
Multiparty session types meet communicating automata
ESOP'12 Proceedings of the 21st European conference on Programming Languages and Systems
Security protocol verification: symbolic and computational models
POST'12 Proceedings of the First international conference on Principles of Security and Trust
A core calculus for provenance
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Taking satisfiability to the next level with z3
IJCAR'12 Proceedings of the 6th international joint conference on Automated Reasoning
Dependently typed programming with singletons
Proceedings of the 2012 Haskell Symposium
Transporting functions across ornaments
Proceedings of the 17th ACM SIGPLAN international conference on Functional programming
Equality proofs and deferred type errors: a compiler pearl
Proceedings of the 17th ACM SIGPLAN international conference on Functional programming
Fully abstract compilation to JavaScript
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
HALO: haskell to logic through denotational semantics
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
DKAL*: constructing executable specifications of authorization protocols
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
ESOP'13 Proceedings of the 22nd European conference on Programming Languages and Systems
Higher-Order processes, functions, and sessions: a monadic integration
ESOP'13 Proceedings of the 22nd European conference on Programming Languages and Systems
Proved generation of implementations from computationally secure protocol specifications
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Logical foundations of secure resource management in protocol implementations
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Rely-guarantee references for refinement types over aliased mutable data
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Faceted execution of policy-agnostic programs
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
Verifying higher-order programs with the dijkstra monad
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Programming with permissions in Mezzo
Proceedings of the 18th ACM SIGPLAN international conference on Functional programming
A multivalued language with a dependent type system
Proceedings of the 2013 ACM SIGPLAN workshop on Dependently-typed programming
Proceedings of the 15th Symposium on Principles and Practice of Declarative Programming
Automating theorem proving with SMT
ITP'13 Proceedings of the 4th international conference on Interactive Theorem Proving
ZQL: a compiler for privacy-preserving data processing
SEC'13 Proceedings of the 22nd USENIX conference on Security
Probabilistic relational verification for cryptographic implementations
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Combining proofs and programs in a dependently typed language
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Gradual typing embedded securely in JavaScript
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
A core calculus for provenance
Journal of Computer Security - Security and Trust Principles
Journal of Computer Security - Foundational Aspects of Security
Hi-index | 0.02 |
Distributed applications are difficult to program reliably and securely. Dependently typed functional languages promise to prevent broad classes of errors and vulnerabilities, and to enable program verification to proceed side-by-side with development. However, as recursion, effects, and rich libraries are added, using types to reason about programs, specifications, and proofs becomes challenging. We present F*, a full-fledged design and implementation of a new dependently typed language for secure distributed programming. Unlike prior languages, F* provides arbitrary recursion while maintaining a logically consistent core; it enables modular reasoning about state and other effects using affine types; and it supports proofs of refinement properties using a mixture of cryptographic evidence and logical proof terms. The key mechanism is a new kind system that tracks several sub-languages within F* and controls their interaction. F* subsumes two previous languages, F7 and Fine. We prove type soundness (with proofs mechanized in Coq) and logical consistency for F*. We have implemented a compiler that translates F* to .NET bytecode, based on a prototype for Fine. F* provides access to libraries for concurrency, networking, cryptography, and interoperability with C#, F#, and the other .NET languages. The compiler produces verifiable binaries with 60% code size overhead for proofs and types, as much as a 45x improvement over the Fine compiler, while still enabling efficient bytecode verification. To date, we have programmed and verified more than 20,000 lines of F* including (1) new schemes for multi-party sessions; (2) a zero-knowledge privacy-preserving payment protocol; (3) a provenance-aware curated database; (4) a suite of 17 web-browser extensions verified for authorization properties; and (5) a cloud-hosted multi-tier web application with a verified reference monitor.