• DocumentCode
    2009695
  • Title

    Refinement Types for Secure Implementations

  • Author

    Bengtson, Jesper ; Bhargavan, Karthikeyan ; Fournet, Cedric ; Gordon, Andrew D. ; Maffeis, Sergio

  • fYear
    2008
  • fDate
    23-25 June 2008
  • Firstpage
    17
  • Lastpage
    32
  • Abstract
    We present the design and implementation of a typechecker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. The underlying type theory is a λ-calculus equipped with re¿nement types for expressing pre- and post-conditions within ¿rst-order logic. We derive formal cryptographic primitives and represent active adversaries within the type theory. Well-typed programs enjoy assertion-based security properties, with respect to a realistic threat model including key compromise. The implementation amounts to an enhanced typechecker for the general purpose functional language F#; typechecking generates veri¿cation conditions that are passed to an SMT solver. We describe a series of checked examples. This is the ¿rst tool to verify authentication properties of cryptographic protocols by typechecking their source code.
  • Keywords
    Authentication; Authorization; Computer security; Cryptographic protocols; Cryptography; Educational institutions; Libraries; Logic programming; Mechanical factors; Surface-mount technology;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Symposium, 2008. CSF '08. IEEE 21st
  • Conference_Location
    Pittsburgh, PA, USA
  • ISSN
    1940-1434
  • Print_ISBN
    978-0-7695-3182-3
  • Type

    conf

  • DOI
    10.1109/CSF.2008.27
  • Filename
    4556676
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2009695