Secure distributed programming with value-dependent types

Question

1. What future works have the authors mentioned in the paper "Secure distributed programming with value-dependent types" ?

2. What are the contributions mentioned in the paper "Secure distributed programming with value-dependent types" ?

3. What type of automaton can the authors use to define a role process?

4. How can one verify a linear map program using standard provers?

Accepted Answer

In the remainder of this section, the authors briefly review further work based on F ? in a variety of contexts, complementing the results in this paper.. Their methodology involves a liberal use of higher-order logic, but, when specifications are structured in their prescribed style, the resulting higher-order verification conditions can be normalized and encoded in a first-order theory, e. g., in the logic provided by an automated solver like Z3.. As such, programmers in F ? have several complementary ways of verifying effectful programs, e. g., the linear maps of §2 for state, the session types of §5 for IO, and, also monadic F ? which can be used to precisely model a range of monadic effects including exceptions, state, IO, reactivity, etc. Verifying JavaScript programs.. Using a new refinement of the type dyn ( §2. 1 ), they show how JavaScript programs translated to F ? ( via a standard translation provided by Guha et al. ( 2010 ) ) can be given precise specifications and verified in a modular manner using monadic F ? ’ s verification condition ( VC ) generator combined with its encoding of higher-order VCs in Z3.

Accepted Answer

The authors present F ?, a full-fledged design and implementation of a new dependently typed language for secure distributed programming.. The authors prove type soundness ( with proofs mechanized in Coq ) and logical consistency for F ?.. The authors have programmed and verified nearly 50,000 lines of F ? including new schemes for multiparty sessions ; a zero-knowledge privacy-preserving payment protocol ; a provenance-aware curated database ; a suite of web-browser extensions verified for authorization properties ; a cloud-hosted multi-tier web application with a verified reference monitor ; the core F ? typechecker itself ; and programs translated to F ? from other languages such as F7 and JavaScript.

Accepted Answer

Using affine types, the authors can define a type for a role process, type role0::E⇒ A , where the parameter of the role is a type describing an automaton.

Accepted Answer

Since the assertion logic remains classical, linear map programs can be automatically verified using standard provers and SMT solvers.

Accepted Answer

The authors started out attempting to use the Coq code generator OTT of Sewell et al. (2010) to help reduce the gap between the formal and informal descriptions of their type system.

Accepted Answer

The interpretation of inductive types in the P fragment will be defined as the smallest fixpoint of a given operator over Rκ that the authors equip a structure of a complete lattice:Lemma 11 (Lattice structure of Rκ )

Accepted Answer

In conjunction with these, the authors provide two subsumption judgments, one each for a sub-kinding and a sub-typing relation, as well as two conversion judgments, equating kinds and types (respectively) that are related by reduction or by equations in the environment.

Accepted Answer

Ghost refinements have no impact on the representation of values, so they admit full structural subtyping, as illustrated by rules like (ST-Prod) which allow co- and contravariant subtyping on functions.

Accepted Answer

This modal operator ¡· serves to qualify the type of a closure that captures an affine assumption; the authors include ¡t in the formalism to avoid duplicating the rules for function arrows, but concretely the authors write affine function types as x:t >>t’ and ∀a::k >>t instead of ¡(x:t→ t ′) and ¡(∀a::κ.t).

Accepted Answer

For this reason, the values passed to type functions may use affine assumptions in the context Γ—the restrictions imposed by (OK-TK) ensure that such uses of affine assumptions at the type level cannot influence term-level reduction.

Accepted Answer

Multi-party sessions (Honda et al. 2008; Bhargavan et al. 2009; Deniélou & Yoshida 2011) offer a powerful method to structure and build distributed message-based applications when their message flow is fixed beforehand.

Secure distributed programming with value-dependent types

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What future works have the authors mentioned in the paper "Secure distributed programming with value-dependent types" ?

2. What are the contributions mentioned in the paper "Secure distributed programming with value-dependent types" ?

3. What type of automaton can the authors use to define a role process?

4. How can one verify a linear map program using standard provers?

5. What did the authors do to help reduce the gap between the formal and informal descriptions of their type system?

6. What is the meaning of the definition of inductive types in the P fragment?

7. What are the two judgments for sub-kinding and subtyping?

8. What is the meaning of the definition of a ghost refinement?

9. What is the modal operator for affine function types?

10. what is the affine assumption used in the definition of type functions?

11. What is the simplest way to structure and build distributed message-based applications?

Figures

Citations

Tools and Algorithms for the Construction and Analysis of Systems: 22nd International Conference, TACAS 2016 held as part of the european joint conferences on theory and practice of software, ETAPS 2016 Eindhoven, The Netherlands, April 2-8, 2016 proceedings

Dependent types and multi-monadic effects in F*

Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

Global Progress for Dynamically Interleaved Multiparty Sessions

Implementing TLS with Verified Cryptographic Security

References

Z3: an efficient SMT solver

Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing

Interactive Theorem Proving and Program Development

A sound type system for secure flow analysis

Towards a practical programming language based on dependent type theory

Related Papers (5)

Implementing TLS with Verified Cryptographic Security

Dafny: an automatic program verifier for functional correctness

The TAMARIN prover for the symbolic analysis of security protocols

Language Primitives and Type Discipline for Structured Communication-Based Programming

Security Policies and Security Models