security typed programming within dependently typed
play

Security-Typed Programming within Dependently-Typed Programming - PowerPoint PPT Presentation

Oct 16, 2023 •233 likes •860 views

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Security-Typed Programming Access control: who gets access to what? read a file play a song make an

  1. Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University

  2. Security-Typed Programming Access control: who gets access to what? read a file play a song make an FFI call Information flow: what can they do with it? post the file contents on a blog copy the mp3 save the result in a database Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 2

  3. Security-Typed Programming Access control: who gets access to what? read a file play a song make an FFI call Information flow: what do they do with it? post the file contents on a blog copy the mp3 save the result in a database Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 3

  4. Access Control Access control list (ACL) for /alice/secret.txt Read “/alice/secret.txt” Alice: rwad Bob: rw Admin: rlidwka Alice Desktop (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 4 Security-Typed Programming within DTP

  5. Access Control Access control list (ACL) for /alice/secret.txt Read “/alice/secret.txt” Alice: rwad Bob: rw Admin: rlidwka Alice Desktop Enforcement: Authentication + ACL lookup (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 4 Security-Typed Programming within DTP

  6. Decentralized Access Control Digital library Read “paper.pdf” • All students of members can read papers • CMU is a member Alice CMU • Alice is a student • Charlie is a student • … (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 5

  7. Decentralized Access Control Digital library Read “paper.pdf” • All students of members can read papers • CMU is a member Alice CMU • Alice is a student Need a mechanism to • Charlie is a student specify and enforce • … decentralized policies... (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 5

  8. Authorization Logic CMU Digital library • All students of • Alice is a student members can read • Charlie is a student papers • … • CMU is a member ACM says ∀ s:principal, CMU says student(Alice) ∀ i:principal, ∀ p:paper, (member(i) ⋀ i says student(s)) ⊃ MayRead(s, p) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 6

  9. Proof Carrying Authorization [Appel+Felten] Digital library Read “paper.pdf” • All students of members can read papers • CMU is a member Alice CMU • Alice is a student • Charlie is a student • … (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 7

  10. Proof Carrying Authorization [Appel+Felten] Digital library Read “paper.pdf” • All students of members can read papers • CMU is a member Alice p : mayread(Alice,paper.pdf) CMU • Alice is a student • Charlie is a student • … (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 7

  11. Proof Carrying Authorization Digital library Read “paper.pdf” Evidence OK? Alice p : mayread(Alice,paper.pdf) (Access granted) (Runtime error) (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 8

  12. Proof Carrying Authorization Digital library Read “paper.pdf” Evidence OK? Alice p : mayread(Alice,paper.pdf) (Access granted) (Runtime error) Can we ensure that runtime errors won’t happen? (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 8

  13. An API for PCA read : file → prin → proof → contents e.g. read(paper.pdf,Alice,p) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 9

  14. An API for PCA read : file → prin → proof → contents e.g. read(paper.pdf,Alice,p) p might not be a well-formed proof Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 9

  15. An API for PCA read : file → prin → proof → contents e.g. read(paper.pdf,Alice,p) p might not be a well-formed proof p might not be a proof of the right theorem! Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 9

  16. Dependent Types! read : (f : file) (k : prin) (p : proof(mayread(k,f)) → contents p is well-formed by typing theorem is explicit in p’s type Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 10

  17. Dependent PCA PCML5 [Avijit+Harper] Aura [Jia,Vaughn,Zdancewik,et al.] Fine [Swamy et. al] Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 11

  18. Dependent PCA 12,000 lines of Coq PCML5 [Avijit+Harper] Aura [Jia,Vaughn,Zdancewik,et al.] Fine [Swamy et. al] Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 11

  19. Dependent PCA 12,000 lines of Coq PCML5 [Avijit+Harper] Aura [Jia,Vaughn,Zdancewik,et al.] Fine [Swamy et. al] 20,000 lines of F# Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 11

  20. Can we do security-typed programming within an existing dependently-typed language ? Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 12

  21. Security-typed Programming in Agda 1.Representing an authorization logic 2.Compile-time and run-time theorem proving 3.Stateful and dynamic policies Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 13

  22. Security-typed Programming in Agda 1.Representing an authorization logic 2.Compile-time and run-time theorem proving 3.Stateful and dynamic policies Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 14

  23. BL0 [Garg+Pfenning] Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 15

  24. BL0 [Garg+Pfenning] Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 15

  25. BL0 [Garg+Pfenning] Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 15

  26. BL0 [Garg+Pfenning] Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 15

  27. Outline 1.Representing an authorization logic 2.Compile-time and run-time theorem proving 3.Stateful and dynamic policies Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 16

  28. Theorem Prover can be big and read(paper.pdf,Alice,p) difficult to write out Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 17

  29. Theorem Prover can be big and read(paper.pdf,Alice,p) difficult to write out We implemented a theorem prover: prove : ( Θ : Ctx) (A : Prop) → Maybe ( Θ ⊢ A) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 17

  30. Theorem Prover can be big and read(paper.pdf,Alice,p) difficult to write out We implemented a theorem prover: prove : ( Θ : Ctx) (A : Prop) → Maybe ( Θ ⊢ A) (n : nat) search depth Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 17

  31. Run-time Proving tryRead : ( Γ : Ctx) (p : prin)(f : file) → Maybe(string) tryRead Γ p f = case (prove 15 Γ Mayread(f,p)) of None => None Some proof => Some (read p f proof) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 18

  32. Run-time Proving tryRead : ( Γ : Ctx) (p : prin)(f : file) → Maybe(string) tryRead Γ p f = case (prove 15 Γ Mayread(f,p)) of None => None Some proof => Some (read p f proof) prove is fancy version of “look up in ACL” Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 18

  33. Run-time Proving prove : (n:nat) ( Θ : Ctx) (A : Prop) → Maybe ( Θ ⊢ A) tryRead : ( Γ : Ctx) (p : prin)(f : file) → Maybe(string) tryRead Γ p f = case (prove 15 Γ Mayread(f,p)) of None => None Some proof => Some (read p f proof) prove is fancy version of “look up in ACL” Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 18

  34. Compile-time Proving Γ pol a static (known at compile-time) policy: Γ pol = CMU says student(Alice) :: ACM says ∀ s:principal, ∀ i:principal, ∀ p:paper, (member(i) ⋀ i says student(s)) ⊃ MayRead(s, p) :: ... Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 19

  35. Compile-time Proving proof? : Maybe ( Γ pol ⊢ Mayread(Alice, paper.pdf)) proof? = prove 15 Γ pol (Mayread(Alice, paper.pdf)) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

  36. Compile-time Proving proof? : Maybe ( Γ pol ⊢ Mayread(Alice, paper.pdf)) proof? = prove 15 Γ pol (Mayread(Alice, paper.pdf)) Computes (defintional equality) to either None or Some(p) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

  37. Compile-time Proving proof? : Maybe ( Γ pol ⊢ Mayread(Alice, paper.pdf)) proof? = prove 15 Γ pol (Mayread(Alice, paper.pdf)) Computes (defintional equality) to either None or Some(p) theProof : Γ pol ⊢ Mayread(Alice, paper.pdf) theProof = getSome proof? Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

Recommend

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Supported by NSF CCF-0702381 and CNS-0716469 Security-Typed Programming Access control: who gets access

1.06k views • 79 slides
Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter Morris pwm@cs.nott.ac.uk University of Nottingham Generic Programming in a Dependently Typed Language p. 1/12 This talk We introduce a

599 views • 45 slides
Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers

Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers

Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers tekniska hgskola joint work with Simon Castellan, Imperial College Pierre Clairambault, ENS Lyon TYPES 2019 Oslo, 11-14 June . . . . . . . .

140 views • 12 slides
Super advanced functional programming Or: dependently-typed programming in Agda Dr. Dominic

Super advanced functional programming Or: dependently-typed programming in Agda Dr. Dominic

Super advanced functional programming Or: dependently-typed programming in Agda Dr. Dominic Mulligan Programming, Logic, and Semantics Group, University of Cambridge Part III, Advanced Functional Programming, March 2017 1 System F Very

130 views • 9 slides
LEARN DEPENDENTLY- TYPED PROGRAMMING WITH IDRIS WHO I AM @puffnfresh Tiny contributor to

LEARN DEPENDENTLY- TYPED PROGRAMMING WITH IDRIS WHO I AM @puffnfresh Tiny contributor to

LEARN DEPENDENTLY- TYPED PROGRAMMING WITH IDRIS WHO I AM @puffnfresh Tiny contributor to Idris (18 commits) Played with dependent types for 2 years Been doing Idris for 6 months ASSUMPTIONS Small experience with Haskell

739 views • 39 slides
Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of

Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of

Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of Cybernetics at TUT November 13, 2015 1 / 67 Outline The problem and motivation Different notions of finiteness Pragmatic finite subsets Approaches to

860 views • 57 slides
Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert

Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert

Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert Harper Karl Crary Frank Pfenning Greg Morrisett, Harvard 1 Domain-specific logics Type systems for reasoning about a specific application

985 views • 67 slides
Dependently-Typed Programming in Economic Modelling Cezar Ionescu (PIK) with Edwin Brady

Dependently-Typed Programming in Economic Modelling Cezar Ionescu (PIK) with Edwin Brady

DTP11, Nijmegen, 26-08-2011 Dependently-Typed Programming in Economic Modelling Cezar Ionescu (PIK) with Edwin Brady (University of St. Andrews) and members of the Cartesian Seminar at PIK DTP11, Nijmegen, 26-08-2011 PIK : Potsdam Institute

698 views • 22 slides
Scrapping Your Dependently- Typed Boilerplate is Hard Ahmad

Scrapping Your Dependently- Typed Boilerplate is Hard Ahmad

Scrapping Your Dependently- Typed Boilerplate is Hard Ahmad Salim Al-Sibahi Supervised by: Dr. Peter Sesto@ David R. ChrisCansen IT University of

422 views • 38 slides
Dependently-typed Programming in Scientific Computing Cezar Ionescu (Potsdam Institute for

Dependently-typed Programming in Scientific Computing Cezar Ionescu (Potsdam Institute for

IFL 2012, Oxford, September 1st, 2012 Dependently-typed Programming in Scientific Computing Cezar Ionescu (Potsdam Institute for Climate Impact Research) and Patrik Jansson (Chalmers University of Technology) IFL 2012, Oxford, September 1st,

858 views • 59 slides
A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer

A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer

A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer Science Bilgi University, Istanbul TYPES06 - Nottingham Lszl Nmeth A Dependently Typed Framework for Maintaining Invariants

434 views • 11 slides
A Translation-Based Animation of Specifications in a Dependently-Typed Lambda Calculus Mary

A Translation-Based Animation of Specifications in a Dependently-Typed Lambda Calculus Mary

A Translation-Based Animation of Specifications in a Dependently-Typed Lambda Calculus Mary Southern and Gopalan Nadathur Department of Computer Science and Engineering University of Minnesota Other Contributors: D. Baelde, Z. Snow The Context

417 views • 14 slides
Compiling Dependent Types Much recent focus on verified compilation of dependently typed

Compiling Dependent Types Much recent focus on verified compilation of dependently typed

CPS Translation of Dependent Types Amal Ahmed Northeastern University Work in progress, with Nick Rioux and William Bowman Compiling Dependent Types Much recent focus on verified compilation of dependently typed languages: Coqonut, CertiCoq

708 views • 44 slides
Dependently typed superposition in Lean Gabriel Ebner Matryoshka 2018 2018-06-27 TU Wien

Dependently typed superposition in Lean Gabriel Ebner Matryoshka 2018 2018-06-27 TU Wien

Dependently typed superposition in Lean Gabriel Ebner Matryoshka 2018 2018-06-27 TU Wien Introduction Calculus Implementation Conclusion 1 Lean Proof assistant based on dependent type theory terms, types, formulas, proofs are all

458 views • 33 slides
A Translation-Based Approach to Reasoning About Dependently Typed Specifications 1 Mary Southern

A Translation-Based Approach to Reasoning About Dependently Typed Specifications 1 Mary Southern

A Translation-Based Approach to Reasoning About Dependently Typed Specifications 1 Mary Southern Department of Computer Science and Engineering University of Minnesota Joint work with Kaustuv Chaudhuri, INRIA 1 Based on work which will be

571 views • 36 slides
A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto

A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto

A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto Takeyama April 16, 2003 (809) A Logical Framework with Dependently Typed Records Thierry Coquand, Slide 1 Robert Pollack, Makoto Takeyama April 16,

363 views • 13 slides
Unifiers as Equivalences Proof-Relevant Unification of Dependently Typed Data Jesper Cockx

Unifiers as Equivalences Proof-Relevant Unification of Dependently Typed Data Jesper Cockx

Unifiers as Equivalences Proof-Relevant Unification of Dependently Typed Data Jesper Cockx Dominique Devriese Frank Piessens 20 September 2016 data Vec ( A : Set ) : N Set where [] : Vec A zero cons : ( n : N ) A Vec A n Vec A

876 views • 77 slides
Dependently Typed Heaps https://github.com/brunjlar/heap About Me Lars Brnjes (PhD) (Pure)

Dependently Typed Heaps https://github.com/brunjlar/heap About Me Lars Brnjes (PhD) (Pure)

Dependently Typed Heaps https://github.com/brunjlar/heap About Me Lars Brnjes (PhD) (Pure) Mathematician, Lead Software Architect based in Regensburg, Germany Email: brunjlar@gmail.com Github: https://github.com/brunjlar Agenda -

508 views • 22 slides
Dependently Typed Grammars MPC 2010 Kasper Brink, Stefan Holdermans, Andres L oh June 22,

Dependently Typed Grammars MPC 2010 Kasper Brink, Stefan Holdermans, Andres L oh June 22,

Dependently Typed Grammars MPC 2010 Kasper Brink, Stefan Holdermans, Andres L oh June 22, 2010 Parser Combinators Expression Grammar E E B N | N B + | N 0 | 1 pExpr , pNum :: Parser Int pBin :: Parser (Int Int

848 views • 48 slides
LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami

LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami

LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami Boutros Background Label Distribution Protocol (LDP) [RFC5036] defines the general notion of a "Typed Wildcard Forwarding Equivalence Class

309 views • 6 slides
P ARTIAL T YPE E QUIVALENCES FOR V ERIFIED D EPENDENT I NTEROPERABILITY ( JOINT WORK WITH P.-E.

P ARTIAL T YPE E QUIVALENCES FOR V ERIFIED D EPENDENT I NTEROPERABILITY ( JOINT WORK WITH P.-E.

P ARTIAL T YPE E QUIVALENCES FOR V ERIFIED D EPENDENT I NTEROPERABILITY ( JOINT WORK WITH P.-E. D AGAND AND .T ANTER , ICFP16) Nicolas Tabareau Problem 1. Using a simply-typed library in a dependently-typed context. 2. Using a

434 views • 30 slides
FROM SYSTEM F TO TYPED ASSEMBLY LANGUAGE Greg Morrisett, David Walker, Karl Crary & Neal

FROM SYSTEM F TO TYPED ASSEMBLY LANGUAGE Greg Morrisett, David Walker, Karl Crary & Neal

FROM SYSTEM F TO TYPED ASSEMBLY LANGUAGE Greg Morrisett, David Walker, Karl Crary & Neal Glew TOPLAS 1999 Presentation by: Drew Zagieboylo/Matthew Milano TYPED ASSEMBLY LANGUAGE TYPED ASSEMBLY LANGUAGE TYPED ASSEMBLY LANGUAGE TYPED

654 views • 32 slides
. Well-Typed . The Haskell Consultants Multi-core with less pain Deterministic Parallel

. Well-Typed . The Haskell Consultants Multi-core with less pain Deterministic Parallel

. . Well-Typed . The Haskell Consultants Multi-core with less pain Deterministic Parallel Programming with Haskell Duncan Coutts December 2012, Tech Mesh . Well-Typed . Briefly about myself... Background in FP in academia and open source

1.66k views • 106 slides
Dynamically Typed Programming Languages Part 1: The Untyped -Calculus Jim Royer CIS 352

Dynamically Typed Programming Languages Part 1: The Untyped -Calculus Jim Royer CIS 352

Dynamically Typed Programming Languages Part 1: The Untyped -Calculus Jim Royer CIS 352 April 16, 2019 Royer Dynamically Typed Programming Languages 1 / 22 Reference Practical Foundations for Programming Languages, 2/e, Part VI:

408 views • 28 slides

More recommend