security typed programming within dependently typed
play

Security-Typed Programming within Dependently-Typed Programming - PowerPoint PPT Presentation

Aug 25, 2022 •256 likes •1.06k views

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Supported by NSF CCF-0702381 and CNS-0716469 Security-Typed Programming Access control: who gets access

  1. Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Supported by NSF CCF-0702381 and CNS-0716469

  2. Security-Typed Programming Access control: who gets access to what? read a file play a song make an FFI call Information flow: what can they do with it? post the file contents on a blog copy the mp3 save the result in a database Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 2

  3. Security-Typed Programming Access control: who gets access to what? read a file play a song make an FFI call Information flow: what can they do with it? post the file contents on a blog copy the mp3 save the result in a database Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 3

  4. Access Control Access control list (ACL) for secret.txt Read secret.txt Alice: r Bob: rw Alice Server (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 4

  5. Access Control Access control list (ACL) for secret.txt Read secret.txt Alice: r Bob: rw Alice Server Enforcement: Authentication + ACL lookup (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 4

  6. Decentralized Access Control Digital library Read paper.pdf • All students of members can read papers • CMU is a member Alice CMU • Alice is a student • Charlie is a student • … (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 5

  7. Decentralized Access Control Digital library Read paper.pdf • All students of members can read papers • CMU is a member Alice CMU • Alice is a student Need a mechanism to • Charlie is a student specify and enforce • … decentralized policies... (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 5

  8. Decentralized Access Control ACM says ∀ s:principal, Digital library ∀ i:principal, • All students of ∀ p:paper, members can read papers (member(i) ⋀ i says student(s)) • CMU is a member ⊃ MayRead(s, p) ... CMU • Alice is a student • Charlie is a student CMU says student(Alice) • … ... (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 6

  9. Proof Carrying Authorization [Appel+Felten] Digital library Read “paper.pdf” • All students of members can read papers • CMU is a member Alice CMU • Alice is a student • Charlie is a student • … (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 7

  10. Proof Carrying Authorization [Appel+Felten] Digital library Read “paper.pdf” • All students of members can read papers • CMU is a member Alice p : mayread(Alice,paper.pdf) CMU • Alice is a student • Charlie is a student • … (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 7

  11. Proof Carrying Authorization Read “paper.pdf” Proof OK? Alice p : mayread(Alice,paper.pdf) Access granted Runtime error Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 8

  12. Proof Carrying Authorization • ACM says ... Policy Read “paper.pdf” Proof OK? Alice p : mayread(Alice,paper.pdf) Access granted Runtime error Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 8

  13. Proof Carrying Authorization • ACM says ... Policy State Read “paper.pdf” Proof OK? Alice p : mayread(Alice,paper.pdf) Access granted Runtime error Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 8

  14. An API for PCA Digital library Read “paper.pdf” Alice p : mayread(Alice,paper.pdf) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 9

  15. An API for PCA read : prin → file → proof → contents Digital library Read “paper.pdf” Alice p : mayread(Alice,paper.pdf) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 9

  16. An API for PCA read : prin → file → proof → contents Digital library Read “paper.pdf” Alice p : mayread(Alice,paper.pdf) { read(Alice,paper.pdf,p) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 9

  17. An API for PCA read : prin → file → proof → contents e.g. read(Alice, paper.pdf,p) Problems: p might not be a well-formed proof p might not be a proof of the right theorem! Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 10

  18. Dependent Types! read : prin → file → proof → contents read : (k : prin) (f : file) (p : proof(mayread(k,f)) → contents Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 11

  19. Dependent Types! read : prin → file → proof → contents read : (k : prin) (f : file) (p : proof(mayread(k,f)) → contents typing ensures p is a well-formed proof theorem is explicit in p’s type Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 11

  20. Verification Spectrum static dynamic Predict the policy Prove consequences statically Do all proving at run-time Failures only if prediction was wrong Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 12

  21. Verification Spectrum Reuse proofs static dynamic for several API calls Predict the policy Prove consequences statically Do all proving at run-time Failures only if prediction was wrong Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 12

  22. Dependent PCA Several new languages: PCML5 [Avijit,Datta,Harper, TLDI’10] Aura [Jia,Vaughan,Zdancewic, et al., ICFP’08 ] Fine [Swamy,Chen,Chugh, ESOP’10] F7 [Gordon,Bengston,Bhargavan,Fournet,Maffeis, CSF’08] … Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 13

  23. This paper: We can do security-typed programming within an existing dependently-typed language Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 14

  24. Our library Supports programming as in PCML5 [Avijit,Datta,Harper, TLDI’10] Aura [Jia,Vaughan,Zdancewic, et al., ICFP’08 ] Fine [Swamy,Chen,Chugh, ESOP’10] F7 [Gordon,Bengston,Bhargavan,Fournet,Maffeis, CSF’08] … Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 15

  25. Aglet: Security-typed Programming in Agda 1.Representing an authorization logic 2.Compile-time and run-time theorem proving 3.Stateful and dynamic policies Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 16

  26. Aglet: Security-typed Programming in Agda 1.Representing an authorization logic 2.Compile-time and run-time theorem proving 3.Stateful and dynamic policies Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 17

  27. Dependent Types! read : file → prin → proof → contents read : (k : prin) (f : file) (p : proof(mayread(k,f)) → contents typing ensures p is a well-formed proof theorem is explicit in p’s type Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 18

  28. Representing BL 0 [Garg+Pfenning] says (Prin CMU, CMU says student(Alice) student(Prin Alice)) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 19

  29. Representing BL 0 [Garg+Pfenning] says (Prin CMU, CMU says student(Alice) student(Prin Alice)) data Propo where says : Principal → Propo → Propo ... Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 19

  30. Representing BL 0 [Garg+Pfenning] Sequent as indexed inductive definition: data _ ⊢ _ : Ctx → Propo → Type Γ ⊢ A Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

  31. Representing BL 0 [Garg+Pfenning] Sequent as indexed inductive definition: data _ ⊢ _ : Ctx → Propo → Type Γ ⊢ A Classifying only well-formed derivations: D D : Γ ⊢ A Γ ⊢ A Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

  32. Representing BL 0 [Garg+Pfenning] Sequent as indexed inductive definition: data _ ⊢ _ : Ctx → Propo → Type Γ ⊢ A Classifying only well-formed derivations: D D : Γ ⊢ A Γ ⊢ A Inference rules as datatype constructors: ⊃ R : ∀ { Γ A B} Γ , A ⊢ B → (A :: Γ ) ⊢ B Γ ⊢ A ⊃ B → Γ ⊢ (A ⊃ B) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

  33. Representing BL 0 [Garg+Pfenning] Sequent as indexed inductive definition: data _ ⊢ _ : Ctx → Propo → Type Γ ⊢ A Classifying only well-formed derivations: D D : Γ ⊢ A Γ ⊢ A Inference rules as datatype constructors: dependent ⊃ R : ∀ { Γ A B} Γ , A ⊢ B de Bruijn → (A :: Γ ) ⊢ B Γ ⊢ A ⊃ B indices → Γ ⊢ (A ⊃ B) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

  34. BL0 [Garg+Pfenning] Logic with says modality: CMU says student(Alice) principal we’re reasoning as k Ω ; Δ ; Γ → A individuals: claims: truth: x : τ k claims A A true Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 21

  35. Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 22

  36. Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 22

  37. Outline 1.Representing an authorization logic 2.Compile-time and run-time theorem proving 3.Stateful and dynamic policies Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 23

Recommend

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Security-Typed Programming Access control: who gets access to what? read a file play a song make an

860 views • 62 slides
Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter Morris pwm@cs.nott.ac.uk University of Nottingham Generic Programming in a Dependently Typed Language p. 1/12 This talk We introduce a

599 views • 45 slides
Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers

Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers

Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers tekniska hgskola joint work with Simon Castellan, Imperial College Pierre Clairambault, ENS Lyon TYPES 2019 Oslo, 11-14 June . . . . . . . .

140 views • 12 slides
Super advanced functional programming Or: dependently-typed programming in Agda Dr. Dominic

Super advanced functional programming Or: dependently-typed programming in Agda Dr. Dominic

Super advanced functional programming Or: dependently-typed programming in Agda Dr. Dominic Mulligan Programming, Logic, and Semantics Group, University of Cambridge Part III, Advanced Functional Programming, March 2017 1 System F Very

130 views • 9 slides
LEARN DEPENDENTLY- TYPED PROGRAMMING WITH IDRIS WHO I AM @puffnfresh Tiny contributor to

LEARN DEPENDENTLY- TYPED PROGRAMMING WITH IDRIS WHO I AM @puffnfresh Tiny contributor to

LEARN DEPENDENTLY- TYPED PROGRAMMING WITH IDRIS WHO I AM @puffnfresh Tiny contributor to Idris (18 commits) Played with dependent types for 2 years Been doing Idris for 6 months ASSUMPTIONS Small experience with Haskell

739 views • 39 slides
Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of

Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of

Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of Cybernetics at TUT November 13, 2015 1 / 67 Outline The problem and motivation Different notions of finiteness Pragmatic finite subsets Approaches to

860 views • 57 slides
Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert

Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert

Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert Harper Karl Crary Frank Pfenning Greg Morrisett, Harvard 1 Domain-specific logics Type systems for reasoning about a specific application

985 views • 67 slides
Dependently-Typed Programming in Economic Modelling Cezar Ionescu (PIK) with Edwin Brady

Dependently-Typed Programming in Economic Modelling Cezar Ionescu (PIK) with Edwin Brady

DTP11, Nijmegen, 26-08-2011 Dependently-Typed Programming in Economic Modelling Cezar Ionescu (PIK) with Edwin Brady (University of St. Andrews) and members of the Cartesian Seminar at PIK DTP11, Nijmegen, 26-08-2011 PIK : Potsdam Institute

698 views • 22 slides
Scrapping Your Dependently- Typed Boilerplate is Hard Ahmad

Scrapping Your Dependently- Typed Boilerplate is Hard Ahmad

Scrapping Your Dependently- Typed Boilerplate is Hard Ahmad Salim Al-Sibahi Supervised by: Dr. Peter Sesto@ David R. ChrisCansen IT University of

422 views • 38 slides
Dependently-typed Programming in Scientific Computing Cezar Ionescu (Potsdam Institute for

Dependently-typed Programming in Scientific Computing Cezar Ionescu (Potsdam Institute for

IFL 2012, Oxford, September 1st, 2012 Dependently-typed Programming in Scientific Computing Cezar Ionescu (Potsdam Institute for Climate Impact Research) and Patrik Jansson (Chalmers University of Technology) IFL 2012, Oxford, September 1st,

858 views • 59 slides
A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer

A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer

A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer Science Bilgi University, Istanbul TYPES06 - Nottingham Lszl Nmeth A Dependently Typed Framework for Maintaining Invariants

434 views • 11 slides
A Translation-Based Animation of Specifications in a Dependently-Typed Lambda Calculus Mary

A Translation-Based Animation of Specifications in a Dependently-Typed Lambda Calculus Mary

A Translation-Based Animation of Specifications in a Dependently-Typed Lambda Calculus Mary Southern and Gopalan Nadathur Department of Computer Science and Engineering University of Minnesota Other Contributors: D. Baelde, Z. Snow The Context

417 views • 14 slides
Compiling Dependent Types Much recent focus on verified compilation of dependently typed

Compiling Dependent Types Much recent focus on verified compilation of dependently typed

CPS Translation of Dependent Types Amal Ahmed Northeastern University Work in progress, with Nick Rioux and William Bowman Compiling Dependent Types Much recent focus on verified compilation of dependently typed languages: Coqonut, CertiCoq

708 views • 44 slides
Dependently typed superposition in Lean Gabriel Ebner Matryoshka 2018 2018-06-27 TU Wien

Dependently typed superposition in Lean Gabriel Ebner Matryoshka 2018 2018-06-27 TU Wien

Dependently typed superposition in Lean Gabriel Ebner Matryoshka 2018 2018-06-27 TU Wien Introduction Calculus Implementation Conclusion 1 Lean Proof assistant based on dependent type theory terms, types, formulas, proofs are all

458 views • 33 slides
A Translation-Based Approach to Reasoning About Dependently Typed Specifications 1 Mary Southern

A Translation-Based Approach to Reasoning About Dependently Typed Specifications 1 Mary Southern

A Translation-Based Approach to Reasoning About Dependently Typed Specifications 1 Mary Southern Department of Computer Science and Engineering University of Minnesota Joint work with Kaustuv Chaudhuri, INRIA 1 Based on work which will be

571 views • 36 slides
A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto

A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto

A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto Takeyama April 16, 2003 (809) A Logical Framework with Dependently Typed Records Thierry Coquand, Slide 1 Robert Pollack, Makoto Takeyama April 16,

363 views • 13 slides
Unifiers as Equivalences Proof-Relevant Unification of Dependently Typed Data Jesper Cockx

Unifiers as Equivalences Proof-Relevant Unification of Dependently Typed Data Jesper Cockx

Unifiers as Equivalences Proof-Relevant Unification of Dependently Typed Data Jesper Cockx Dominique Devriese Frank Piessens 20 September 2016 data Vec ( A : Set ) : N Set where [] : Vec A zero cons : ( n : N ) A Vec A n Vec A

876 views • 77 slides
Dependently Typed Heaps https://github.com/brunjlar/heap About Me Lars Brnjes (PhD) (Pure)

Dependently Typed Heaps https://github.com/brunjlar/heap About Me Lars Brnjes (PhD) (Pure)

Dependently Typed Heaps https://github.com/brunjlar/heap About Me Lars Brnjes (PhD) (Pure) Mathematician, Lead Software Architect based in Regensburg, Germany Email: brunjlar@gmail.com Github: https://github.com/brunjlar Agenda -

508 views • 22 slides
Dependently Typed Grammars MPC 2010 Kasper Brink, Stefan Holdermans, Andres L oh June 22,

Dependently Typed Grammars MPC 2010 Kasper Brink, Stefan Holdermans, Andres L oh June 22,

Dependently Typed Grammars MPC 2010 Kasper Brink, Stefan Holdermans, Andres L oh June 22, 2010 Parser Combinators Expression Grammar E E B N | N B + | N 0 | 1 pExpr , pNum :: Parser Int pBin :: Parser (Int Int

848 views • 48 slides
LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami

LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami

LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami Boutros Background Label Distribution Protocol (LDP) [RFC5036] defines the general notion of a "Typed Wildcard Forwarding Equivalence Class

309 views • 6 slides
P ARTIAL T YPE E QUIVALENCES FOR V ERIFIED D EPENDENT I NTEROPERABILITY ( JOINT WORK WITH P.-E.

P ARTIAL T YPE E QUIVALENCES FOR V ERIFIED D EPENDENT I NTEROPERABILITY ( JOINT WORK WITH P.-E.

P ARTIAL T YPE E QUIVALENCES FOR V ERIFIED D EPENDENT I NTEROPERABILITY ( JOINT WORK WITH P.-E. D AGAND AND .T ANTER , ICFP16) Nicolas Tabareau Problem 1. Using a simply-typed library in a dependently-typed context. 2. Using a

434 views • 30 slides
FROM SYSTEM F TO TYPED ASSEMBLY LANGUAGE Greg Morrisett, David Walker, Karl Crary & Neal

FROM SYSTEM F TO TYPED ASSEMBLY LANGUAGE Greg Morrisett, David Walker, Karl Crary & Neal

FROM SYSTEM F TO TYPED ASSEMBLY LANGUAGE Greg Morrisett, David Walker, Karl Crary & Neal Glew TOPLAS 1999 Presentation by: Drew Zagieboylo/Matthew Milano TYPED ASSEMBLY LANGUAGE TYPED ASSEMBLY LANGUAGE TYPED ASSEMBLY LANGUAGE TYPED

654 views • 32 slides
. Well-Typed . The Haskell Consultants Multi-core with less pain Deterministic Parallel

. Well-Typed . The Haskell Consultants Multi-core with less pain Deterministic Parallel

. . Well-Typed . The Haskell Consultants Multi-core with less pain Deterministic Parallel Programming with Haskell Duncan Coutts December 2012, Tech Mesh . Well-Typed . Briefly about myself... Background in FP in academia and open source

1.66k views • 106 slides
Dynamically Typed Programming Languages Part 1: The Untyped -Calculus Jim Royer CIS 352

Dynamically Typed Programming Languages Part 1: The Untyped -Calculus Jim Royer CIS 352

Dynamically Typed Programming Languages Part 1: The Untyped -Calculus Jim Royer CIS 352 April 16, 2019 Royer Dynamically Typed Programming Languages 1 / 22 Reference Practical Foundations for Programming Languages, 2/e, Part VI:

408 views • 28 slides

More recommend